Merge "Update AAI chart to include v14 URIs for MSB"
diff --git a/docs/onap_values.yaml b/docs/onap_values.yaml
deleted file mode 100644
index 663b05f..0000000
--- a/docs/onap_values.yaml
+++ /dev/null
@@ -1,104 +0,0 @@
-#################################################################
-# Global configuration overrides.
-#
-# These overrides will affect all helm charts (ie. applications)
-# that are listed below and are 'enabled'.
-#################################################################
-global:
-  # Change to an unused port prefix range to prevent port conflicts
-  # with other instances running within the same k8s cluster
-  nodePortPrefix: 302
-
-  # image repositories
-  repository: nexus3.onap.org:10001
-  repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
-  # readiness check
-  readinessRepository: oomk8s
-  # logging agent
-  loggingRepository: docker.elastic.co
-
-  # image pull policy
-  pullPolicy: Always
-
-  # default mount path root directory referenced
-  # by persistent volumes and log files
-  persistence:
-    mountPath: /dockerdata-nfs
-
-  # flag to enable debugging - application support required
-  debugEnabled: false
-
-
-#################################################################
-# Enable/disable and configure helm charts (ie. applications)
-# to customize the ONAP deployment.
-#################################################################
-aaf:
-  enabled: true
-aai:
-  enabled: true
-appc:
-  enabled: true
-clamp:
-  enabled: true
-cli:
-  enabled: true
-consul: # Consul Health Check Monitoring
-  enabled: true
-dcaegen2:
-  enabled: true
-esr:
-  enabled: true
-log: # ONAP Logging ElasticStack
-  enabled: true
-message-router:
-  enabled: true
-mock:
-  enabled: true
-msb:
-  enabled: true
-multicloud:
-  enabled: true
-policy:
-  enabled: true
-portal:
-  enabled: true
-robot: # Robot Health Check
-  enabled: true
-sdc:
-  enabled: true
-sdnc:
-  enabled: true
-so: # Service Orchestrator
-  enabled: true
-
-  replicaCount: 1
-
-  liveness:
-    # necessary to disable liveness probe when setting breakpoints
-    # in debugger so K8s doesn't restart unresponsive container
-    enabled: true
-
-  # so server configuration
-  config:
-    # message router configuration
-    dmaapTopic: "AUTO"
-    # openstack configuration
-    openStackUserName: "vnf_user"
-    openStackRegion: "RegionOne"
-    openStackKeyStoneUrl: "http://1.2.3.4:5000"
-    openStackServiceTenantName: "service"
-    openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
-
-  # configure embedded mariadb
-  mariadb:
-    config:
-      mariadbRootPassword: password
-uui:
-  enabled: true
-vfc:
-  enabled: true
-vid:
-  enabled: true
-vnfsdk:
-  enabled: true
diff --git a/docs/oom_cloud_setup_guide.rst b/docs/oom_cloud_setup_guide.rst
index 4fe943c..9fb3ab7 100644
--- a/docs/oom_cloud_setup_guide.rst
+++ b/docs/oom_cloud_setup_guide.rst
@@ -45,34 +45,33 @@
 
 .. table:: OOM Software Requirements
 
-  ==============     ==========  =====  =======  ========
-  Release            Kubernetes  Helm   kubectl  Docker
-  ==============     ==========  =====  =======  ========
-  amsterdam          1.7.x       2.3.x  1.7.x    1.12.x
-  beijing            1.8.10      2.8.2  1.8.10   17.03.x
-  casablanca/master  1.8.10      2.9.1  1.8.10   17.03.x
-  ==============     ==========  =====  =======  ========
+  ==============     ===========  =====  ========  ========
+  Release            Kubernetes   Helm   kubectl   Docker
+  ==============     ===========  =====  ========  ========
+  amsterdam          1.7.x        2.3.x  1.7.x     1.12.x
+  beijing            1.8.10       2.8.2  1.8.10    17.03.x
+  casablanca         1.11.2       2.9.1  1.11.2    17.03.x
+  ==============     ===========  =====  ========  ========
 
 Minimum Hardware Configuration
 ==============================
 
-The minimum hardware requirements are provided below.  Note that although ONAP
-may operate on a single node as described production deployments will need at
-least three if not six nodes to ensure there is no single point of failure.
+The hardware requirements are provided below. Note that this is for a
+full ONAP deployment (all components). Customizing ONAP to deploy only
+components that are needed will drastically reduce the requirements.
 
 .. table:: OOM Hardware Requirements
 
   =====  =====  ======  ====================
   RAM    HD     vCores  Ports
   =====  =====  ======  ====================
-  128GB  160GB  32      0.0.0.0/0 (all open)
+  224GB  160GB  112     0.0.0.0/0 (all open)
   =====  =====  ======  ====================
 
 .. note::
-  Kubernetes supports a maximum of 110 pods per node which forces one to use at
-  least two nodes to deploy all of ONAP although at least three are recommended
-  (for example 4x32GB - 8 vCores each). Subsets of ONAP may still be deployed
-  on a single node.
+  Kubernetes supports a maximum of 110 pods per node. The use of many small
+  nodes is preferred over a few larger nodes (for example 14x16GB - 8 vCores each).
+  Subsets of ONAP may still be deployed on a single node.
 
 Cloud Installation
 ==================
diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst
index 077e7e7..0029d5f 100644
--- a/docs/oom_quickstart_guide.rst
+++ b/docs/oom_quickstart_guide.rst
@@ -16,119 +16,18 @@
 
 **Step 1.** Clone the OOM repository from ONAP gerrit::
 
-  > git clone -b beijing http://gerrit.onap.org/r/oom
+  > git clone -b casablanca http://gerrit.onap.org/r/oom
   > cd oom/kubernetes
 
+**Step 2.** Install Helm Plugins required to deploy the ONAP Casablanca release::
+  sudo cp -R ~/oom/kubernetes/helm/plugins/ ~/.helm
 
-**Step 2.** Customize the onap/values.yaml file to suit your deployment. You
+**Step 3.** Customize the onap/values.yaml file to suit your deployment. You
 may want to selectively enable or disable ONAP components by changing the
 `enabled: true/false` flags as shown below:
 
-.. code-block:: yaml
-
-  #################################################################
-  # Global configuration overrides.
-  #
-  # These overrides will affect all helm charts (ie. applications)
-  # that are listed below and are 'enabled'.
-  #################################################################
-  global:
-    # Change to an unused port prefix range to prevent port conflicts
-    # with other instances running within the same k8s cluster
-    nodePortPrefix: 302
-
-    # image repositories
-    repository: nexus3.onap.org:10001
-    repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
-    # readiness check
-    readinessRepository: oomk8s
-    # logging agent
-    loggingRepository: docker.elastic.co
-
-    # image pull policy
-    pullPolicy: Always
-
-    # default mount path root directory referenced
-    # by persistent volumes and log files
-    persistence:
-      mountPath: /dockerdata-nfs
-
-    # flag to enable debugging - application support required
-    debugEnabled: false
-
-  #################################################################
-  # Enable/disable and configure helm charts (ie. applications)
-  # to customize the ONAP deployment.
-  #################################################################
-  aaf:
-    enabled: true
-  aai:
-    enabled: true
-  appc:
-    enabled: true
-  clamp:
-    enabled: true
-  cli:
-    enabled: true
-  consul: # Consul Health Check Monitoring
-    enabled: true
-  dcaegen2:
-    enabled: true
-  esr:
-    enabled: true
-  log:
-    enabled: true
-  message-router:
-    enabled: true
-  mock:
-    enabled: true
-  msb:
-    enabled: true
-  multicloud:
-    enabled: true
-  policy:
-    enabled: true
-  portal:
-    enabled: true
-  robot: # Robot Health Check
-    enabled: true
-  sdc:
-    enabled: true
-  sdnc:
-    enabled: true
-  so: # Service Orchestrator
-    enabled: true
-
-    replicaCount: 1
-
-    liveness:
-      # necessary to disable liveness probe when setting breakpoints
-      # in debugger so K8s doesn't restart unresponsive container
-      enabled: true
-
-    # so server configuration
-    config:
-      # message router configuration
-      dmaapTopic: "AUTO"
-      # openstack configuration
-      openStackUserName: "vnf_user"
-      openStackRegion: "RegionOne"
-      openStackKeyStoneUrl: "http://1.2.3.4:5000"
-      openStackServiceTenantName: "service"
-      openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
-
-    # configure embedded mariadb
-    mariadb:
-      config:
-        mariadbRootPassword: password
-  uui:
-    enabled: true
-  vfc:
-    enabled: true
-  vid:
-    enabled: true
-  vnfsdk:
-    enabled: true
+.. literalinclude:: onap-values.yaml
+   :language: yaml
 
 .. note::
   To generate openStackEncryptedPasswordHere :
@@ -154,18 +53,12 @@
 
 **Step 5.** Build a local Helm repository (from the kubernetes directory)::
 
-  > make all
+  > make all; make onap
 
 **Step 6.** Display the charts that available to be deployed::
 
   > helm search -l
-  NAME                    VERSION    DESCRIPTION
-  local/appc              2.0.0      Application Controller
-  local/clamp             2.0.0      ONAP Clamp
-  local/common            2.0.0      Common templates for inclusion in other charts
-  local/onap              2.0.0      Open Network Automation Platform (ONAP)
-  local/robot             2.0.0      A helm Chart for kubernetes-ONAP Robot
-  local/so                2.0.0      ONAP Service Orchestrator
+.. literalinclude:: helm-search.txt
 
 .. note::
   The setup of the Helm repository is a one time activity. If you make changes to your deployment charts or values be sure to use `make` to update your local Helm repository.
@@ -173,11 +66,15 @@
 **Step 7.** Once the repo is setup, installation of ONAP can be done with a
 single command::
 
-  > helm install local/onap -n dev --namespace onap
+  > helm deploy dev local/onap --namespace onap
 
-.. note::
-  The requirement for the use of the `onap` namespace will be lifted once the OOM team completes their Beijing deveivers.
 
 Use the following to monitor your deployment and determine when ONAP is ready for use::
 
   > kubectl get pods --all-namespaces -o=wide
+
+Undeploying onap can be done using the following command::
+  > helm undeploy dev --purge
+
+
+More examples of using the deploy and undeploy plugins can be found here: https://wiki.onap.org/display/DW/OOM+Helm+%28un%29Deploy+plugins
\ No newline at end of file
diff --git a/docs/oom_setup_kubernetes_rancher.rst b/docs/oom_setup_kubernetes_rancher.rst
index a20c0df..fddccf8 100644
--- a/docs/oom_setup_kubernetes_rancher.rst
+++ b/docs/oom_setup_kubernetes_rancher.rst
@@ -48,7 +48,7 @@
 Select Flavor
 -------------
 Known issues exist if flavor is too small for Rancher. Please select a flavor
-with at least 4 vCPU and 8GB ram.
+with at least 4 vCPU and 8GB ram. A size of 8 vCPU and 16GB ram is recommended.
 
 .. image:: Rancher-Select_Flavor.jpeg
 
@@ -88,7 +88,7 @@
 * install nfs server
 
 .. note::
-  The Beijing release of OOM only supports Helm 2.8.2 not the 2.7.2 shown in
+  The Casablanca release of OOM only supports Helm 2.9.1 not the 2.7.2 shown in
   the screen capture below. The supported versions of all the software components
   are listed in the :ref:`cloud-setup-guide-label`.
 
@@ -133,8 +133,9 @@
 The size of a Kubernetes host depends on the size of the ONAP deployment that
 will be installed.
 
-As of the Beijing release a minimum of 3 x 32GB hosts will be needed to run a
-full ONAP deployment (all components).
+As of the Casablanca release a minimum 224GB will be needed to run a
+full ONAP deployment (all components). It is recommended that more hosts are used
+with fewer resources instead of only a few large hosts. For example 14 x 16GB hosts.
 
 If a small subset of ONAP components are being deployed for testing purposes,
 then a single 16GB or 32GB host should suffice.
diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst
index db410a6..ea658f0 100644
--- a/docs/oom_user_guide.rst
+++ b/docs/oom_user_guide.rst
@@ -108,7 +108,7 @@
 
 To prepare your system for an installation of ONAP, you'll need to::
 
-  > git clone -b beijing http://gerrit.onap.org/r/oom
+  > git clone -b casablanca http://gerrit.onap.org/r/oom
   > cd oom/kubernetes
 
 
@@ -282,7 +282,7 @@
 
 To deploy ONAP with this environment file, enter::
 
-  > helm install local/onap -n beijing -f environments/onap-production.yaml
+  > helm deploy local/onap -n casablanca -f environments/onap-production.yaml
 
 .. include:: environments_onap_demo.yaml
    :code: yaml
@@ -381,16 +381,31 @@
   10.12.6.155 portal.api.simpledemo.onap.org
   10.12.6.155 vid.api.simpledemo.onap.org
   10.12.6.155 sdc.api.fe.simpledemo.onap.org
+  10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
+  10.12.6.155 sdc.dcae.plugin.simpledemo.onap.org
   10.12.6.155 portal-sdk.simpledemo.onap.org
   10.12.6.155 policy.api.simpledemo.onap.org
   10.12.6.155 aai.api.sparky.simpledemo.onap.org
   10.12.6.155 cli.api.simpledemo.onap.org
   10.12.6.155 msb.api.discovery.simpledemo.onap.org
+  10.12.6.155 msb.api.simpledemo.onap.org
+  10.12.6.155 clamp.api.simpledemo.onap.org
+  10.12.6.155 so.api.simpledemo.onap.org
 
 Ensure you've disabled any proxy settings the browser you are using to access
-the portal and then simply access the familiar URL:
-http://portal.api.simpledemo.onap.org:8989/ONAPPORTAL/login.htm
+the portal and then simply access now the new ssl-encrypted URL:
+https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm
 
+.. note::
+  Using the HTTPS based Portal URL the Browser needs to be configured to accept
+  unsecure credentials.
+  Additionally when opening an Application inside the Portal, the Browser
+  might block the content, which requires to disable the blocking and reloading
+  of the page
+
+.. note::
+  Besides the ONAP Portal the Components can deliver additional user interfaces, 
+  please check the Component specific documentation.
 
 .. note::     
 
@@ -572,14 +587,14 @@
 For example, to upgrade a container by changing configuration, specifically an
 environment value::
 
-  > helm upgrade beijing onap/so --version 2.0.1 --set enableDebug=true
+  > helm deploy casablanca onap/so --version 2.0.1 --set enableDebug=true
 
 Issuing this command will result in the appropriate container being stopped by
 Kubernetes and replaced with a new container with the new environment value.
 
 To upgrade a component to a new version with a new configuration file enter::
 
-  > helm upgrade beijing onap/so --version 2.0.2 -f environments/demo.yaml
+  > helm deploy casablanca onap/so --version 2.0.2 -f environments/demo.yaml
 
 To fetch release history enter::
 
@@ -672,18 +687,18 @@
 what will happen with a given command prior to actually deleting anything.  For
 example::
 
-  > helm delete --dry-run beijing
+  > helm undeploy casablanca --dry-run
 
-will display the outcome of deleting the 'beijing' release from the deployment.
+will display the outcome of deleting the 'casablanca' release from the deployment.
 To completely delete a release and remove it from the internal store enter::
 
-  > helm delete --purge beijing
+  > helm undeploy casablanca --purge
 
 One can also remove individual components from a deployment by changing the
 ONAP configuration values.  For example, to remove `so` from a running
 deployment enter::
 
-  > helm upgrade beijing osn/onap --set so.enabled=false
+  > helm undeploy casablanca-so --purge
 
 will remove `so` as the configuration indicates it's no longer part of the
 deployment. This might be useful if a one wanted to replace just `so` by
diff --git a/docs/openstack-k8s-node.sh b/docs/openstack-k8s-node.sh
index 66dc629..b8462aa 100644
--- a/docs/openstack-k8s-node.sh
+++ b/docs/openstack-k8s-node.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 DOCKER_VERSION=17.03
-KUBECTL_VERSION=1.8.10
+KUBECTL_VERSION=1.11.2
 HELM_VERSION=2.9.1
 
 # setup root access - default login: oom/oom - comment out to restrict access too ssh key only
diff --git a/docs/openstack-rancher.sh b/docs/openstack-rancher.sh
index 1f1d2e4..bcf542a 100644
--- a/docs/openstack-rancher.sh
+++ b/docs/openstack-rancher.sh
@@ -1,8 +1,8 @@
 #!/bin/bash
 
 DOCKER_VERSION=17.03
-RANCHER_VERSION=1.6.18
-KUBECTL_VERSION=1.8.10
+RANCHER_VERSION=1.6.22
+KUBECTL_VERSION=1.11.2
 HELM_VERSION=2.9.1
 
 # setup root access - default login: oom/oom - comment out to restrict access too ssh key only
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index c87eee0..3e8a1be 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -8,6 +8,49 @@
 Release Notes
 =============
 
+Version 3.0.0 Casablanca Release
+--------------------------------
+
+:Release Date: 2018-11-30
+
+Summary
+=======
+
+The focus of this release was on incremental improvements in the following areas:
+* Pluggable persistent storage with support for GlusterFS as the first storage class provisioner
+* CPU and Memory limits in Helm Charts to improve Pod placement based on resource availablity in Kubernetes Cluster
+* Support of Node Selectors for Pod placement
+* Common "shared" Helm Charts referencing common images
+  - mariadb-galera
+  - postgres
+  - cassandra
+  - mysql
+  - mongo
+* Integration of ARK Backup and Restore solution
+* Introduction of Helm deploy and undeploy plugins to better manage ONAP deployments
+
+
+**Security Notes**
+
+OOM code has been formally scanned during build time using NexusIQ and no Critical vulnerability was found.
+
+Quick Links:
+	- `OOM project page <https://wiki.onap.org/display/DW/ONAP+Operations+Manager+Project>`_
+
+	- `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_
+
+
+**Known Issues**
+
+Problem:        kubectl connections to pods (kubectl exec|logs) will fail after a while due to a known bug in Kubernetes (1.11.2)
+Workaround:     Restart of the kubelet daemons on the k8s hosts
+Fix:            Will be delivered in the next release via a new Kubernetes version (1.12)
+- `K8S Bug Report <https://github.com/kubernetes/kubernetes/issues/67659>`_
+- `OOM-1532 <https://jira.onap.org/browse/OOM-1532>`_
+- `OOM-1516 <https://jira.onap.org/browse/OOM-1516>`_
+- `OOM-1520 <https://jira.onap.org/browse/OOM-1520>`_
+
+
 Version 2.0.0 Beijing Release
 -----------------------------
 
diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml
index 58017bd..355cd60 100644
--- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml
@@ -81,11 +81,11 @@
   mountSubPath: sms/consul/data
 
 service:
-  type: NodePort
+  type: ClusterIP
   name: aaf-sms-db
   portName: aaf-sms-db
   internalPort: 8200
-  nodePort: 44
+  externalPort: 8200
 
 ingress:
   enabled: false
diff --git a/kubernetes/aai/charts/aai-babel/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000..dbf4fca
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/auth/tomcat_keystore
similarity index 100%
rename from kubernetes/aai/charts/aai-sparky-be/resources/config/auth/tomcat_keystore
rename to kubernetes/aai/charts/aai-babel/resources/fproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/charts/aai-babel/resources/fproxy/config/fproxy.properties b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/fproxy.properties
new file mode 100644
index 0000000..f512fb7
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/fproxy.properties
@@ -0,0 +1,2 @@
+credential.cache.timeout.ms=180000
+transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-babel/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/logback-spring.xml
new file mode 100644
index 0000000..3a35b76
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+    <property name="LOGS" value="./logs/AAF-FPS" />
+    <property name="FILEPREFIX" value="application" />
+
+    <appender name="Console"
+        class="ch.qos.logback.core.ConsoleAppender">
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>
+                %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+            </Pattern>
+        </layout>
+    </appender>
+
+    <appender name="RollingFile"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${LOGS}/${FILEPREFIX}.log</file>
+        <encoder
+            class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+            <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+        </encoder>
+
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- rollover daily and when the file reaches 10 MegaBytes -->
+            <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+            </fileNamePattern>
+            <timeBasedFileNamingAndTriggeringPolicy
+                class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+                <maxFileSize>10MB</maxFileSize>
+            </timeBasedFileNamingAndTriggeringPolicy>
+        </rollingPolicy>
+    </appender>
+
+    <!-- LOG everything at INFO level -->
+    <root level="info">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </root>
+
+    <!-- LOG "com.baeldung*" at TRACE level -->
+    <logger name="org.onap.aaf.fproxy" level="trace" additivity="false">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </logger>
+
+</configuration>
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-babel/resources/fproxy/config/readme.txt b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/readme.txt
new file mode 100644
index 0000000..79cf29e
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000..dbf4fca
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/tomcat_keystore
new file mode 100644
index 0000000..99129c1
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/uri-authorization.json
new file mode 100644
index 0000000..acc9409
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/uri-authorization.json
@@ -0,0 +1,93 @@
+[
+  {
+    "uri": "\/not\/allowed\/at\/all$",
+    "permissions": [
+      "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
+     ]
+  },
+  {
+    "uri": "\/one\/auth\/required$",
+    "permissions": [
+      "test.auth.access.aSimpleSingleAuth"
+     ]
+  },
+  {
+    "uri": "\/multi\/auth\/required$",
+    "permissions": [
+      "test.auth.access.aMultipleAuth1",
+      "test.auth.access.aMultipleAuth2",
+      "test.auth.access.aMultipleAuth3"
+     ]
+  },
+  {
+    "uri": "\/one\/[^\/]+\/required$",
+    "permissions": [
+      "test.auth.access.aSimpleSingleAuth"
+     ]
+  },
+  {
+    "uri": "\/services\/getAAFRequest$",
+    "permissions": [
+      "test.auth.access|services|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/admin\/getAAFRequest$",
+    "permissions": [
+      "test.auth.access|admin|GET,PUT,POST"
+     ]
+  },
+  {
+    "uri": "\/service\/aai\/webapp\/index.html$",
+    "permissions": [
+      "test.auth.access|services|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/services\/aai\/webapp\/index.html$",
+    "permissions": [
+      "test.auth.access|services|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/$",
+    "permissions": [
+    	"\\|services\\|GET",
+      "test\\.auth\\.access\\|services\\|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
+    "permissions": [
+      "test\\.auth\\.access\\|rest\\|read"
+     ]
+  },
+  {
+    "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
+    "permissions": [
+      "test.auth.access|clouds|read",
+      "test.auth.access|tenants|read"
+    ]
+  },
+  {
+    "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
+    "permissions": [
+      "test.auth.access|clouds|read",
+      "test.auth.access|tenants|read",
+      "test.auth.access|vservers|read"
+    ]
+  },
+  {
+    "uri": "\/backend$",
+    "permissions": [
+      "test\\.auth\\.access\\|services\\|GET,PUT",
+      "\\|services\\|GET"
+     ]
+  },
+  {
+    "uri": "\/services\/babel-service\/.*",
+    "permissions": [
+      "org\\.access\\|\\*\\|\\*"
+     ]
+  }
+]
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/cadi.properties b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/cadi.properties
new file mode 100644
index 0000000..a82e38c
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/cadi.properties
@@ -0,0 +1,25 @@
+# This is a normal Java Properties File
+# Comments are with Pound Signs at beginning of lines,
+# and multi-line expression of properties can be obtained by backslash at end of line
+
+#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
+#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name 
+#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
+#to your hosts file on your machine.
+#hostname=test.aic.cip.att.com
+
+cadi_loglevel=DEBUG
+cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+
+cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
+cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+# Configure AAF
+aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}}
+aaf_env=DEV
+
+aaf_id=demo@people.osaaf.org
+aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
+
+# This is a colon separated list of client cert issuers
+cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/forward-proxy.properties
new file mode 100644
index 0000000..1b58d42
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/forward-proxy.properties
@@ -0,0 +1,4 @@
+forward-proxy.protocol = https
+forward-proxy.host = localhost
+forward-proxy.port = 10680
+forward-proxy.cacheurl = /credential-cache
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/logback-spring.xml
new file mode 100644
index 0000000..289fe75
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+    <property name="LOGS" value="./logs/reverse-proxy" />
+    <property name="FILEPREFIX" value="application" />
+
+    <appender name="Console"
+        class="ch.qos.logback.core.ConsoleAppender">
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>
+                %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+            </Pattern>
+        </layout>
+    </appender>
+
+    <appender name="RollingFile"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${LOGS}/${FILEPREFIX}.log</file>
+        <encoder
+            class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+            <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+        </encoder>
+
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- rollover daily and when the file reaches 10 MegaBytes -->
+            <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+            </fileNamePattern>
+            <timeBasedFileNamingAndTriggeringPolicy
+                class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+                <maxFileSize>10MB</maxFileSize>
+            </timeBasedFileNamingAndTriggeringPolicy>
+        </rollingPolicy>
+    </appender>
+
+    <!-- LOG everything at INFO level -->
+    <root level="debug">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </root>
+
+    <!-- LOG "com.baeldung*" at TRACE level  -->
+    <logger name="org.onap.aaf.rproxy" level="trace" additivity="false">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </logger>
+
+</configuration>
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/primary-service.properties b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/primary-service.properties
new file mode 100644
index 0000000..7055bf5
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/primary-service.properties
@@ -0,0 +1,3 @@
+primary-service.protocol = https
+primary-service.host = localhost
+primary-service.port = 9516
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/readme.txt b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/readme.txt
new file mode 100644
index 0000000..79cf29e
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/reverse-proxy.properties
new file mode 100644
index 0000000..8d46e1f
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/reverse-proxy.properties
@@ -0,0 +1 @@
+transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/security/keyfile b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/security/keyfile
new file mode 100644
index 0000000..6cd12fc
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/security/keyfile
@@ -0,0 +1,27 @@
+bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM
+1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29
+xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK
+BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm
+6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99
+QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm
+zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6
+x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf
+8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz
+FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz
+UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r
+banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv
+6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG
+yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB
+xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB
+lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq
+ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE
+fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v
+1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5
+liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc
+0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u
+PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm
+8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv
+dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ
+-85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn
+c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J
+uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-babel/templates/configmap.yaml b/kubernetes/aai/charts/aai-babel/templates/configmap.yaml
index e75282d..e018794 100644
--- a/kubernetes/aai/charts/aai-babel/templates/configmap.yaml
+++ b/kubernetes/aai/charts/aai-babel/templates/configmap.yaml
@@ -25,3 +25,38 @@
     heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-fproxy-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-fproxy-log-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-log-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+{{ end }}
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-babel/templates/deployment.yaml b/kubernetes/aai/charts/aai-babel/templates/deployment.yaml
index c2aa6e4..5ac0792 100644
--- a/kubernetes/aai/charts/aai-babel/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-babel/templates/deployment.yaml
@@ -31,6 +31,19 @@
         app: {{ include "common.name" . }}
         release: {{ .Release.Name }}
     spec:
+    {{ if .Values.global.installSidecarSecurity }}
+      hostAliases:
+      - ip: {{ .Values.global.aaf.serverIp }}
+        hostnames:
+        - {{ .Values.global.aaf.serverHostname }}
+
+      initContainers:
+        - name: {{ .Values.global.tproxyConfig.name }}
+          image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          securityContext:
+            privileged: true
+    {{ end }}
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -108,6 +121,79 @@
           - mountPath: /usr/share/filebeat/data
             name: aai-filebeat
 
+    {{ if .Values.global.installSidecarSecurity }}
+        - name: {{ .Values.global.rproxy.name }}
+          image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          env:
+          - name: CONFIG_HOME
+            value: "/opt/app/rproxy/config"
+          - name: KEY_STORE_PASSWORD
+            value: {{ .Values.config.keyStorePassword }}
+          - name: spring_profiles_active
+            value: {{ .Values.global.rproxy.activeSpringProfiles }}
+          volumeMounts:
+          - name: {{ include "common.fullname" . }}-rproxy-config
+            mountPath: /opt/app/rproxy/config/forward-proxy.properties
+            subPath: forward-proxy.properties
+          - name: {{ include "common.fullname" . }}-rproxy-config
+            mountPath: /opt/app/rproxy/config/primary-service.properties
+            subPath: primary-service.properties
+          - name: {{ include "common.fullname" . }}-rproxy-config
+            mountPath: /opt/app/rproxy/config/reverse-proxy.properties
+            subPath: reverse-proxy.properties
+          - name: {{ include "common.fullname" . }}-rproxy-config
+            mountPath: /opt/app/rproxy/config/cadi.properties
+            subPath: cadi.properties
+          - name: {{ include "common.fullname" . }}-rproxy-log-config
+            mountPath: /opt/app/rproxy/config/logback-spring.xml
+            subPath: logback-spring.xml
+          - name: {{ include "common.fullname" . }}-rproxy-auth-config
+            mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
+            subPath: tomcat_keystore
+          - name: {{ include "common.fullname" . }}-rproxy-auth-config
+            mountPath: /opt/app/rproxy/config/auth/client-cert.p12
+            subPath: client-cert.p12
+          - name: {{ include "common.fullname" . }}-rproxy-auth-config
+            mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
+            subPath: uri-authorization.json
+          - name: {{ include "common.fullname" . }}-rproxy-auth-config
+            mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
+            subPath: aaf_truststore.jks
+          - name: {{ include "common.fullname" . }}-rproxy-security-config
+            mountPath: /opt/app/rproxy/config/security/keyfile
+            subPath: keyfile
+
+          ports:
+          - containerPort: {{ .Values.global.rproxy.port }}
+
+        - name: {{ .Values.global.fproxy.name }}
+          image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          env:
+          - name: CONFIG_HOME
+            value: "/opt/app/fproxy/config"
+          - name: KEY_STORE_PASSWORD
+            value: {{ .Values.config.keyStorePassword }}
+          - name: spring_profiles_active
+            value: {{ .Values.global.fproxy.activeSpringProfiles }}
+          volumeMounts:
+          - name: {{ include "common.fullname" . }}-fproxy-config
+            mountPath: /opt/app/fproxy/config/fproxy.properties
+            subPath: fproxy.properties
+          - name: {{ include "common.fullname" . }}-fproxy-log-config
+            mountPath: /opt/app/fproxy/config/logback-spring.xml
+            subPath: logback-spring.xml
+          - name: {{ include "common.fullname" . }}-fproxy-auth-config
+            mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
+            subPath: tomcat_keystore
+          - name: {{ include "common.fullname" . }}-fproxy-auth-config
+            mountPath: /opt/app/fproxy/config/auth/client-cert.p12
+            subPath: client-cert.p12
+          ports:
+          - containerPort: {{ .Values.global.fproxy.port }}
+    {{ end }}
+
       volumes:
         - name: localtime
           hostPath:
@@ -134,5 +220,29 @@
           emptyDir: {}
         - name: aai-filebeat
           emptyDir: {}
+    {{ if .Values.global.installSidecarSecurity }}
+        - name: {{ include "common.fullname" . }}-rproxy-config
+          configMap:
+            name: {{ include "common.fullname" . }}-rproxy-config
+        - name: {{ include "common.fullname" . }}-rproxy-log-config
+          configMap:
+            name: {{ include "common.fullname" . }}-rproxy-log-config
+        - name: {{ include "common.fullname" . }}-rproxy-auth-config
+          secret:
+            secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+        - name: {{ include "common.fullname" . }}-rproxy-security-config
+          secret:
+            secretName: {{ include "common.fullname" . }}-rproxy-security-config
+        - name: {{ include "common.fullname" . }}-fproxy-config
+          configMap:
+            name: {{ include "common.fullname" . }}-fproxy-config
+        - name: {{ include "common.fullname" . }}-fproxy-log-config
+          configMap:
+            name: {{ include "common.fullname" . }}-fproxy-log-config
+        - name: {{ include "common.fullname" . }}-fproxy-auth-config
+          secret:
+            secretName: {{ include "common.fullname" . }}-fproxy-auth-config
+    {{ end }}
+
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/charts/aai-babel/templates/secrets.yaml b/kubernetes/aai/charts/aai-babel/templates/secrets.yaml
index 5b21e17..78a849b 100644
--- a/kubernetes/aai/charts/aai-babel/templates/secrets.yaml
+++ b/kubernetes/aai/charts/aai-babel/templates/secrets.yaml
@@ -36,3 +36,33 @@
 data:
   KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }}
   KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-fproxy-auth-config
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-auth-config
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-security-config
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
+{{ end }}
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-babel/templates/service.yaml b/kubernetes/aai/charts/aai-babel/templates/service.yaml
index eeb27ed..9a8b8a2 100644
--- a/kubernetes/aai/charts/aai-babel/templates/service.yaml
+++ b/kubernetes/aai/charts/aai-babel/templates/service.yaml
@@ -26,15 +26,27 @@
 spec:
   type: {{ .Values.service.type }}
   ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.internalPort}}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort}}
-      name: {{ .Values.service.portName }}
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName }}
-    {{- end}}
+  {{ if .Values.global.installSidecarSecurity }}
+      {{if eq .Values.service.type "NodePort" -}}
+      - port: {{ .Values.global.rproxy.port }}
+        nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+        name: {{ .Values.service.portName }}
+      {{- else -}}
+      - port: {{ .Values.service.externalPort }}
+        targetPort: {{ .Values.global.rproxy.port }}
+        name: {{ .Values.service.portName }}
+      {{- end}}
+  {{ else }}
+      {{if eq .Values.service.type "NodePort" -}}
+      - port: {{ .Values.service.internalPort }}
+        nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+        name: {{ .Values.service.portName }}
+      {{- else -}}
+      - port: {{ .Values.service.externalPort }}
+        targetPort: {{ .Values.service.internalPort }}
+        name: {{ .Values.service.portName }}
+      {{- end}}
+  {{ end }}
   selector:
     app: {{ include "common.name" . }}
     release: {{ .Release.Name }}
diff --git a/kubernetes/aai/charts/aai-babel/values.yaml b/kubernetes/aai/charts/aai-babel/values.yaml
index b26b858..8c192e5 100644
--- a/kubernetes/aai/charts/aai-babel/values.yaml
+++ b/kubernetes/aai/charts/aai-babel/values.yaml
@@ -69,13 +69,13 @@
       cpu: 2
       memory: 4Gi
     requests:
-      cpu: 1
-      memory: 2Gi
+      cpu: 0.5
+      memory: 1Gi
   large:
     limits:
       cpu: 4
       memory: 8Gi
     requests:
-      cpu: 4
-      memory: 8Gi
+      cpu: 2
+      memory: 2Gi
   unlimited: {}
diff --git a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000..dbf4fca
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/tomcat_keystore
new file mode 100644
index 0000000..f3ac070
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/fproxy.properties b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/fproxy.properties
new file mode 100644
index 0000000..f512fb7
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/fproxy.properties
@@ -0,0 +1,2 @@
+credential.cache.timeout.ms=180000
+transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/logback-spring.xml
new file mode 100644
index 0000000..4fae434
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+ 
+    <property name="LOGS" value="./logs/AAF-FPS" />
+    <property name="FILEPREFIX" value="application" />
+ 
+    <appender name="Console"
+        class="ch.qos.logback.core.ConsoleAppender">
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>
+                %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+            </Pattern>
+        </layout>
+    </appender>
+ 
+    <appender name="RollingFile"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${LOGS}/${FILEPREFIX}.log</file>
+        <encoder
+            class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+            <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+        </encoder>
+ 
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- rollover daily and when the file reaches 10 MegaBytes -->
+            <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+            </fileNamePattern>
+            <timeBasedFileNamingAndTriggeringPolicy
+                class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+                <maxFileSize>10MB</maxFileSize>
+            </timeBasedFileNamingAndTriggeringPolicy>
+        </rollingPolicy>
+    </appender>
+     
+    <!-- LOG everything at INFO level -->
+    <root level="info">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </root>
+ 
+    <!-- LOG "com.baeldung*" at TRACE level -->
+    <logger name="org.onap.aaf.fproxy" level="trace" additivity="false">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </logger>
+ 
+</configuration>
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/readme.txt b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/readme.txt
new file mode 100644
index 0000000..79cf29e
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000..dbf4fca
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/tomcat_keystore
new file mode 100644
index 0000000..99129c1
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json
new file mode 100644
index 0000000..2865e01
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json
@@ -0,0 +1,99 @@
+ [
+    {
+      "uri": "\/not\/allowed\/at\/all$",
+      "permissions": [
+        "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
+       ]
+    },
+    {
+      "uri": "\/one\/auth\/required$",
+      "permissions": [
+        "test.auth.access.aSimpleSingleAuth"
+       ]
+    },
+    {
+      "uri": "\/multi\/auth\/required$",
+      "permissions": [
+        "test.auth.access.aMultipleAuth1",
+        "test.auth.access.aMultipleAuth2",
+        "test.auth.access.aMultipleAuth3"
+       ]
+    },
+    {
+      "uri": "\/one\/[^\/]+\/required$",
+      "permissions": [
+        "test.auth.access.aSimpleSingleAuth"
+       ]
+    },
+    {
+      "uri": "\/services\/getAAFRequest$",
+      "permissions": [
+        "test.auth.access|services|GET,PUT"
+       ]
+    },
+    {
+      "uri": "\/admin\/getAAFRequest$",
+      "permissions": [
+        "test.auth.access|admin|GET,PUT,POST"
+       ]
+    },
+    {
+      "uri": "\/service\/aai\/webapp\/index.html$",
+      "permissions": [
+        "test.auth.access|services|GET,PUT"
+       ]
+    },
+    {
+      "uri": "\/services\/aai\/webapp\/index.html$",
+      "permissions": [
+        "test.auth.access|services|GET,PUT"
+       ]
+    },
+    {
+      "uri": "\/$",
+      "permissions": [
+      	"\\|services\\|GET",
+        "test\\.auth\\.access\\|services\\|GET,PUT"
+       ]
+    },
+    {
+      "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
+      "permissions": [
+        "test\\.auth\\.access\\|rest\\|read"
+       ]
+    },
+    {
+      "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
+      "permissions": [
+        "test.auth.access|clouds|read",
+        "test.auth.access|tenants|read"
+      ]
+    },
+    {
+      "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
+      "permissions": [
+        "test.auth.access|clouds|read",
+        "test.auth.access|tenants|read",
+        "test.auth.access|vservers|read"
+      ]
+    },
+    {
+      "uri": "\/backend$",
+      "permissions": [
+        "test\\.auth\\.access\\|services\\|GET,PUT",
+        "\\|services\\|GET"
+       ]
+    },
+    {
+      "uri": "\/services\/inventory\/.*",
+      "permissions": [
+        "org\\.access\\|\\*\\|\\*"
+       ]
+    },
+    {
+    "uri": "\/services\/champ-service\/.*",
+    "permissions": [
+      "org\\.access\\|\\*\\|\\*"
+     ]
+  }
+ ]
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties
new file mode 100644
index 0000000..33daa73
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties
@@ -0,0 +1,25 @@
+# This is a normal Java Properties File
+# Comments are with Pound Signs at beginning of lines,
+# and multi-line expression of properties can be obtained by backslash at end of line
+
+#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
+#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name 
+#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
+#to your hosts file on your machine. 
+#hostname=test.aic.cip.att.com
+
+cadi_loglevel=DEBUG
+cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+
+cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
+cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+# Configure AAF
+aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}}
+aaf_env=DEV
+
+aaf_id=demo@people.osaaf.org
+aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
+
+# This is a colon separated list of client cert issuers
+cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/forward-proxy.properties
new file mode 100644
index 0000000..1b58d42
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/forward-proxy.properties
@@ -0,0 +1,4 @@
+forward-proxy.protocol = https
+forward-proxy.host = localhost
+forward-proxy.port = 10680
+forward-proxy.cacheurl = /credential-cache
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/logback-spring.xml
new file mode 100644
index 0000000..fc04a97
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+ 
+    <property name="LOGS" value="./logs/reverse-proxy" />
+    <property name="FILEPREFIX" value="application" />
+ 
+    <appender name="Console"
+        class="ch.qos.logback.core.ConsoleAppender">
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>
+                %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+            </Pattern>
+        </layout>
+    </appender>
+ 
+    <appender name="RollingFile"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${LOGS}/${FILEPREFIX}.log</file>
+        <encoder
+            class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+            <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+        </encoder>
+ 
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- rollover daily and when the file reaches 10 MegaBytes -->
+            <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+            </fileNamePattern>
+            <timeBasedFileNamingAndTriggeringPolicy
+                class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+                <maxFileSize>10MB</maxFileSize>
+            </timeBasedFileNamingAndTriggeringPolicy>
+        </rollingPolicy>
+    </appender>
+     
+    <!-- LOG everything at INFO level -->
+    <root level="debug">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </root>
+ 
+    <!-- LOG "com.baeldung*" at TRACE level  -->
+    <logger name="org.onap.aaf.rproxy" level="trace" additivity="false">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </logger>
+ 
+</configuration>
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/primary-service.properties b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/primary-service.properties
new file mode 100644
index 0000000..8d64529
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/primary-service.properties
@@ -0,0 +1,3 @@
+primary-service.protocol = https
+primary-service.host = localhost
+primary-service.port = 9522
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/readme.txt b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/readme.txt
new file mode 100644
index 0000000..79cf29e
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/reverse-proxy.properties
new file mode 100644
index 0000000..8d46e1f
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/reverse-proxy.properties
@@ -0,0 +1 @@
+transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/security/keyfile b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/security/keyfile
new file mode 100644
index 0000000..6cd12fc
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/security/keyfile
@@ -0,0 +1,27 @@
+bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM
+1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29
+xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK
+BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm
+6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99
+QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm
+zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6
+x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf
+8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz
+FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz
+UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r
+banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv
+6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG
+yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB
+xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB
+lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq
+ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE
+fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v
+1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5
+liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc
+0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u
+PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm
+8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv
+dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ
+-85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn
+c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J
+uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/templates/configmap.yaml b/kubernetes/aai/charts/aai-champ/templates/configmap.yaml
index b2f16d9..db77ae2 100644
--- a/kubernetes/aai/charts/aai-champ/templates/configmap.yaml
+++ b/kubernetes/aai/charts/aai-champ/templates/configmap.yaml
@@ -51,3 +51,37 @@
     heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }}
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-fproxy-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-fproxy-log-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-log-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+{{ end }}
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/templates/deployment.yaml b/kubernetes/aai/charts/aai-champ/templates/deployment.yaml
index 4e1866c..aa9157f 100644
--- a/kubernetes/aai/charts/aai-champ/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-champ/templates/deployment.yaml
@@ -31,6 +31,12 @@
         app: {{ include "common.name" . }}
         release: {{ .Release.Name }}
     spec:
+    {{ if .Values.global.installSidecarSecurity }}
+      hostAliases:
+      - ip: {{ .Values.global.aaf.serverIp }}
+        hostnames:
+        - {{ .Values.global.aaf.serverHostname }}
+    {{ end }}
       initContainers:
         - command:
           - /root/ready.py
@@ -46,6 +52,13 @@
           image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           name: {{ include "common.name" . }}-readiness
+    {{ if .Values.global.installSidecarSecurity }}
+        - name: {{ .Values.global.tproxyConfig.name }}
+          image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          securityContext:
+            privileged: true
+    {{ end }}
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -123,6 +136,78 @@
             name: {{ include "common.fullname" . }}-logs
           - mountPath: /usr/share/filebeat/data
             name: aai-filebeat
+    {{ if .Values.global.installSidecarSecurity }}
+        - name: {{ .Values.global.rproxy.name }}
+          image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          env:
+          - name: CONFIG_HOME
+            value: "/opt/app/rproxy/config"
+          - name: KEY_STORE_PASSWORD
+            value: {{ .Values.config.keyStorePassword }} 
+          - name: spring_profiles_active
+            value: {{ .Values.global.rproxy.activeSpringProfiles }}
+          volumeMounts:
+          - name: {{ include "common.fullname" . }}-rproxy-config
+            mountPath: /opt/app/rproxy/config/forward-proxy.properties
+            subPath: forward-proxy.properties
+          - name: {{ include "common.fullname" . }}-rproxy-config
+            mountPath: /opt/app/rproxy/config/primary-service.properties
+            subPath: primary-service.properties
+          - name: {{ include "common.fullname" . }}-rproxy-config
+            mountPath: /opt/app/rproxy/config/reverse-proxy.properties
+            subPath: reverse-proxy.properties
+          - name: {{ include "common.fullname" . }}-rproxy-config
+            mountPath: /opt/app/rproxy/config/cadi.properties
+            subPath: cadi.properties
+          - name: {{ include "common.fullname" . }}-rproxy-log-config
+            mountPath: /opt/app/rproxy/config/logback-spring.xml
+            subPath: logback-spring.xml
+          - name: {{ include "common.fullname" . }}-rproxy-auth-config
+            mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
+            subPath: tomcat_keystore
+          - name: {{ include "common.fullname" . }}-rproxy-auth-config
+            mountPath: /opt/app/rproxy/config/auth/client-cert.p12
+            subPath: client-cert.p12
+          - name: {{ include "common.fullname" . }}-rproxy-auth-config
+            mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
+            subPath: uri-authorization.json
+          #- name: {{ include "common.fullname" . }}-rproxy-auth-config
+          #  mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
+          #  subPath: aaf_truststore.jks
+          - name: {{ include "common.fullname" . }}-rproxy-security-config
+            mountPath: /opt/app/rproxy/config/security/keyfile
+            subPath: keyfile
+
+          ports:
+          - containerPort: {{ .Values.global.rproxy.port }}
+
+        - name: {{ .Values.global.fproxy.name }}
+          image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          env:
+          - name: CONFIG_HOME
+            value: "/opt/app/fproxy/config"
+          - name: KEY_STORE_PASSWORD
+            value: {{ .Values.config.keyStorePassword }} 
+          - name: spring_profiles_active
+            value: {{ .Values.global.fproxy.activeSpringProfiles }}
+          volumeMounts:
+          - name: {{ include "common.fullname" . }}-fproxy-config
+            mountPath: /opt/app/fproxy/config/fproxy.properties
+            subPath: fproxy.properties
+          - name: {{ include "common.fullname" . }}-fproxy-log-config
+            mountPath: /opt/app/fproxy/config/logback-spring.xml
+            subPath: logback-spring.xml
+          - name: {{ include "common.fullname" . }}-fproxy-auth-config
+            mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
+            subPath: tomcat_keystore
+          - name: {{ include "common.fullname" . }}-fproxy-auth-config
+            mountPath: /opt/app/fproxy/config/auth/client-cert.p12
+            subPath: client-cert.p12
+          ports:
+          - containerPort: {{ .Values.global.fproxy.port }}
+    {{ end }}      
 
       volumes:
         - name: localtime
@@ -156,5 +241,28 @@
             name: aai-filebeat
         - name: aai-filebeat
           emptyDir: {}
+    {{ if .Values.global.installSidecarSecurity }}
+        - name: {{ include "common.fullname" . }}-rproxy-config
+          configMap:
+            name: {{ include "common.fullname" . }}-rproxy-config
+        - name: {{ include "common.fullname" . }}-rproxy-log-config
+          configMap:
+            name: {{ include "common.fullname" . }}-rproxy-log-config
+        - name: {{ include "common.fullname" . }}-rproxy-auth-config
+          secret:
+            secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+        - name: {{ include "common.fullname" . }}-rproxy-security-config
+          secret:
+            secretName: {{ include "common.fullname" . }}-rproxy-security-config
+        - name: {{ include "common.fullname" . }}-fproxy-config
+          configMap:
+            name: {{ include "common.fullname" . }}-fproxy-config
+        - name: {{ include "common.fullname" . }}-fproxy-log-config
+          configMap:
+            name: {{ include "common.fullname" . }}-fproxy-log-config
+        - name: {{ include "common.fullname" . }}-fproxy-auth-config
+          secret:
+            secretName: {{ include "common.fullname" . }}-fproxy-auth-config
+    {{ end }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/charts/aai-champ/templates/secrets.yaml b/kubernetes/aai/charts/aai-champ/templates/secrets.yaml
index dddf156..a0a1519 100644
--- a/kubernetes/aai/charts/aai-champ/templates/secrets.yaml
+++ b/kubernetes/aai/charts/aai-champ/templates/secrets.yaml
@@ -37,3 +37,32 @@
   KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }}
   KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }}
 
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-fproxy-auth-config
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-auth-config
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-security-config
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
+{{ end }}
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/templates/service.yaml b/kubernetes/aai/charts/aai-champ/templates/service.yaml
index eeb27ed..e67d42a 100644
--- a/kubernetes/aai/charts/aai-champ/templates/service.yaml
+++ b/kubernetes/aai/charts/aai-champ/templates/service.yaml
@@ -26,6 +26,18 @@
 spec:
   type: {{ .Values.service.type }}
   ports:
+  {{ if .Values.global.installSidecarSecurity }}
+      {{if eq .Values.service.type "NodePort" -}}
+      - port: {{ .Values.service.internalPort }}
+        nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+        targetPort: {{ .Values.global.rproxy.port }}
+        name: {{ .Values.service.portName }}
+      {{- else -}}
+      - port: {{ .Values.service.externalPort }}
+        targetPort: {{ .Values.global.rproxy.port }}
+        name: {{ .Values.service.portName }}
+      {{- end}}
+  {{ else }}
     {{if eq .Values.service.type "NodePort" -}}
     - port: {{ .Values.service.internalPort}}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort}}
@@ -35,6 +47,7 @@
       targetPort: {{ .Values.service.internalPort }}
       name: {{ .Values.service.portName }}
     {{- end}}
+  {{ end }}
   selector:
     app: {{ include "common.name" . }}
     release: {{ .Release.Name }}
diff --git a/kubernetes/aai/charts/aai-champ/values.yaml b/kubernetes/aai/charts/aai-champ/values.yaml
index c247313..b865b00 100644
--- a/kubernetes/aai/charts/aai-champ/values.yaml
+++ b/kubernetes/aai/charts/aai-champ/values.yaml
@@ -69,15 +69,15 @@
       cpu: 2
       memory: 4Gi
     requests:
-      cpu: 2
-      memory: 4Gi
+      cpu: 0.5
+      memory: 1Gi
   large:
     limits:
       cpu: 4
       memory: 8Gi
     requests:
-      cpu: 4
-      memory: 8Gi
+      cpu: 1
+      memory: 2Gi
   unlimited: {}
 
 # XML beans configuration
diff --git a/kubernetes/aai/charts/aai-data-router/values.yaml b/kubernetes/aai/charts/aai-data-router/values.yaml
index dbcea40..ddc7fd0 100644
--- a/kubernetes/aai/charts/aai-data-router/values.yaml
+++ b/kubernetes/aai/charts/aai-data-router/values.yaml
@@ -88,15 +88,15 @@
       cpu: 2
       memory: 4Gi
     requests:
-      cpu: 1
-      memory: 2Gi
+      cpu: 0.25
+      memory: 750Mi
   large:
     limits:
       cpu: 4
       memory: 8Gi
     requests:
-      cpu: 4
-      memory: 8Gi
+      cpu: 0.5
+      memory: 1536Mi
   unlimited: {}
 
 # Entity Event route configuration
diff --git a/kubernetes/aai/charts/aai-elasticsearch/values.yaml b/kubernetes/aai/charts/aai-elasticsearch/values.yaml
index 8eb4d27..5ce8f80 100644
--- a/kubernetes/aai/charts/aai-elasticsearch/values.yaml
+++ b/kubernetes/aai/charts/aai-elasticsearch/values.yaml
@@ -86,13 +86,13 @@
       cpu: 2
       memory: 4Gi
     requests:
-      cpu: 1
+      cpu: 0.5
       memory: 2Gi
   large:
     limits:
       cpu: 4
       memory: 8Gi
     requests:
-      cpu: 4
-      memory: 8Gi
+      cpu: 1
+      memory: 4Gi
   unlimited: {}
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-gizmo/resources/config/auth/client-cert.p12
new file mode 100644
index 0000000..dbf4fca
--- /dev/null
+++ b/kubernetes/aai/charts/aai-gizmo/resources/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/crud-beans.xml b/kubernetes/aai/charts/aai-gizmo/resources/config/crud-beans.xml
index 48db706..e0ab32b 100644
--- a/kubernetes/aai/charts/aai-gizmo/resources/config/crud-beans.xml
+++ b/kubernetes/aai/charts/aai-gizmo/resources/config/crud-beans.xml
@@ -44,8 +44,4 @@
          <constructor-arg name="graphDataService" ref="graphDataService" />
      </bean>
 
-     <bean id="aaiResourceService" class="org.onap.crud.service.AaiResourceService" init-method="startup" >
-         <constructor-arg name="graphDataService" ref="graphDataService" />
-     </bean>
-
 </beans>
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/edgeprops-ingest.properties b/kubernetes/aai/charts/aai-gizmo/resources/config/edgeprops-ingest.properties
new file mode 100644
index 0000000..fbefd30
--- /dev/null
+++ b/kubernetes/aai/charts/aai-gizmo/resources/config/edgeprops-ingest.properties
@@ -0,0 +1,3 @@
+# DB Edge Property files are copied here:
+edgePropsDir=/opt/app/crud-service/config/model
+
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v14.json b/kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v14.json
new file mode 100644
index 0000000..8d00636
--- /dev/null
+++ b/kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v14.json
@@ -0,0 +1,6 @@
+{
+        "contains-other-v": "java.lang.String",
+        "delete-other-v": "java.lang.String",
+        "SVC-INFRA": "java.lang.String",
+        "prevent-delete": "java.lang.String"
+}
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v15.json b/kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v15.json
new file mode 100644
index 0000000..8d00636
--- /dev/null
+++ b/kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v15.json
@@ -0,0 +1,6 @@
+{
+        "contains-other-v": "java.lang.String",
+        "delete-other-v": "java.lang.String",
+        "SVC-INFRA": "java.lang.String",
+        "prevent-delete": "java.lang.String"
+}
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/schema-ingest.properties b/kubernetes/aai/charts/aai-gizmo/resources/config/schema-ingest.properties
new file mode 100644
index 0000000..647d4d9
--- /dev/null
+++ b/kubernetes/aai/charts/aai-gizmo/resources/config/schema-ingest.properties
@@ -0,0 +1,45 @@
+###############################################################################
+# Schema Version Related Attributes
+###############################################################################
+schema.uri.base.path=/aai
+# Lists all of the versions in the schema
+schema.version.list=v10,v11,v12,v13,v14,v15
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start=v10
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start=v10
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start=v11
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start=v11
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start=v12
+# Specifies the version that the application should default to
+schema.version.api.default=v15
+
+###############################################################################
+# Schema Location Related Attributes
+###############################################################################
+# Schema Location Related Attributes
+schema.configuration.location=NA
+schema.nodes.location=/opt/app/crud-api/bundleconfig/etc/onap/oxm
+schema.edges.location=/opt/app/crud-api/bundleconfig/etc/onap/dbedgerules
+
+###############################################################################
+# Schema Service Related Attributes
+###############################################################################
+# Specifies whether to use the schema service or local schema files
+schema.translator.list=config
+
+schema.service.base.url=https://<host>:8452/aai/schema-service/v1/
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+
+#Default rest client is the two-way-ssl
+schema.service.client=two-way-ssl
+#Replace the below with the A&AI client key store
+schema.service.ssl.key-store=${CONFIG_HOME}/auth/client-cert.p12
+#Replace the below with the A&AI tomcat trust store
+schema.service.ssl.trust-store=${CONFIG_HOME}/auth/tomcat_keystore
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/schemaIngest.properties b/kubernetes/aai/charts/aai-gizmo/resources/config/schemaIngest.properties
deleted file mode 100644
index 605f7e3..0000000
--- a/kubernetes/aai/charts/aai-gizmo/resources/config/schemaIngest.properties
+++ /dev/null
@@ -1,32 +0,0 @@
-#

-# ============LICENSE_START=======================================================

-# org.onap.aai

-# ================================================================================

-# Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.

-# Copyright © 2017-2018 Amdocs

-# Modifications Copyright © 2018 Bell Canada

-# ================================================================================

-# Licensed under the Apache License, Version 2.0 (the "License");

-# you may not use this file except in compliance with the License.

-# You may obtain a copy of the License at

-#

-#       http://www.apache.org/licenses/LICENSE-2.0

-#

-# Unless required by applicable law or agreed to in writing, software

-# distributed under the License is distributed on an "AS IS" BASIS,

-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-# See the License for the specific language governing permissions and

-# limitations under the License.

-# ============LICENSE_END=========================================================

-#

-

-# Properties for the SchemaLocationsBean

-

-# The AAI Schema jar will be unpacked to bundleconfig/etc

-schemaConfig=NA

-# OXM files named aai_oxm_v*.xml are unpacked here:

-nodeDir=/opt/app/crud-api/bundleconfig/etc/oxm

-# DB Edge Rules are unpacked here:

-edgeDir=/opt/app/crud-api/bundleconfig/etc/dbedgerules

-# DB Edge Property files are copied here:

-edgePropsDir=/opt/app/crud-service/config/model

diff --git a/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml b/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml
index 1e68712..0a30388 100644
--- a/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml
@@ -86,8 +86,11 @@
           - mountPath: /opt/app/crud-service/config/crud-api.properties
             subPath: crud-api.properties
             name: {{ include "common.fullname" . }}-config
-          - mountPath: /opt/app/crud-service/config/schemaIngest.properties
-            subPath: schemaIngest.properties
+          - mountPath: /opt/app/crud-service/config/schema-ingest.properties
+            subPath: schema-ingest.properties
+            name: {{ include "common.fullname" . }}-config
+          - mountPath: /opt/app/crud-service/config/edgeprops-ingest.properties
+            subPath: edgeprops-ingest.properties
             name: {{ include "common.fullname" . }}-config
           - mountPath: /opt/app/crud-service/config/model/
             name: {{ include "common.fullname" . }}-model-config
@@ -217,8 +220,10 @@
             items:
             - key: crud-api.properties
               path: crud-api.properties
-            - key: schemaIngest.properties
-              path: schemaIngest.properties
+            - key: schema-ingest.properties
+              path: schema-ingest.properties
+            - key: edgeprops-ingest.properties
+              path: edgeprops-ingest.properties
             - key: crud-beans.xml
               path: crud-beans.xml
         - name: {{ include "common.fullname" . }}-logback-config
diff --git a/kubernetes/aai/charts/aai-gizmo/values.yaml b/kubernetes/aai/charts/aai-gizmo/values.yaml
index 7220cd5..9d93663 100644
--- a/kubernetes/aai/charts/aai-gizmo/values.yaml
+++ b/kubernetes/aai/charts/aai-gizmo/values.yaml
@@ -66,13 +66,13 @@
       cpu: 2
       memory: 4Gi
     requests:
-      cpu: 1
-      memory: 2Gi
+      cpu: 0.5
+      memory: 1Gi
   large:
     limits:
       cpu: 4
       memory: 8Gi
     requests:
-      cpu: 4
-      memory: 8Gi
+      cpu: 1
+      memory: 1536Mi
   unlimited: {}
diff --git a/kubernetes/aai/charts/aai-graphadmin/values.yaml b/kubernetes/aai/charts/aai-graphadmin/values.yaml
index 3b89319..b6192c3 100644
--- a/kubernetes/aai/charts/aai-graphadmin/values.yaml
+++ b/kubernetes/aai/charts/aai-graphadmin/values.yaml
@@ -113,13 +113,13 @@
       cpu: 2
       memory: 4Gi
     requests:
-      cpu: 2
-      memory: 4Gi
+      cpu: 0.5
+      memory: 1536Mi
   large:
     limits:
       cpu: 4
       memory: 8Gi
     requests:
-      cpu: 4
-      memory: 8Gi
+      cpu: 1
+      memory: 2Gi
   unlimited: {}
diff --git a/kubernetes/aai/charts/aai-modelloader/values.yaml b/kubernetes/aai/charts/aai-modelloader/values.yaml
index 038be90..563ea6b 100644
--- a/kubernetes/aai/charts/aai-modelloader/values.yaml
+++ b/kubernetes/aai/charts/aai-modelloader/values.yaml
@@ -68,13 +68,13 @@
       cpu: 2
       memory: 4Gi
     requests:
-      cpu: 1
-      memory: 2Gi
+      cpu: 0.5
+      memory: 1Gi
   large:
     limits:
       cpu: 4
       memory: 8Gi
     requests:
-      cpu: 4
-      memory: 8Gi
+      cpu: 1
+      memory: 1536Mi
   unlimited: {}
diff --git a/kubernetes/aai/charts/aai-resources/resources/config/auth/aai_policy.json b/kubernetes/aai/charts/aai-resources/resources/config/auth/aai_policy.json
new file mode 100644
index 0000000..65f13ef
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/config/auth/aai_policy.json
@@ -0,0 +1,298 @@
+{
+  "roles": [
+    {
+      "name": "admin",
+      "functions": [
+        {
+          "name": "actions",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "servers",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "cloudinfra",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "cloud-infrastructure",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "sdandc",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "service-design-and-creation",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "business",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "network",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "search",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "POST"
+            }
+          ]
+        },
+        {
+          "name": "util",
+          "methods": [
+            {
+              "name": "GET"
+            }
+          ]
+        },
+        {
+          "name": "license-management",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "examples",
+          "methods": [
+            {
+              "name": "GET"
+            }
+          ]
+        },
+        {
+          "name": "resources",
+          "methods": [
+            {
+              "name": "GET"
+            }
+          ]
+        },
+        {
+          "name": "generateurl",
+          "methods": [
+            {
+              "name": "GET"
+            }
+          ]
+        },
+        {
+          "name": "bulkadd",
+          "methods": [
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "nodes",
+          "methods": [
+            {
+              "name": "GET"
+            }
+          ]
+        },
+        {
+          "name": "query",
+          "methods": [
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "dbquery",
+          "methods": [
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "bulk",
+          "methods": [
+            {
+              "name": "POST"
+            }
+          ]
+        },
+        {
+          "name": "bulkprocess",
+          "methods": [
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "recents",
+          "methods": [
+            {
+              "name": "GET"
+            }
+          ]
+        },
+        {
+          "name": "dsl",
+          "methods": [
+            {
+              "name": "PUT"
+            }
+          ]
+        },
+        {
+          "name": "common",
+          "methods": [
+            {
+              "name": "GET"
+            },
+            {
+              "name": "DELETE"
+            },
+            {
+              "name": "PUT"
+            }
+          ]
+        }
+      ],
+      "users": [
+        {
+          "username": "CN=aai, OU=OSAAF, OU=aai@aai.onap.org, O=ONAP, C=US"
+        }
+      ]
+    },
+    {
+      "name": "basicauth",
+      "functions": [
+        {
+          "name": "util",
+          "methods": [
+            {
+              "name": "GET"
+            }
+          ]
+        }
+      ],
+      "users": [
+        {
+          "user": "aai",
+          "pass": "OBF:1u2a1t2v1vgb1s3g1s3m1vgj1t3b1u30"
+        }
+      ]
+    },
+    {
+      "name": "HAProxy",
+      "functions": [
+        {
+          "name": "util",
+          "methods": [
+            {
+              "name": "GET"
+            }
+          ]
+        }
+      ],
+      "users": [
+        {
+          "username": "CN=haproxyuser, OU=OSAAF, OU=aai@aai.onap.org, O=ONAP, C=US"
+        }
+      ]
+    }
+  ]
+}
diff --git a/kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000..d9fe86e
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/fproxy_truststore b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/fproxy_truststore
new file mode 100644
index 0000000..f6ebc75
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/fproxy_truststore
Binary files differ
diff --git a/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/tomcat_keystore
similarity index 100%
copy from kubernetes/aai/charts/aai-sparky-be/resources/config/auth/tomcat_keystore
copy to kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/charts/aai-resources/resources/fproxy/config/fproxy.properties b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/fproxy.properties
new file mode 100644
index 0000000..f512fb7
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/fproxy.properties
@@ -0,0 +1,2 @@
+credential.cache.timeout.ms=180000
+transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-resources/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/logback-spring.xml
new file mode 100644
index 0000000..4fae434
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+ 
+    <property name="LOGS" value="./logs/AAF-FPS" />
+    <property name="FILEPREFIX" value="application" />
+ 
+    <appender name="Console"
+        class="ch.qos.logback.core.ConsoleAppender">
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>
+                %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+            </Pattern>
+        </layout>
+    </appender>
+ 
+    <appender name="RollingFile"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${LOGS}/${FILEPREFIX}.log</file>
+        <encoder
+            class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+            <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+        </encoder>
+ 
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- rollover daily and when the file reaches 10 MegaBytes -->
+            <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+            </fileNamePattern>
+            <timeBasedFileNamingAndTriggeringPolicy
+                class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+                <maxFileSize>10MB</maxFileSize>
+            </timeBasedFileNamingAndTriggeringPolicy>
+        </rollingPolicy>
+    </appender>
+     
+    <!-- LOG everything at INFO level -->
+    <root level="info">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </root>
+ 
+    <!-- LOG "com.baeldung*" at TRACE level -->
+    <logger name="org.onap.aaf.fproxy" level="trace" additivity="false">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </logger>
+ 
+</configuration>
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-resources/resources/fproxy/config/readme.txt b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/readme.txt
new file mode 100644
index 0000000..79cf29e
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000..071d407
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12
new file mode 100644
index 0000000..023e2ea
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/tomcat_keystore
new file mode 100644
index 0000000..6ad5f51
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/uri-authorization.json
new file mode 100644
index 0000000..e23c03d
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/uri-authorization.json
@@ -0,0 +1,99 @@
+[
+  {
+    "uri": "\/not\/allowed\/at\/all$",
+    "permissions": [
+      "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
+     ]
+  },
+  {
+    "uri": "\/one\/auth\/required$",
+    "permissions": [
+      "test.auth.access.aSimpleSingleAuth"
+     ]
+  },
+  {
+    "uri": "\/multi\/auth\/required$",
+    "permissions": [
+      "test.auth.access.aMultipleAuth1",
+      "test.auth.access.aMultipleAuth2",
+      "test.auth.access.aMultipleAuth3"
+     ]
+  },
+  {
+    "uri": "\/one\/[^\/]+\/required$",
+    "permissions": [
+      "test.auth.access.aSimpleSingleAuth"
+     ]
+  },
+  {
+    "uri": "\/services\/getAAFRequest$",
+    "permissions": [
+      "test.auth.access|services|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/admin\/getAAFRequest$",
+    "permissions": [
+      "test.auth.access|admin|GET,PUT,POST"
+     ]
+  },
+  {
+    "uri": "\/service\/aai\/webapp\/index.html$",
+    "permissions": [
+      "test.auth.access|services|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/services\/aai\/webapp\/index.html$",
+    "permissions": [
+      "test.auth.access|services|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/$",
+    "permissions": [
+    	"\\|services\\|GET",
+      "test\\.auth\\.access\\|services\\|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
+    "permissions": [
+      "test\\.auth\\.access\\|rest\\|read"
+     ]
+  },
+  {
+    "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
+    "permissions": [
+      "test.auth.access|clouds|read",
+      "test.auth.access|tenants|read"
+    ]
+  },
+  {
+    "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
+    "permissions": [
+      "test.auth.access|clouds|read",
+      "test.auth.access|tenants|read",
+      "test.auth.access|vservers|read"
+    ]
+  },
+  {
+    "uri": "\/backend$",
+    "permissions": [
+      "test\\.auth\\.access\\|services\\|GET,PUT",
+      "\\|services\\|GET"
+     ]
+  },
+  {
+    "uri": "\/aai\/.*",
+    "permissions": [
+      "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+     ]
+  },
+  {
+    "uri": "\/aai\/util\/echo",
+    "permissions": [
+      "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+     ]
+  }
+]
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/cadi.properties b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/cadi.properties
new file mode 100644
index 0000000..c2b628d
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/cadi.properties
@@ -0,0 +1,39 @@
+# This is a normal Java Properties File
+# Comments are with Pound Signs at beginning of lines,
+# and multi-line expression of properties can be obtained by backslash at end of line
+
+#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
+#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name 
+#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
+#to your hosts file on your machine.
+#hostname=test.aic.cip.att.com
+
+cadi_loglevel=DEBUG
+
+# OAuth2
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect
+
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
+
+# Locate URL (which AAF Env)
+aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
+
+# AAF URL
+aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0
+
+cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
+cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
+cadi_alias=aai@aai.onap.org
+cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
+cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+aaf_env=DEV
+
+aaf_id=demo@people.osaaf.org
+aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
+
+# This is a colon separated list of client cert issuers
+cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/forward-proxy.properties
new file mode 100644
index 0000000..1b58d42
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/forward-proxy.properties
@@ -0,0 +1,4 @@
+forward-proxy.protocol = https
+forward-proxy.host = localhost
+forward-proxy.port = 10680
+forward-proxy.cacheurl = /credential-cache
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/logback-spring.xml
new file mode 100644
index 0000000..57bc4e2
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+ 
+    <property name="LOGS" value="./logs/reverse-proxy" />
+    <property name="FILEPREFIX" value="application" />
+ 
+    <appender name="Console"
+        class="ch.qos.logback.core.ConsoleAppender">
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>
+                %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+            </Pattern>
+        </layout>
+    </appender>
+ 
+    <appender name="RollingFile"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${LOGS}/${FILEPREFIX}.log</file>
+        <encoder
+            class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+            <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+        </encoder>
+ 
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- rollover daily and when the file reaches 10 MegaBytes -->
+            <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+            </fileNamePattern>
+            <timeBasedFileNamingAndTriggeringPolicy
+                class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+                <maxFileSize>10MB</maxFileSize>
+            </timeBasedFileNamingAndTriggeringPolicy>
+        </rollingPolicy>
+    </appender>
+     
+    <!-- LOG everything at INFO level -->
+    <root level="debug">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </root>
+ 
+    <!-- LOG "com.baeldung*" at TRACE level  -->
+    <logger name="org.onap.aaf.rproxy" level="trace" additivity="false">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </logger>
+ 
+</configuration>
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/primary-service.properties b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/primary-service.properties
new file mode 100644
index 0000000..2c89d28
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/primary-service.properties
@@ -0,0 +1,3 @@
+primary-service.protocol = https
+primary-service.host = localhost
+primary-service.port = 8447
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/readme.txt b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/readme.txt
new file mode 100644
index 0000000..79cf29e
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/reverse-proxy.properties
new file mode 100644
index 0000000..8d46e1f
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/reverse-proxy.properties
@@ -0,0 +1 @@
+transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/security/keyfile b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/security/keyfile
new file mode 100644
index 0000000..3416d4a
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/security/keyfile
@@ -0,0 +1,27 @@
+2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf
+jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm
+4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe
+moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf
+GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT
+74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh
+iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb
+p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt
+3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW
+hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7
+RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX
+xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk
+8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q
+ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i
+5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe
+GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE
+_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k
+zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf
+S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU
+LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw
+hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W
+nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP
+bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN
+JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk
+Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y
+J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP
+mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-resources/templates/configmap.yaml b/kubernetes/aai/charts/aai-resources/templates/configmap.yaml
index 001f5ea..4fd939d 100644
--- a/kubernetes/aai/charts/aai-resources/templates/configmap.yaml
+++ b/kubernetes/aai/charts/aai-resources/templates/configmap.yaml
@@ -136,3 +136,88 @@
 {{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
 {{ tpl (.Files.Glob "resources/config/aaf/truststoreONAPall.jks").AsSecrets . | indent 2 }}
 {{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-aai-policy-configmap
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/auth/aai_policy.json").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-fproxy-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-fproxy-log-config
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-fproxy-auth-config
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-log-config
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-auth-config
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-rproxy-security-config
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
+{{ end }}
diff --git a/kubernetes/aai/charts/aai-resources/templates/deployment.yaml b/kubernetes/aai/charts/aai-resources/templates/deployment.yaml
index 4377631..d93ab5a 100644
--- a/kubernetes/aai/charts/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-resources/templates/deployment.yaml
@@ -545,6 +545,12 @@
     spec:
       hostname: aai-resources
     {{ if .Values.global.initContainers.enabled }}
+      {{ if .Values.global.installSidecarSecurity }}
+      hostAliases:
+      - ip: {{ .Values.global.aaf.serverIp }}
+        hostnames:
+        - {{ .Values.global.aaf.serverHostname }}
+      {{ end }}
       initContainers:
       - command:
       {{  if .Values.global.jobs.createSchema.enabled  }}
@@ -567,6 +573,13 @@
         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+      {{ if .Values.global.installSidecarSecurity }}
+      - name: {{ .Values.global.tproxyConfig.name }}
+        image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        securityContext:
+          privileged: true
+      {{ end }}
     {{ end }}
       containers:
       - name: {{ include "common.name" . }}
@@ -601,6 +614,11 @@
         - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
           name: {{ include "common.fullname" . }}-realm-conf
           subPath: realm.properties
+        {{ if .Values.global.installSidecarSecurity }}
+        - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
+          name: {{ include "common.fullname" . }}-aai-policy
+          subPath: aai_policy.json
+        {{ end }}
         - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
           name: {{ include "common.fullname" . }}-aaf-certs
           subPath: org.onap.aai.keyfile
@@ -674,6 +692,85 @@
           name: {{ include "common.fullname" . }}-logs
         - mountPath: /usr/share/filebeat/data
           name: {{ include "common.fullname" . }}-filebeat
+    {{ if .Values.global.installSidecarSecurity }}
+      - name: {{ .Values.global.rproxy.name }}
+        image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        env:
+        - name: CONFIG_HOME
+          value: "/opt/app/rproxy/config"
+        - name: KEY_STORE_PASSWORD
+          value: {{ .Values.sidecar.keyStorePassword }}
+        - name: spring_profiles_active
+          value: {{ .Values.global.rproxy.activeSpringProfiles }}
+        volumeMounts:
+        - name: {{ include "common.fullname" . }}-rproxy-config
+          mountPath: /opt/app/rproxy/config/forward-proxy.properties
+          subPath: forward-proxy.properties
+        - name: {{ include "common.fullname" . }}-rproxy-config
+          mountPath: /opt/app/rproxy/config/primary-service.properties
+          subPath: primary-service.properties
+        - name: {{ include "common.fullname" . }}-rproxy-config
+          mountPath: /opt/app/rproxy/config/reverse-proxy.properties
+          subPath: reverse-proxy.properties
+        - name: {{ include "common.fullname" . }}-rproxy-config
+          mountPath: /opt/app/rproxy/config/cadi.properties
+          subPath: cadi.properties
+        - name: {{ include "common.fullname" . }}-rproxy-log-config
+          mountPath: /opt/app/rproxy/config/logback-spring.xml
+          subPath: logback-spring.xml
+        - name: {{ include "common.fullname" . }}-rproxy-auth-config
+          mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
+          subPath: tomcat_keystore
+        - name: {{ include "common.fullname" . }}-rproxy-auth-config
+          mountPath: /opt/app/rproxy/config/auth/client-cert.p12
+          subPath: client-cert.p12
+        - name: {{ include "common.fullname" . }}-rproxy-auth-config
+          mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
+          subPath: uri-authorization.json
+        - name: {{ include "common.fullname" . }}-rproxy-auth-config
+          mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
+          subPath: aaf_truststore.jks
+        - name: {{ include "common.fullname" . }}-rproxy-security-config
+          mountPath: /opt/app/rproxy/config/security/keyfile
+          subPath: keyfile
+        - name: {{ include "common.fullname" . }}-rproxy-auth-config
+          mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
+          subPath: org.onap.aai.p12
+        ports:
+        - containerPort: {{ .Values.global.rproxy.port }}
+
+      - name: {{ .Values.global.fproxy.name }}
+        image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        env:
+        - name: CONFIG_HOME
+          value: "/opt/app/fproxy/config"
+        - name: KEY_STORE_PASSWORD
+          value: {{ .Values.sidecar.keyStorePassword }}
+        - name: TRUST_STORE_PASSWORD
+          value: {{ .Values.sidecar.trustStorePassword }}
+        - name: spring_profiles_active
+          value: {{ .Values.global.fproxy.activeSpringProfiles }}
+        volumeMounts:
+        - name: {{ include "common.fullname" . }}-fproxy-config
+          mountPath: /opt/app/fproxy/config/fproxy.properties
+          subPath: fproxy.properties
+        - name: {{ include "common.fullname" . }}-fproxy-log-config
+          mountPath: /opt/app/fproxy/config/logback-spring.xml
+          subPath: logback-spring.xml
+        - name: {{ include "common.fullname" . }}-fproxy-auth-config
+          mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
+          subPath: fproxy_truststore
+        - name: {{ include "common.fullname" . }}-fproxy-auth-config
+          mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
+          subPath: tomcat_keystore
+        - name: {{ include "common.fullname" . }}-fproxy-auth-config
+          mountPath: /opt/app/fproxy/config/auth/client-cert.p12
+          subPath: client-cert.p12
+        ports:
+        - containerPort: {{ .Values.global.fproxy.port }}
+    {{ end }}
 
       volumes:
       - name: localtime
@@ -721,6 +818,32 @@
            - key: {{ . }}
              path: {{ . }}
           {{ end }}
+    {{ if .Values.global.installSidecarSecurity }}
+      - name: {{ include "common.fullname" . }}-aai-policy
+        configMap:
+         name: {{ include "common.fullname" . }}-aai-policy-configmap
+      - name: {{ include "common.fullname" . }}-rproxy-config
+        configMap:
+         name: {{ include "common.fullname" . }}-rproxy-config
+      - name: {{ include "common.fullname" . }}-rproxy-log-config
+        configMap:
+         name: {{ include "common.fullname" . }}-rproxy-log-config
+      - name: {{ include "common.fullname" . }}-rproxy-auth-config
+        secret:
+         secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+      - name: {{ include "common.fullname" . }}-rproxy-security-config
+        secret:
+         secretName: {{ include "common.fullname" . }}-rproxy-security-config
+      - name: {{ include "common.fullname" . }}-fproxy-config
+        configMap:
+         name: {{ include "common.fullname" . }}-fproxy-config
+      - name: {{ include "common.fullname" . }}-fproxy-log-config
+        configMap:
+         name: {{ include "common.fullname" . }}-fproxy-log-config
+      - name: {{ include "common.fullname" . }}-fproxy-auth-config
+        secret:
+         secretName: {{ include "common.fullname" . }}-fproxy-auth-config
+    {{ end }}
       restartPolicy: {{ .Values.restartPolicy }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/charts/aai-resources/values.yaml b/kubernetes/aai/charts/aai-resources/values.yaml
index d7813ea..e0a1156 100644
--- a/kubernetes/aai/charts/aai-resources/values.yaml
+++ b/kubernetes/aai/charts/aai-resources/values.yaml
@@ -68,6 +68,11 @@
   initialDelaySeconds: 60
   periodSeconds: 10
 
+# application configuration
+sidecar:
+  keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+  keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+  trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
 
 service:
   type: ClusterIP
@@ -102,13 +107,13 @@
       cpu: 2
       memory: 4Gi
     requests:
-      cpu: 2
-      memory: 4Gi
+      cpu: 1
+      memory: 3Gi
   large:
     limits:
       cpu: 4
       memory: 8Gi
     requests:
-      cpu: 4
-      memory: 8Gi
+      cpu: 2
+      memory: 4Gi
   unlimited: {}
diff --git a/kubernetes/aai/charts/aai-search-data/values.yaml b/kubernetes/aai/charts/aai-search-data/values.yaml
index 292e23c..6795fae 100644
--- a/kubernetes/aai/charts/aai-search-data/values.yaml
+++ b/kubernetes/aai/charts/aai-search-data/values.yaml
@@ -67,13 +67,13 @@
       cpu: 2
       memory: 4Gi
     requests:
-      cpu: 1
-      memory: 2Gi
+      cpu: 0.25
+      memory: 750Mi
   large:
     limits:
       cpu: 4
       memory: 8Gi
     requests:
-      cpu: 4
-      memory: 8Gi
+      cpu: 0.5
+      memory: 1Gi
   unlimited: {}
diff --git a/kubernetes/aai/charts/aai-sparky-be/resources/config/application-ssl.properties b/kubernetes/aai/charts/aai-sparky-be/resources/config/application-ssl.properties
index 04a5096..2ea1bf1 100644
--- a/kubernetes/aai/charts/aai-sparky-be/resources/config/application-ssl.properties
+++ b/kubernetes/aai/charts/aai-sparky-be/resources/config/application-ssl.properties
@@ -13,5 +13,8 @@
 # limitations under the License.
 
 server.port=8000
-server.ssl.key-store=file:${CONFIG_HOME}/auth/tomcat_keystore
-server.ssl.key-store-password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+server.ssl.key-store=file:${CONFIG_HOME}/auth/org.onap.aai.p12
+server.ssl.key-store-password=OBF:1x0v1g131lps1cix1rjb1n5p22691qab1hm51hfc1i2t1lmr1liz1hyx1hfq1hn51qcr22651n5t1rh31cgl1lu61g2f1x1r
+server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
+server.ssl.trust-store=file:${CONFIG_HOME}/auth/truststoreONAPall.jks
+server.ssl.trust-store-password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
diff --git a/kubernetes/aai/charts/aai-sparky-be/resources/config/application.properties b/kubernetes/aai/charts/aai-sparky-be/resources/config/application.properties
index aa93c06..da4812c 100644
--- a/kubernetes/aai/charts/aai-sparky-be/resources/config/application.properties
+++ b/kubernetes/aai/charts/aai-sparky-be/resources/config/application.properties
@@ -22,7 +22,7 @@
 # and in the values.yaml change the internalPort to 9517
 #
 
-spring.profiles.active=camel,http,fe-prod,oxm-schema-prod,oxm-default,resources,sync,portal
+spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,sync,portal
 
 searchservice.hostname={{.Values.global.searchData.serviceName}}
 searchservice.port=9509
diff --git a/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/aai-os-cert.p12 b/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/aai-os-cert.p12
deleted file mode 100644
index ee57120..0000000
--- a/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/aai-os-cert.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/org.onap.aai.p12 b/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/org.onap.aai.p12
new file mode 100644
index 0000000..71cea3e
--- /dev/null
+++ b/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/org.onap.aai.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/truststoreONAPall.jks b/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/truststoreONAPall.jks
new file mode 100644
index 0000000..ff844b1
--- /dev/null
+++ b/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/truststoreONAPall.jks
Binary files differ
diff --git a/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml
index d622be6..a596a6b 100644
--- a/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml
@@ -109,7 +109,6 @@
 
         ports:
         - containerPort: {{ .Values.service.internalPort }}
-        - containerPort: {{ .Values.service.internalPort2 }}
         # disable liveness probe when breakpoints set in debugger
         # so K8s doesn't restart unresponsive container
         {{- if eq .Values.liveness.enabled true }}
diff --git a/kubernetes/aai/charts/aai-sparky-be/values.yaml b/kubernetes/aai/charts/aai-sparky-be/values.yaml
index fdcb2ab..c60ce29 100644
--- a/kubernetes/aai/charts/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/charts/aai-sparky-be/values.yaml
@@ -37,7 +37,7 @@
 # application configuration
 config:
   elasticsearchHttpPort: 9200
-  gerritBranch: master
+  gerritBranch: 3.0.0-ONAP
   gerritProject: http://gerrit.onap.org/r/aai/test-config
   portalUsername: aaiui
   portalPassword: 1t2v1vfv1unz1vgz1t3b
@@ -75,9 +75,8 @@
 service:
   type: NodePort
   portName: aai-sparky-be
-  internalPort: 9517
+  internalPort: 8000
   nodePort: 20
-  internalPort2: 8000
 
 ingress:
   enabled: false
@@ -90,13 +89,13 @@
       cpu: 2
       memory: 4Gi
     requests:
-      cpu: 2
-      memory: 4Gi
+      cpu: 0.25
+      memory: 1Gi
   large:
     limits:
       cpu: 4
       memory: 8Gi
     requests:
-      cpu: 4
-      memory: 8Gi
+      cpu: 0.5
+      memory: 2Gi
   unlimited: {}
diff --git a/kubernetes/aai/charts/aai-spike/resources/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-spike/resources/config/auth/client-cert.p12
new file mode 100644
index 0000000..d9fe86e
--- /dev/null
+++ b/kubernetes/aai/charts/aai-spike/resources/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-spike/resources/config/schemaIngest.properties b/kubernetes/aai/charts/aai-spike/resources/config/edgeprops-ingest.properties
similarity index 78%
rename from kubernetes/aai/charts/aai-spike/resources/config/schemaIngest.properties
rename to kubernetes/aai/charts/aai-spike/resources/config/edgeprops-ingest.properties
index cc51f17..b0a3150 100644
--- a/kubernetes/aai/charts/aai-spike/resources/config/schemaIngest.properties
+++ b/kubernetes/aai/charts/aai-spike/resources/config/edgeprops-ingest.properties
@@ -19,12 +19,5 @@
 # ============LICENSE_END=========================================================
 #
 
-# Properties for the SchemaLocationsBean
-# The AAI Schema jar will be unpacked to bundleconfig/etc
-schemaConfig=NA
-# Files named aai_oxm_v*.xml are unpacked here:
-nodeDir=/opt/app/spike/bundleconfig/etc/oxm
-# DB Edge Rules are unpacked here:
-edgeDir=/opt/app/spike/bundleconfig/etc/dbedgerules
 # DB Edge Property files are copied here:
-edgePropsDir=/opt/app/spike/config/model/edge_props
\ No newline at end of file
+edgePropsDir=/opt/app/spike/config/model/edge_props
diff --git a/kubernetes/aai/charts/aai-spike/resources/config/model/edge_props/edge_properties_v15.json b/kubernetes/aai/charts/aai-spike/resources/config/model/edge_props/edge_properties_v15.json
new file mode 100644
index 0000000..8d00636
--- /dev/null
+++ b/kubernetes/aai/charts/aai-spike/resources/config/model/edge_props/edge_properties_v15.json
@@ -0,0 +1,6 @@
+{
+        "contains-other-v": "java.lang.String",
+        "delete-other-v": "java.lang.String",
+        "SVC-INFRA": "java.lang.String",
+        "prevent-delete": "java.lang.String"
+}
\ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-spike/resources/config/schema-ingest.properties b/kubernetes/aai/charts/aai-spike/resources/config/schema-ingest.properties
new file mode 100644
index 0000000..1569761
--- /dev/null
+++ b/kubernetes/aai/charts/aai-spike/resources/config/schema-ingest.properties
@@ -0,0 +1,65 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright © 2018 Amdocs
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+
+#######################################
+# Schema Version Related Attributes
+#######################################
+schema.uri.base.path=/aai
+# Lists all of the versions in the schema
+schema.version.list=v10,v11,v12,v13,v14,v15
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start=v10
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start=v10
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start=v11
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start=v11
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start=v12
+# Specifies the version that the application should default to
+schema.version.api.default=v15
+
+#######################################
+# Schema Location Related Attributes
+#######################################
+schema.configuration.location=NA
+schema.nodes.location=/opt/app/spike/bundleconfig/etc/onap/oxm
+schema.edges.location=/opt/app/spike/bundleconfig/etc/onap/dbedgerules
+
+###############################################################################
+# Schema Service Related Attributes
+###############################################################################
+# Specifies whether to use the schema service (schema-service) or local schema files (config)
+schema.translator.list=config
+
+schema.service.base.url=https://<host>:8452/aai/schema-service/v1/
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+
+#Default rest client is the two-way-ssl
+schema.service.client=two-way-ssl
+#Replace the below with the A&AI client key store
+schema.service.ssl.key-store=${CONFIG_HOME}/auth/client-cert.p12
+#Replace the below with the A&AI tomcat trust store
+schema.service.ssl.trust-store=${CONFIG_HOME}/auth/tomcat_keystore
diff --git a/kubernetes/aai/charts/aai-spike/templates/deployment.yaml b/kubernetes/aai/charts/aai-spike/templates/deployment.yaml
index 38c5ac8..a3ff068 100644
--- a/kubernetes/aai/charts/aai-spike/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-spike/templates/deployment.yaml
@@ -92,8 +92,11 @@
           - mountPath: /opt/app/spike/config/spike.properties
             subPath: spike.properties
             name: {{ include "common.fullname" . }}-config
-          - mountPath: /opt/app/spike/config/schemaIngest.properties
-            subPath: schemaIngest.properties
+          - mountPath: /opt/app/spike/config/schema-ingest.properties
+            subPath: schema-ingest.properties
+            name: {{ include "common.fullname" . }}-config
+          - mountPath: /opt/app/spike/config/edgeprops-ingest.properties
+            subPath: edgeprops-ingest.properties
             name: {{ include "common.fullname" . }}-config
           - mountPath: /opt/app/spike/config/model/edge_props
             name: {{ include "common.fullname" . }}-edge-props-config
@@ -141,8 +144,10 @@
               path: spike.properties
             - key: spike-beans.xml
               path: spike-beans.xml
-            - key: schemaIngest.properties
-              path: schemaIngest.properties
+            - key: schema-ingest.properties
+              path: schema-ingest.properties
+            - key: edgeprops-ingest.properties
+              path: edgeprops-ingest.properties
             - key: logback.xml
               path: logback.xml
         - name: {{ include "common.fullname" . }}-edge-props-config
diff --git a/kubernetes/aai/charts/aai-spike/values.yaml b/kubernetes/aai/charts/aai-spike/values.yaml
index 324ec45..0a6850b 100644
--- a/kubernetes/aai/charts/aai-spike/values.yaml
+++ b/kubernetes/aai/charts/aai-spike/values.yaml
@@ -66,15 +66,15 @@
       cpu: 2
       memory: 4Gi
     requests:
-      cpu: 2
-      memory: 4Gi
+      cpu: 0.5
+      memory: 1Gi
   large:
     limits:
       cpu: 4
       memory: 8Gi
     requests:
-      cpu: 4
-      memory: 8Gi
+      cpu: 1
+      memory: 1536Mi
   unlimited: {}
 
 # XML bean configuration
diff --git a/kubernetes/aai/charts/aai-traversal/values.yaml b/kubernetes/aai/charts/aai-traversal/values.yaml
index 58c5ebf..92c60a2 100644
--- a/kubernetes/aai/charts/aai-traversal/values.yaml
+++ b/kubernetes/aai/charts/aai-traversal/values.yaml
@@ -83,13 +83,13 @@
       cpu: 2
       memory: 4Gi
     requests:
-      cpu: 2
-      memory: 4Gi
+      cpu: 1
+      memory: 3Gi
   large:
     limits:
       cpu: 4
       memory: 8Gi
     requests:
-      cpu: 4
-      memory: 8Gi
+      cpu: 2
+      memory: 4Gi
   unlimited: {}
diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
new file mode 100644
index 0000000..1c82050
--- /dev/null
+++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
@@ -0,0 +1,138 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global
+        log /dev/log    local0
+        stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin
+        stats timeout 30s
+        user root
+        group root
+        daemon
+        #################################
+        # Default SSL material locations#
+        #################################
+        ca-base /etc/ssl/certs
+        crt-base /etc/ssl/private
+
+        # Default ciphers to use on SSL-enabled listening sockets.
+        # For more information, see ciphers(1SSL). This list is from:
+        # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+        # An alternative list with additional directives can be obtained from
+        # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
+        tune.ssl.default-dh-param 2048
+
+defaults
+        log     global
+        mode    http
+        option  httplog
+        option  ssl-hello-chk
+        option  httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
+        default-server init-addr none
+#       option  dontlognull
+#       errorfile 400 /etc/haproxy/errors/400.http
+#       errorfile 403 /etc/haproxy/errors/403.http
+#       errorfile 408 /etc/haproxy/errors/408.http
+#       errorfile 500 /etc/haproxy/errors/500.http
+#       errorfile 502 /etc/haproxy/errors/502.http
+#       errorfile 503 /etc/haproxy/errors/503.http
+#       errorfile 504 /etc/haproxy/errors/504.http
+
+        option  http-server-close
+        option forwardfor except 127.0.0.1
+        retries 6
+        option redispatch
+        maxconn 50000
+        timeout connect 50000
+        timeout client  480000
+        timeout server  480000
+        timeout http-keep-alive 30000
+
+
+frontend IST_8443
+        mode http
+        bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem
+#       log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r
+        log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
+        option httplog
+        log global
+        option logasap
+        option forwardfor
+        capture request header  Host len 100
+        capture response header Host len 100
+        option log-separate-errors
+        option forwardfor
+        http-request set-header X-Forwarded-Proto https if { ssl_fc }
+        http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used }
+        http-request set-header X-AAI-SSL                       %[ssl_fc]
+        http-request set-header X-AAI-SSL-Client-Verify         %[ssl_c_verify]
+        http-request set-header X-AAI-SSL-Client-DN             %{+Q}[ssl_c_s_dn]
+        http-request set-header X-AAI-SSL-Client-CN             %{+Q}[ssl_c_s_dn(cn)]
+        http-request set-header X-AAI-SSL-Issuer                %{+Q}[ssl_c_i_dn]
+        http-request set-header X-AAI-SSL-Client-NotBefore      %{+Q}[ssl_c_notbefore]
+        http-request set-header X-AAI-SSL-Client-NotAfter       %{+Q}[ssl_c_notafter]
+        http-request set-header X-AAI-SSL-ClientCert-Base64   %{+Q}[ssl_c_der,base64]
+        http-request set-header X-AAI-SSL-Client-OU             %{+Q}[ssl_c_s_dn(OU)]
+        http-request set-header X-AAI-SSL-Client-L              %{+Q}[ssl_c_s_dn(L)]
+        http-request set-header X-AAI-SSL-Client-ST             %{+Q}[ssl_c_s_dn(ST)]
+        http-request set-header X-AAI-SSL-Client-C              %{+Q}[ssl_c_s_dn(C)]
+        http-request set-header X-AAI-SSL-Client-O              %{+Q}[ssl_c_s_dn(O)]
+        reqadd X-Forwarded-Proto:\ https
+        reqadd X-Forwarded-Port:\ 8443
+
+#######################
+#ACLS FOR PORT 8446####
+#######################
+
+        acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$
+        acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$
+        acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$
+        acl is_named-query path_beg -i /aai/search/named-query
+        acl is_search-model path_beg -i /aai/search/model
+        use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model
+
+        default_backend IST_Default_8447
+
+
+#######################
+#DEFAULT BACKEND 847###
+#######################
+
+backend IST_Default_8447
+        balance roundrobin
+        http-request set-header X-Forwarded-Port %[src_port]
+        http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+        server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
+
+
+#######################
+# BACKEND 8446#########
+#######################
+
+backend IST_AAI_8446
+        balance roundrobin
+        http-request set-header X-Forwarded-Port %[src_port]
+        http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+        server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
+
+listen IST_AAI_STATS
+        mode http
+        bind *:8080
+        stats uri /stats
+        stats enable
+        stats refresh 30s
+        stats hide-version
+        stats auth admin:admin
+        stats show-legends
+        stats show-desc IST AAI APPLICATION NODES
+        stats admin if TRUE
diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml
index 212f9cd..a23ed5f 100644
--- a/kubernetes/aai/templates/configmap.yaml
+++ b/kubernetes/aai/templates/configmap.yaml
@@ -37,7 +37,11 @@
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 data:
+{{ if .Values.global.installSidecarSecurity }}
+{{ tpl (.Files.Glob "resources/config/haproxy/haproxy-pluggable-security.cfg").AsConfig . | indent 2 }}
+{{ else }}
 {{ tpl (.Files.Glob "resources/config/haproxy/haproxy.cfg").AsConfig . | indent 2 }}
+{{ end }}
 ---
 apiVersion: v1
 kind: Secret
diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml
index 3f16e25..1f337e4 100644
--- a/kubernetes/aai/templates/deployment.yaml
+++ b/kubernetes/aai/templates/deployment.yaml
@@ -64,7 +64,11 @@
         - mountPath: /dev/log
           name: aai-service-log
         - mountPath: /usr/local/etc/haproxy/haproxy.cfg
+        {{ if .Values.global.installSidecarSecurity }}
+          subPath: haproxy-pluggable-security.cfg
+        {{ else }}
           subPath: haproxy.cfg
+        {{ end }}
           name: haproxy-cfg
         ports:
         - containerPort: {{ .Values.service.internalPort }}
@@ -86,6 +90,10 @@
             httpHeaders:
             - name: X-FromAppId
               value: OOM_ReadinessCheck
+      {{ if .Values.global.installSidecarSecurity }}
+            - name: Authorization
+              value: Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
+      {{ end }}
             - name: X-TransactionId
               value: {{ uuidv4 }}
             - name: Accept
diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml
index 17f819b..d885616 100644
--- a/kubernetes/appc/values.yaml
+++ b/kubernetes/appc/values.yaml
@@ -61,7 +61,7 @@
   openStackServiceTenantName: default
   openStackDomain: default
   openStackUserName: admin
-  openStackEncryptedPassword: admin
+  openStackEncryptedPassword: enc:LDEbHEAvTF1R
   odlUser: admin
 
 appc-ansible-server:
diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml
index 50da2cc..50ac16f 100644
--- a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml
@@ -74,6 +74,10 @@
         tls_ca_mode : "cert_directory"
         # optional tls_wss_ca_mode specifies the same for the tls based web-socket
         tls_wss_ca_mode : "cert_directory"
+        # optional timeout_in_secs specifies the timeout for the http requests
+        timeout_in_secs: 60
+        # optional ws_ping_interval_in_secs specifies the ping interval for the web-socket connection
+        ws_ping_interval_in_secs: 180
     # deploy_handler config
     #    changed from string "deployment_handler" in 2.3.1 to structure in 2.4.0
     deploy_handler :
@@ -99,4 +103,5 @@
         #
         #       "do_not_verify"  - special hack to turn off the verification by cacert and hostname
         tls_ca_mode : "cert_directory"
-
+        # optional timeout_in_secs specifies the timeout for the http requests
+        timeout_in_secs: 60
diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml
index fcb0c73..26067e0 100644
--- a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml
@@ -85,18 +85,18 @@
 # Use to override default setting in blueprints
 componentImages:
   config_binding_service: onap/org.onap.dcaegen2.platform.configbinding.app-app:2.2.3
-  datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.0.4
-  deployment_handler: onap/org.onap.dcaegen2.platform.deployment-handler:3.0.3
+  datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.1.1
+  deployment_handler: onap/org.onap.dcaegen2.platform.deployment-handler:3.1.0
   holmes_rules: onap/holmes/rule-management:1.2.3
   holmes_engine: onap/holmes/engine-management:1.2.2
   inventory: onap/org.onap.dcaegen2.platform.inventory-api:3.0.4
-  policy_handler: onap/org.onap.dcaegen2.platform.policy-handler:4.4.0
+  policy_handler: onap/org.onap.dcaegen2.platform.policy-handler:4.5.0
   service_change_handler: onap/org.onap.dcaegen2.platform.servicechange-handler:1.1.5
   tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.1.0
   ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.3.1
   snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
-  prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.1.1
-  hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.0.0
+  prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.2.0-SNAPSHOT
+  hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.1.0-SNAPSHOT
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
index 79bd896..62eeb45 100644
--- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
@@ -70,18 +70,10 @@
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
+          - mountPath: /cfy-persist
+            name: cm-persistent
           securityContext:
             privileged: True
-          lifecycle:
-            postStart:
-              exec:
-                command:
-                - bash
-                - "-c"
-                - |
-                  set -ex
-                  mkdir -p /var/run/secrets/kubernetes.io/
-                  ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount
       volumes:
         - name: {{ include "common.fullname" . }}-config
           configMap:
@@ -95,5 +87,8 @@
         - name: localtime
           hostPath:
             path: /etc/localtime
+        - name: cm-persistent
+          persistentVolumeClaim:
+            claimName: {{ include "common.fullname" . }}-data
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/pv.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/pv.yaml
new file mode 100644
index 0000000..bef681a
--- /dev/null
+++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/pv.yaml
@@ -0,0 +1,37 @@
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+    name: {{ include "common.fullname" . }}
+spec:
+  storageClassName: manual
+  capacity:
+    storage: {{ .Values.persistence.size }}
+  accessModes:
+    - {{ .Values.persistence.accessMode }}
+  hostPath:
+    path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/pvc.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/pvc.yaml
new file mode 100644
index 0000000..6740082
--- /dev/null
+++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/pvc.yaml
@@ -0,0 +1,33 @@
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ include "common.fullname" . }}-data
+  labels:
+    name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+spec:
+  storageClassName: manual
+  accessModes:
+    - {{ .Values.persistence.accessMode }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}
+  selector:
+    matchLabels:
+      name: {{ include "common.fullname" . }}
\ No newline at end of file
diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml
index 08e01d6..ecaee65 100644
--- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml
@@ -43,7 +43,7 @@
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.cm-container:1.4.2
+image: onap/org.onap.dcaegen2.deployments.cm-container:1.5.0
 pullPolicy: Always
 
 # probe configuration parameters
@@ -87,3 +87,11 @@
 # Kubernetes namespace for components deployed via Cloudify manager
 # If empty, use the common namespace
 # dcae_ns: "dcae"
+
+# Parameters for persistent storage
+persistence:
+  enabled: true
+  accessMode: ReadWriteOnce
+  size: 4Gi
+  mountPath: /dockerdata-nfs
+  mountSubPath: dcae-cm/data
diff --git a/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml
index 6fc62af..3c9936b 100644
--- a/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml
@@ -45,7 +45,7 @@
   periodSeconds: 10
 # application image
 repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.1.2
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.2.1
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/poddisruptionbudget.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/poddisruptionbudget.yaml
new file mode 100644
index 0000000..0bc64e7
--- /dev/null
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/poddisruptionbudget.yaml
@@ -0,0 +1,28 @@
+# Copyright © 2018  AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "common.fullname" . }}-pdb
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.fullname" . }}
+  maxUnavailable: 1
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pv.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pv.yaml
index bf372b3..44c9576 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pv.yaml
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pv.yaml
@@ -1,6 +1,4 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,26 +11,29 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-*/}}
 
+{{- $root := . -}}
 {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolume
+{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }}
+---
 apiVersion: v1
+kind: PersistentVolume
 metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
+  name: {{ $root.Release.Name }}-{{ $root.Values.service.name }}-{{ $i }}
+  namespace: {{ $root.Release.Namespace }}
   labels:
-    app: {{ include "common.name" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-    name: {{ include "common.fullname" . }}
+    app: {{ $root.Values.service.name }}
+    chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }}
+    release: {{ $root.Release.Name }}
+    heritage: {{ $root.Release.Service }}
 spec:
   capacity:
-    storage: {{ .Values.persistence.size }}
+    storage: {{ $root.Values.persistence.size }}
   accessModes:
-    - {{ .Values.persistence.accessMode }}
-  persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+    - {{ $root.Values.persistence.accessMode }}
   hostPath:
-    path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
+    path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{ $i }}
+  persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }}
+{{ end }}
+{{ end }}
+
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/service.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/service.yaml
index a88cbc4..88de96b 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/service.yaml
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/service.yaml
@@ -24,10 +24,13 @@
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
+  type: {{ .Values.service.type }}
   ports:
     - port: {{ .Values.service.externalPort }}
       targetPort: {{ .Values.service.internalPort }}
       name: {{ .Values.service.portName }}
+  clusterIP: None
   selector:
     app: {{ include "common.name" . }}
     release: {{ .Release.Name }}
+
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/deployment.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/statefulset.yaml
similarity index 62%
rename from kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/deployment.yaml
rename to kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/statefulset.yaml
index 52a3edd..163bbc2 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/deployment.yaml
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/statefulset.yaml
@@ -13,8 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-apiVersion: extensions/v1beta1
-kind: Deployment
+apiVersion: apps/v1beta1
+kind: StatefulSet
 metadata:
   name: {{ include "common.fullname" . }}
   namespace: {{ include "common.namespace" . }}
@@ -24,32 +24,30 @@
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
+  serviceName: {{ .Values.service.name }}
   replicas: {{ .Values.replicaCount }}
+  podManagementPolicy: Parallel
   template:
     metadata:
       labels:
         app:  {{ include "common.name" . }}
         release: {{ .Release.Name }}
     spec:
+      podAntiAffinity:
+         preferredDuringSchedulingIgnoredDuringExecution:
+         - weight: 1
+           podAffinityTerm:
+             labelSelector:
+                matchExpressions:
+                  - key: "app"
+                    operator: In
+                    values:
+                    - {{ include "common.name" . }}
+             topologyKey: "kubernetes.io/hostname"
       initContainers:
-      - name: {{ include "common.name" . }}-seed-kafka-topics
-        command:
-        - /bin/bash
-        - -c
-        - >
-          if [ -d /tmp/topics/ECOMP-PORTAL-INBOX-0 ]; then
-          echo "nothing to do";
-          else
-          git clone -b {{ .Values.config.gerritBranch }} --single-branch {{ .Values.config.gerritProject }} /tmp/gerrit;
-          echo "Clone complete. Copying from /tmp/gerrit/oom-projects/data-kafka/kafka-logs/* to /tmp/topics";
-          cp -var /tmp/gerrit/oom-topics/data-kafka/kafka-logs/* /tmp/topics;
-          echo "Done.";
-          fi
+      - name: {{ include "common.name" . }}-initcontainer
         image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts:
-        - mountPath: /tmp/topics
-          name: kafka-data
       - command:
         - /root/ready.py
         args:
@@ -72,7 +70,7 @@
 {{ include "common.resources" . | indent 12 }}
         ports:
         - containerPort: {{ .Values.service.internalPort }}
-        {{ if eq .Values.liveness.enabled true }}
+       {{ if eq .Values.liveness.enabled true }}
         livenessProbe:
           tcpSocket:
             port: {{ .Values.service.internalPort }}
@@ -85,18 +83,36 @@
           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
           periodSeconds: {{ .Values.readiness.periodSeconds }}
         env:
+        - name: HOST_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.name
+        - name: HOST_NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
         - name: KAFKA_ZOOKEEPER_CONNECT
           value: "{{.Values.zookeeper.name}}:{{.Values.zookeeper.port}}"
         - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
           value: "INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT"
         - name: KAFKA_ADVERTISED_LISTENERS
-          value: "INTERNAL_PLAINTEXT://{{ include "common.servicename" .  }}:{{.Values.service.internalPort}}"
+          value: "INTERNAL_PLAINTEXT://$(HOST_NAME).{{ .Values.service.name }}.$(HOST_NAMESPACE).svc.cluster.local:{{ .Values.service.internalPort}}"
         - name: KAFKA_LISTENERS
           value: "INTERNAL_PLAINTEXT://0.0.0.0:{{.Values.service.internalPort}}"
         - name: KAFKA_INTER_BROKER_LISTENER_NAME
           value: "INTERNAL_PLAINTEXT"
         - name: KAFKA_LOG_DIRS
-          value: "/kafka/logs"
+          value: "kafka/logs"
+        - name: BROKER_ID_COMMAND
+          value: "hostname | awk -F '-' '{print $NF}'"
+        - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR
+          value: "{{ .Values.replicaCount }}"
+        - name: KAFKA_DEFAULT_REPLICATION_FACTOR
+          value: "{{ .Values.replicaCount }}"
+        - name: KAFKA_NUM_PARTITIONS
+          value: "{{ .Values.defaultpartitions }}"
         volumeMounts:
         - mountPath: /etc/localtime
           name: localtime
@@ -112,8 +128,30 @@
       - name: docker-socket
         hostPath:
           path: /var/run/docker.sock
+{{ if not .Values.persistence.enabled }}
       - name: kafka-data
-        persistentVolumeClaim:
-          claimName: {{ include "common.fullname" . }}
+        emptyDir: {}
+{{ else }}
+  volumeClaimTemplates:
+    - metadata:
+        name: kafka-data
+        labels:
+          app: {{ include "common.fullname" . }}
+          chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+          release: "{{ .Release.Name }}"
+          heritage: "{{ .Release.Service }}"
+      spec:
+        accessModes:
+          - {{ .Values.persistence.accessMode | quote }}
+        resources:
+          requests:
+            storage: {{ .Values.persistence.size | quote }}
+        selector:
+          matchLabels:
+            release: "{{ .Release.Name }}"
+            app: {{ .Values.service.name }}
+            chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+            heritage: "{{ .Release.Service }}"
+{{ end }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml
index 7f26ce2..6569729 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml
@@ -41,16 +41,12 @@
 # flag to enable debugging - application support required
 debugEnabled: false
 
-# application configuration
-config:
-  # gerrit branch where the latest code is checked in
-  gerritBranch: master
-  # gerrit project where the latest code is checked in
-  gerritProject: http://gerrit.onap.org/r/dmaap/messagerouter/messageservice.git
-
-
 # default number of instances
-replicaCount: 1
+replicaCount: 3
+
+# defult partitions
+defaultpartitions: 3
+
 
 nodeSelector: {}
 
@@ -92,7 +88,7 @@
   mountSubPath: message-router/data-kafka
 
 service:
-  type: NodePort
+  type: ClusterIP
   name: message-router-kafka
   portName: message-router-kafka
   internalPort: 9092
@@ -120,3 +116,4 @@
       cpu: 1000m
       memory: 2Gi
   unlimited: {}
+
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/deployment.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/deployment.yaml
deleted file mode 100644
index 6c1f762..0000000
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/deployment.yaml
+++ /dev/null
@@ -1,87 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ .Release.Name }}
-    spec:
-      initContainers:
-      - name: {{ include "common.name" . }}-seed-zookeeper-topics
-        command:
-        - /bin/bash
-        - -c
-        - >
-          if [ -d /tmp/topics/version-2 ]; then
-          echo "nothing to do";
-          else
-          git clone -b {{ .Values.config.gerritBranch }} --single-branch {{ .Values.config.gerritProject }} /tmp/gerrit;
-          echo "Clone complete. Copying from /tmp/gerrit/oom-projects/data-zookeeper/* to /tmp/topics";
-          cp -var /tmp/gerrit/oom-topics/data-zookeeper/* /tmp/topics;
-          echo "Done.";
-          fi
-        image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts:
-        - mountPath: /tmp/topics
-          name: zookeeper-data
-      containers:
-      - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-        imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        resources:
-{{ include "common.resources" . | indent 12 }}
-        ports:
-        - containerPort: {{ .Values.service.internalPort }}
-        {{ if eq .Values.liveness.enabled true }}
-        livenessProbe:
-          tcpSocket:
-            port: {{ .Values.service.internalPort }}
-          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
-          periodSeconds: {{ .Values.liveness.periodSeconds }}
-        {{ end }}
-        readinessProbe:
-          tcpSocket:
-            port: {{ .Values.service.internalPort }}
-          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
-          periodSeconds: {{ .Values.readiness.periodSeconds }}
-        volumeMounts:
-        - mountPath: /etc/localtime
-          name: localtime
-          readOnly: true
-        - mountPath: /opt/zookeeper-3.4.9/data
-          name: zookeeper-data
-      volumes:
-      - name: localtime
-        hostPath:
-          path: /etc/localtime
-      - name: zookeeper-data
-        persistentVolumeClaim:
-          claimName: {{ include "common.fullname" .  }}
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/poddisruptionbudget.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/poddisruptionbudget.yaml
new file mode 100644
index 0000000..0bc64e7
--- /dev/null
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/poddisruptionbudget.yaml
@@ -0,0 +1,28 @@
+# Copyright © 2018  AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "common.fullname" . }}-pdb
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.fullname" . }}
+  maxUnavailable: 1
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pv.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pv.yaml
index bf372b3..44c9576 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pv.yaml
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pv.yaml
@@ -1,6 +1,4 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,26 +11,29 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-*/}}
 
+{{- $root := . -}}
 {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolume
+{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }}
+---
 apiVersion: v1
+kind: PersistentVolume
 metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
+  name: {{ $root.Release.Name }}-{{ $root.Values.service.name }}-{{ $i }}
+  namespace: {{ $root.Release.Namespace }}
   labels:
-    app: {{ include "common.name" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-    name: {{ include "common.fullname" . }}
+    app: {{ $root.Values.service.name }}
+    chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }}
+    release: {{ $root.Release.Name }}
+    heritage: {{ $root.Release.Service }}
 spec:
   capacity:
-    storage: {{ .Values.persistence.size }}
+    storage: {{ $root.Values.persistence.size }}
   accessModes:
-    - {{ .Values.persistence.accessMode }}
-  persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+    - {{ $root.Values.persistence.accessMode }}
   hostPath:
-    path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
+    path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{ $i }}
+  persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }}
+{{ end }}
+{{ end }}
+
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pvc.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pvc.yaml
deleted file mode 100644
index 1deed4e..0000000
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pvc.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
-  annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
-  selector:
-    matchLabels:
-      name: {{ include "common.fullname" . }}
-  accessModes:
-    - {{ .Values.persistence.accessMode }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.size }}
-{{- if .Values.persistence.storageClass }}
-{{- if (eq "-" .Values.persistence.storageClass) }}
-  storageClassName: ""
-{{- else }}
-  storageClassName: "{{ .Values.persistence.storageClass }}"
-{{- end }}
-{{- end }}
-{{- end -}}
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/service.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/service.yaml
index 06bf063..da494b0 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/service.yaml
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/service.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
 # Modifications Copyright © 2018 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -24,10 +24,15 @@
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
+  type: {{ .Values.service.type }}
   ports:
-    - port: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.name }}
+   - port: {{ .Values.service.clientPort }}
+     name: {{ .Values.service.clientPortName }}
+   - port: {{ .Values.service.serverPort }}
+     name: {{ .Values.service.serverPortName }}
+   - port: {{ .Values.service.leaderElectionPort }}
+     name: {{ .Values.service.leaderElectionPortName }}
+  clusterIP: None
   selector:
     app: {{ include "common.name" . }}
-    release: {{ .Release.Name }}
-  clusterIP: None
+    release: {{ .Release.Name }}
\ No newline at end of file
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
new file mode 100644
index 0000000..14f2794
--- /dev/null
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
@@ -0,0 +1,146 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1beta1
+kind: StatefulSet
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  serviceName: {{ .Values.service.name }}
+  replicas: {{ .Values.replicaCount }}
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: {{ .Values.maxUnavailable }}
+  podManagementPolicy: Parallel
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      podAntiAffinity:
+         preferredDuringSchedulingIgnoredDuringExecution:
+         - weight: 1
+           podAffinityTerm:
+             labelSelector:
+                matchExpressions:
+                  - key: "app"
+                    operator: In
+                    values:
+                    - {{ include "common.name" . }}
+             topologyKey: "kubernetes.io/hostname"
+      initContainers:
+      - name: {{ include "common.name" . }}-seed-topics-apikeys
+        command:
+        - /bin/bash
+        - -c
+        - >
+          if [ -d /tmp/topics/version-2 ]; then
+          echo "nothing to do";
+          else
+          git clone -b {{ .Values.config.gerritBranch }} --single-branch {{ .Values.config.gerritProject }} /tmp/gerrit;
+          echo "Clone complete. Copying from /tmp/gerrit/oom-projects/data-zookeeper/* to /tmp/topics";
+          cp -var /tmp/gerrit/oom-topics/data-zookeeper/* /tmp/topics;
+          echo "Done.";
+          fi
+        image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - mountPath: /tmp/topics
+          name: zookeeper-data
+      containers:
+      - name: {{ include "common.name" . }}
+        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+        imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        resources:
+{{ include "common.resources" . | indent 12 }}
+        ports:
+        - containerPort: {{ .Values.service.clientPort }}
+          name: {{ .Values.service.clientPortName }}
+        - containerPort: {{ .Values.service.serverPort }}
+          name: {{ .Values.service.serverPortName }}
+        - containerPort: {{ .Values.service.leaderElectionPort }}
+          name: {{ .Values.service.leaderElectionPortName }}
+        {{ if eq .Values.liveness.enabled true }}
+        livenessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - "zookeeper-ready.sh 2181"
+          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.liveness.periodSeconds }}
+        {{ end }}
+        readinessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - "zookeeper-ready.sh 2181"
+          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.readiness.periodSeconds }}
+        env:
+        - name: ZK_REPLICAS
+          value: "{{ .Values.replicaCount }}"
+        - name: ZK_INIT_LIMIT
+          value: "{{ .Values.zk.initLimit }}"
+        - name: ZK_SYNC_LIMIT
+          value: "{{ .Values.zk.syncLimit }}"
+        volumeMounts:
+        - mountPath: /etc/localtime
+          name: localtime
+          readOnly: true
+        - mountPath: /var/lib/zookeeper/data
+          name: zookeeper-data
+      volumes:
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+{{ if not .Values.persistence.enabled }}
+      - name: zookeeper-data
+        emptyDir: {}
+{{ else }}
+  volumeClaimTemplates:
+    - metadata:
+        name:  zookeeper-data
+        labels:
+          app:  {{ include "common.fullname" . }}
+          chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+          release: "{{ .Release.Name }}"
+          heritage: "{{ .Release.Service }}"
+      spec:
+        accessModes:
+          - {{ .Values.persistence.accessMode | quote }}
+        resources:
+          requests:
+            storage: {{ .Values.persistence.size | quote }}
+        selector:
+          matchLabels:
+            release: "{{ .Release.Name }}"
+            app: {{ .Values.service.name }}
+            chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+            heritage: "{{ .Release.Service }}"
+{{ end }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
+
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml
index 6e61206..7b9e9eb 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml
@@ -29,8 +29,8 @@
 # Application configuration defaults.
 #################################################################
 # application image
-repository: docker.io
-image: wurstmeister/zookeeper:latest
+repository: nexus3.onap.org:10001
+image: onap/dmaap/zookeeper:1.0.0
 pullPolicy: Always
 ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
 
@@ -45,7 +45,7 @@
   gerritProject: http://gerrit.onap.org/r/dmaap/messagerouter/messageservice.git
 
 # default number of instances
-replicaCount: 1
+replicaCount: 3
 
 nodeSelector: {}
 
@@ -63,6 +63,11 @@
   initialDelaySeconds: 10
   periodSeconds: 10
 
+#Zookeeper properties
+zk:
+ initLimit: 5
+ syncLimit: 2
+
 ## Persist data to a persitent volume
 persistence:
   enabled: true
@@ -84,13 +89,21 @@
   accessMode: ReadWriteMany
   size: 2Gi
   mountPath: /dockerdata-nfs
-  mountSubPath: message-router/data-zookeeper/
+  mountSubPath: message-router/data-zookeeper
 
+
+rollingUpdate:
+  maxUnavailable: 1
 service:
-  type: NodePort
+  type: ClusterIP
   name: message-router-zookeeper
   portName: message-router-zookeeper
-  internalPort: 2181
+  clientPortName: client
+  clientPort: 2181
+  serverPortName: server
+  serverPort: 2888
+  leaderElectionPortName: leader-election
+  leaderElectionPort: 3888
 
 ingress:
   enabled: false
diff --git a/kubernetes/dmaap/charts/message-router/resources/config/dmaap/MsgRtrApi.properties b/kubernetes/dmaap/charts/message-router/resources/config/dmaap/MsgRtrApi.properties
index 99eaeb2..d40d2a1 100755
--- a/kubernetes/dmaap/charts/message-router/resources/config/dmaap/MsgRtrApi.properties
+++ b/kubernetes/dmaap/charts/message-router/resources/config/dmaap/MsgRtrApi.properties
@@ -1,5 +1,4 @@
-###############################################################################
-#  ============LICENSE_START=======================================================
+# LICENSE_START=======================================================
 #  org.onap.dmaap
 #  ================================================================================
 #  Copyright © 2017 AT&T Intellectual Property. All rights reserved.
@@ -122,7 +121,7 @@
 ## hostname is determined via InetAddress.getLocalHost ().getCanonicalHostName(),
 ## which is not always adequate.) You can set this value explicitly here.
 ##
-cambria.api.node.identifier=message-router
+#cambria.api.node.identifier=<use-something-unique-to-this-instance>
 
 #cambria.rateLimit.maxEmptyPollsPerMinute=30
 #cambria.rateLimitActual.delay.ms=10
@@ -138,7 +137,9 @@
 #metrics.send.cambria.sendEverySeconds=60
 
 cambria.consumer.cache.zkBasePath=/fe3c/cambria/consumerCache
-
+consumer.timeout=17
+default.partitions=3
+default.replicas=3
 ##############################################################################
 #100mb
 maxcontentlength=10000
@@ -165,4 +166,5 @@
 kafka.max.poll.interval.ms=300000
 kafka.heartbeat.interval.ms=60000
 kafka.session.timeout.ms=240000
-kafka.max.poll.records=1000
\ No newline at end of file
+kafka.max.poll.records=1000
+
diff --git a/kubernetes/dmaap/charts/message-router/templates/deployment.yaml b/kubernetes/dmaap/charts/message-router/templates/statefulset.yaml
similarity index 98%
rename from kubernetes/dmaap/charts/message-router/templates/deployment.yaml
rename to kubernetes/dmaap/charts/message-router/templates/statefulset.yaml
index 4e12ded..bdd134a 100644
--- a/kubernetes/dmaap/charts/message-router/templates/deployment.yaml
+++ b/kubernetes/dmaap/charts/message-router/templates/statefulset.yaml
@@ -12,8 +12,8 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
+apiVersion: apps/v1beta1
+kind: StatefulSet
 metadata:
   name: {{ include "common.fullname" . }}
   namespace: {{ include "common.namespace" . }}
diff --git a/kubernetes/dmaap/charts/message-router/values.yaml b/kubernetes/dmaap/charts/message-router/values.yaml
index bd1c660..5d01e55 100644
--- a/kubernetes/dmaap/charts/message-router/values.yaml
+++ b/kubernetes/dmaap/charts/message-router/values.yaml
@@ -28,7 +28,7 @@
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/dmaap/dmaap-mr:1.1.8
+image: onap/dmaap/dmaap-mr:1.1.9
 pullPolicy: Always
 
 kafka:
@@ -53,14 +53,14 @@
 
 # probe configuration parameters
 liveness:
-  initialDelaySeconds: 120
+  initialDelaySeconds: 70
   periodSeconds: 10
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: true
 
 readiness:
-  initialDelaySeconds: 120
+  initialDelaySeconds: 70
   periodSeconds: 10
 
 service:
diff --git a/kubernetes/log/charts/log-logstash/values.yaml b/kubernetes/log/charts/log-logstash/values.yaml
index 955a02a..246b812 100644
--- a/kubernetes/log/charts/log-logstash/values.yaml
+++ b/kubernetes/log/charts/log-logstash/values.yaml
@@ -41,7 +41,7 @@
 
 # default number of instances
 # 30+ logs/sec will saturate a single node to 6+ vCores
-replicaCount: 5
+replicaCount: 3
 
 nodeSelector: {}
 
@@ -93,4 +93,4 @@
     requests:
       cpu: 2
       memory: 4Gi
-  unlimited: {}
\ No newline at end of file
+  unlimited: {}
diff --git a/kubernetes/multicloud/charts/multicloud-ocata/values.yaml b/kubernetes/multicloud/charts/multicloud-ocata/values.yaml
index c266bdb..8cc6b3b 100644
--- a/kubernetes/multicloud/charts/multicloud-ocata/values.yaml
+++ b/kubernetes/multicloud/charts/multicloud-ocata/values.yaml
@@ -24,7 +24,7 @@
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-ocata:1.2.1
+image: onap/multicloud/openstack-ocata:1.2.2
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/multicloud/charts/multicloud-pike/values.yaml b/kubernetes/multicloud/charts/multicloud-pike/values.yaml
index 962a3ca..eedef28 100644
--- a/kubernetes/multicloud/charts/multicloud-pike/values.yaml
+++ b/kubernetes/multicloud/charts/multicloud-pike/values.yaml
@@ -23,7 +23,7 @@
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-pike:1.2.1
+image: onap/multicloud/openstack-pike:1.2.2
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/Chart.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/Chart.yaml
new file mode 100644
index 0000000..fb82c2c
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Multicloud Prometheus
+name: multicloud-prometheus
+version: 3.0.0
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/Chart.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/Chart.yaml
new file mode 100644
index 0000000..846ea6f
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Multicloud Prometheus Alert Manager
+name: prometheus-alertmanager
+version: 3.0.0
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/resources/config/alertmanager.yml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/resources/config/alertmanager.yml
new file mode 100644
index 0000000..3dd1acb
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/resources/config/alertmanager.yml
@@ -0,0 +1,14 @@
+global: {}
+      # slack_api_url: ''
+
+receivers:
+  - name: default-receiver
+    # slack_configs:
+    #  - channel: '@you'
+    #    send_resolved: true
+
+route:
+  group_wait: 10s
+  group_interval: 5m
+  receiver: default-receiver
+  repeat_interval: 3h
\ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/configmap.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/configmap.yaml
new file mode 100644
index 0000000..af102b1
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/configmap.yaml
@@ -0,0 +1,32 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.alertmanager.enabled -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{- end -}}
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/deployment.yaml
new file mode 100644
index 0000000..b105b12
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/deployment.yaml
@@ -0,0 +1,100 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.alertmanager.enabled -}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ .Release.Name }}
+      name: {{ include "common.name" . }}
+    spec:
+      containers:
+      - name: {{ include "common.name" . }}-configmap-reload
+        image: "{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        args:
+          - --volume-dir=/etc/config
+          - --webhook-url=http://localhost:9093/-/reload
+        volumeMounts:
+          - name: {{ include "common.fullname" . }}-config
+            mountPath: /etc/config
+            readOnly: true
+
+      - name: {{ include "common.name" . }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        args:
+          - --config.file=/etc/config/alertmanager.yml
+          - --storage.path={{ .Values.persistence.containerMountPath }}
+        resources:
+{{ toYaml .Values.resources | indent 10 }}
+        ports:
+        - containerPort: {{ .Values.service.internalPort }}
+        {{- if .Values.readiness.enabled }}
+        readinessProbe:
+          httpGet:
+            path: /#/status
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.readiness.periodSeconds }}
+          timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+        {{ end -}}
+        volumeMounts:
+          - name: {{ include "common.fullname" . }}-config
+            mountPath: /etc/config
+          - name: {{ include "common.fullname" . }}-storage
+            mountPath: {{ .Values.persistence.containerMountPath }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+      volumes:
+        - name: {{ include "common.fullname" . }}-config
+          configMap:
+            name: {{ include "common.fullname" . }}
+        - name: {{ include "common.fullname" . }}-storage
+        {{- if .Values.persistence.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ include "common.fullname" . }}
+        {{- else }}
+          emptyDir: {}
+        {{- end }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      restartPolicy: Always
+
+{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pv.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pv.yaml
new file mode 100644
index 0000000..62203fb
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pv.yaml
@@ -0,0 +1,41 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.alertmanager.enabled -}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+    name: {{ include "common.fullname" . }}
+spec:
+  capacity:
+    storage: {{ .Values.persistence.size}}
+  accessModes:
+    - {{ .Values.persistence.accessMode }}
+  persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+  hostPath:
+    path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
+
+{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pvc.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pvc.yaml
similarity index 93%
copy from kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pvc.yaml
copy to kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pvc.yaml
index 1deed4e..8ea5fac 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pvc.yaml
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pvc.yaml
@@ -1,6 +1,5 @@
 {{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright 2018 Intel Corporation, Inc
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,6 +14,8 @@
 # limitations under the License.
 */}}
 
+{{- if .Values.global.alertmanager.enabled -}}
+
 {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
 kind: PersistentVolumeClaim
 apiVersion: v1
@@ -47,3 +48,5 @@
 {{- end }}
 {{- end }}
 {{- end -}}
+
+{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/service.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/service.yaml
new file mode 100644
index 0000000..38e628c
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/service.yaml
@@ -0,0 +1,52 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.alertmanager.enabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.service.name }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+  - name: {{ .Values.service.portName }}
+    {{if eq .Values.service.type "NodePort" -}}
+    port: {{ .Values.service.internalPort }}
+    nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }}
+    {{- else -}}
+    port: {{ .Values.service.externalPort }}
+    targetPort: {{ .Values.service.internalPort }}
+    {{- end}}
+    protocol: TCP
+{{- if .Values.service.meshpeer.enabled }}    
+  - name: {{ .Values.service.meshpeer.portName }}
+    port: {{ .Values.service.meshpeer.port }}
+    targetPort: {{ .Values.service.meshpeer.port }}
+    protocol: TCP
+{{- end }}
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ .Release.Name }}
+
+{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml
new file mode 100644
index 0000000..ccd70b3
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml
@@ -0,0 +1,87 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  persistence: {}
+
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+#Alertmanager Configuration
+image:
+  repository: prom/alertmanager
+  tag: v0.15.2
+
+persistence:
+  enabled: true
+  volumeReclaimPolicy: Retain
+  accessMode: ReadWriteOnce
+  size: 2Gi
+  mountPath: /dockerdata-nfs
+  mountSubPath: multicloud/prometheus/alertmanager
+  containerMountPath: /alertmanager/data
+
+#Service configuration for this chart
+service:
+  type: ClusterIP
+  name: multicloud-prometheus-alertmanager
+  portName: prometheus-alertmanager
+  internalPort: 9093
+  externalPort: 9093
+
+  meshpeer:
+    enabled: false
+    portName: multicloud-prometheus-meshpeer
+    port: 6783
+
+# probe configuration parameters
+readiness:
+  initialDelaySeconds: 10
+  periodSeconds: 30
+  timeoutSeconds: 30
+  enabled: true
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+ingress:
+  enabled: false
+
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 10m
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 2
+      memory: 8Gi
+    requests:
+      cpu: 20m
+      memory: 2Gi
+  unlimited: {}
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/Chart.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/Chart.yaml
new file mode 100644
index 0000000..efcd432
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Multicloud Grafana for Prometheus
+name: prometheus-grafana
+version: 3.0.0
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/resources/config/grafana.ini b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/resources/config/grafana.ini
new file mode 100644
index 0000000..9dc0f09
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/resources/config/grafana.ini
@@ -0,0 +1,11 @@
+paths:
+    data: /var/lib/grafana/data
+    logs: /var/log/grafana
+    plugins: /var/lib/grafana/plugins
+    provisioning: /etc/grafana/provisioning
+analytics:
+    check_for_updates: true
+log:
+    mode: console
+grafana_net:
+    url: https://grafana.net
\ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/configmap.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/configmap.yaml
new file mode 100644
index 0000000..f55fc15
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/configmap.yaml
@@ -0,0 +1,96 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.grafana.enabled -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{- if .Values.datasources }}
+  {{- range $key, $value := .Values.datasources }}
+  {{ $key }}: |
+{{ toYaml $value | indent 4 }}
+  {{- end -}}
+{{- end -}}
+
+{{- if .Values.dashboardProviders }}
+  {{- range $key, $value := .Values.dashboardProviders }}
+  {{ $key }}: |
+{{ toYaml $value | indent 4 }}
+  {{- end -}}
+{{- end -}}
+
+{{- if .Values.dashboards  }}
+  download_dashboards.sh: |
+    #!/usr/bin/env sh
+    set -euf
+    {{- if .Values.dashboardProviders }}
+      {{- range $key, $value := .Values.dashboardProviders }}
+        {{- range $value.providers }}
+    mkdir -p {{ .options.path }}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+  {{- range $provider, $dashboards := .Values.dashboards }}
+    {{- range $key, $value := $dashboards }}
+      {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }}
+    curl -sk \
+    --connect-timeout 60 \
+    --max-time 60 \
+    -H "Accept: application/json" \
+    -H "Content-Type: application/json;charset=UTF-8" \
+    {{- if $value.url -}}{{ $value.url }}{{- else -}} https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download{{- end -}}{{ if $value.datasource }}| sed 's|\"datasource\":[^,]*|\"datasource\": \"{{ $value.datasource }}\"|g'{{ end }} \
+    > /var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json
+      {{- end }}
+    {{- end }}
+  {{- end }}
+{{- end }}
+
+{{- if .Values.dashboards }}
+  {{- range $provider, $dashboards := .Values.dashboards }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" $ }}-dashboards-{{ $provider }}
+  namespace: {{ include "common.namespace" $ }}
+  labels:
+    app: {{ include "common.name" $ }}
+    chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }}
+    release: {{ $.Release.Name }}
+    heritage: {{ $.Release.Service }}
+    dashboard-provider: {{ $provider }}    
+data:
+  {{- range $key, $value := $dashboards }}
+    {{- if hasKey $value "json" }}
+  {{ $key }}.json: |
+{{ $value.json | indent 4 }}
+    {{- end }}
+  {{- end }}
+  {{- end }}
+
+{{- end }}
+{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/deployment.yaml
new file mode 100644
index 0000000..6c47798
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/deployment.yaml
@@ -0,0 +1,139 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.grafana.enabled -}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ .Release.Name }}
+      name: {{ include "common.name" . }}
+    spec:
+      {{- if .Values.dashboards }}
+      initContainers:
+      - name: {{ include "common.name" . }}-download-dashboards
+        image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command: ["sh", "/etc/grafana/download_dashboards.sh"]
+        volumeMounts:
+          - name: {{ include "common.fullname" . }}-config
+            mountPath: "/etc/grafana/download_dashboards.sh"
+            subPath: download_dashboards.sh
+          - name: {{ include "common.fullname" . }}-storage
+            mountPath: {{ .Values.persistence.containerMountPath }}
+      {{- end }}
+
+      containers:
+      - name: {{ include "common.name" . }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        resources:
+{{ toYaml .Values.resources | indent 10 }}
+        ports:
+        - containerPort: {{ .Values.service.internalPort }}
+          protocol: TCP
+        {{- if .Values.liveness.enabled }}
+        livenessProbe:
+          httpGet:
+            path: /api/health
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.liveness.periodSeconds }}
+          timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+        {{ end -}}
+        {{- if .Values.readiness.enabled }}
+        readinessProbe:
+          httpGet:
+            path: /api/health
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.readiness.periodSeconds }}
+          timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+        {{ end -}}
+        volumeMounts:
+          - name: {{ include "common.fullname" . }}-config
+            mountPath: "/etc/grafana/grafana.ini"
+            subPath: grafana.ini
+          - name: {{ include "common.fullname" . }}-storage
+            mountPath: {{ .Values.persistence.containerMountPath }}
+          {{- if .Values.dashboards }}
+          {{- range $provider, $dashboards := .Values.dashboards }}
+          {{- range $key, $value := $dashboards }}
+          {{- if hasKey $value "json" }}
+          - name: {{ include "common.fullname" $ }}-dashboards-{{ $provider }}
+            mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json"
+            subPath: "{{ $key }}.json"
+          {{- end }}
+          {{- end }}
+          {{- end }}
+          {{- end -}}
+          {{- if .Values.datasources }}
+          - name: {{ include "common.fullname" . }}-config
+            mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml"
+            subPath: datasources.yaml
+          {{- end }}
+          {{- if .Values.dashboardProviders }}
+          - name: {{ include "common.fullname" . }}-config
+            mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml"
+            subPath: dashboardproviders.yaml
+          {{- end }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+      volumes:
+        - name: {{ include "common.fullname" . }}-config
+          configMap:
+            name: {{ include "common.fullname" . }}
+        - name: {{ include "common.fullname" . }}-storage
+        {{- if .Values.persistence.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ include "common.fullname" . }}
+        {{- else }}
+          emptyDir: {}
+        {{- end }}
+        {{- if .Values.dashboards }}
+          {{- range keys .Values.dashboards }}
+        - name: {{ include "common.fullname" $ }}-dashboards-{{ . }}
+          configMap:
+            name: {{ include "common.fullname" $ }}-dashboards-{{ . }}
+          {{- end }}
+        {{- end }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      restartPolicy: Always
+
+{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pv.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pv.yaml
new file mode 100644
index 0000000..aa3a956
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pv.yaml
@@ -0,0 +1,41 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.grafana.enabled -}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+    name: {{ include "common.fullname" . }}
+spec:
+  capacity:
+    storage: {{ .Values.persistence.size}}
+  accessModes:
+    - {{ .Values.persistence.accessMode }}
+  persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+  hostPath:
+    path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
+
+{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pvc.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pvc.yaml
similarity index 93%
rename from kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pvc.yaml
rename to kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pvc.yaml
index 1deed4e..2900395 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pvc.yaml
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pvc.yaml
@@ -1,6 +1,5 @@
 {{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright 2018 Intel Corporation, Inc
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,6 +14,8 @@
 # limitations under the License.
 */}}
 
+{{- if .Values.global.grafana.enabled -}}
+
 {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
 kind: PersistentVolumeClaim
 apiVersion: v1
@@ -47,3 +48,5 @@
 {{- end }}
 {{- end }}
 {{- end -}}
+
+{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/service.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/service.yaml
new file mode 100644
index 0000000..35ddd79
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/service.yaml
@@ -0,0 +1,46 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.grafana.enabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.service.name }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+  - name: {{ .Values.service.portName }}
+    {{if eq .Values.service.type "NodePort" -}}
+    port: {{ .Values.service.internalPort }}
+    nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }}
+    {{- else -}}
+    port: {{ .Values.service.externalPort }}
+    targetPort: {{ .Values.service.internalPort }}
+    {{- end}}
+    protocol: TCP
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ .Release.Name }}
+
+{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/values.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/values.yaml
new file mode 100644
index 0000000..43f4e93
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/values.yaml
@@ -0,0 +1,114 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  persistence: {}
+
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+#Alertmanager Configuration
+image:
+  repository: grafana/grafana
+  tag: 5.2.4
+
+downloadDashboardsImage:
+  repository: appropriate/curl
+  tag: latest
+
+persistence:
+  enabled: true
+  volumeReclaimPolicy: Retain
+  accessMode: ReadWriteOnce
+  size: 10Gi
+  mountPath: /dockerdata-nfs
+  mountSubPath: multicloud/prometheus/grafana
+  containerMountPath: /grafana/data
+
+#Service configuration for this chart
+service:
+  type: ClusterIP
+  name: multicloud-prometheus-grafana
+  portName: prometheus-grafana
+  internalPort: 3000
+  externalPort: 3000
+
+#Grafana Datasources
+datasources:
+  datasources.yaml:
+    apiVersion: 1
+    datasources:
+    - name: Prometheus
+      type: prometheus
+      #Make sure the port number matches for the prometheus service
+      url: http://multicloud-prometheus:9090
+      access: proxy
+      isDefault: true
+
+
+#Grafana Dashboard providers
+dashboardProviders: {}
+
+#Grafana Dashboards for importing
+#This requires dashboardProviders to be enabled with some data
+#The dashboards will be downloaded from the URL provided in
+#dashboardProviders
+dashboards: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 10
+  periodSeconds: 30
+  timeoutSeconds: 30
+  enabled: true
+
+readiness:
+  initialDelaySeconds: 10
+  periodSeconds: 30
+  timeoutSeconds: 30
+  enabled: true
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+ingress:
+  enabled: false
+
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 10m
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 2
+      memory: 8Gi
+    requests:
+      cpu: 20m
+      memory: 2Gi
+  unlimited: {}
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/resources/config/prometheus.yml b/kubernetes/multicloud/charts/multicloud-prometheus/resources/config/prometheus.yml
new file mode 100644
index 0000000..0355b48
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/resources/config/prometheus.yml
@@ -0,0 +1,37 @@
+global:
+  scrape_interval: 1m
+  scrape_timeout: 10s
+  evaluation_interval: 1m
+
+rule_files:
+  - /etc/config/rules
+  - /etc/config/alerts
+
+scrape_configs:
+  - job_name: prometheus
+    static_configs:
+      - targets:
+        - localhost:9090
+  {{/*
+  #Add more jobs after this indent if needed
+  */}}
+
+{{- if .Values.global.alertmanager.enabled }}
+alerting:
+  alertmanagers:
+  - kubernetes_sd_configs:
+      - role: pod
+    relabel_configs:
+    - source_labels: [__meta_kubernetes_namespace]
+      regex: {{ include "common.namespace" . }}
+      action: keep
+    - source_labels: [__meta_kubernetes_pod_label_app]
+      regex: prometheus
+      action: keep
+    - source_labels: [__meta_kubernetes_pod_label_component]
+      regex: alertmanager
+      action: keep
+    - source_labels: [__meta_kubernetes_pod_container_port_number]
+      regex:
+      action: drop
+{{- end -}}
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/configmap.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/configmap.yaml
new file mode 100644
index 0000000..a5aff34
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/templates/configmap.yaml
@@ -0,0 +1,32 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.prometheus.enabled -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/deployment.yaml
new file mode 100644
index 0000000..562755d
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/templates/deployment.yaml
@@ -0,0 +1,125 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.prometheus.enabled -}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ .Release.Name }}
+      name: {{ include "common.name" . }}
+    spec:
+      initContainers:
+      - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-chown-init
+        command: ["chown", "-R", "65534:65534", "{{ .Values.persistence.containerMountPath }}"]
+        volumeMounts:
+        - name: {{ include "common.fullname" . }}-storage
+          mountPath: {{ .Values.persistence.containerMountPath }}
+      containers:
+      - name: {{ include "common.name" . }}-configmap-reload
+        image: "{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        args:
+          - --volume-dir=/etc/config
+          - --webhook-url=http://localhost:9090/-/reload
+        volumeMounts:
+          - name: {{ include "common.fullname" . }}-config
+            mountPath: /etc/config
+            readOnly: true
+
+      - name: {{ include "common.name" . }}-server
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        args:
+          - --config.file=/etc/config/prometheus.yml
+          - --storage.tsdb.path={{ .Values.persistence.containerMountPath }}
+          - --web.console.libraries=/etc/prometheus/console_libraries
+          - --web.console.templates=/etc/prometheus/consoles
+          - --web.enable-lifecycle
+        {{- if .Values.server.enableAdminApi }}
+          - --web.enable-admin-api
+        {{- end }}
+        resources:
+{{ toYaml .Values.resources | indent 10 }}
+        ports:
+        - containerPort: {{ .Values.service.internalPort }}
+        # disable liveness probe when breakpoints set in debugger
+        # so K8s doesn't restart unresponsive container
+        {{- if .Values.liveness.enabled }}
+        livenessProbe:
+          httpGet:
+            path: /-/healthy
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.liveness.periodSeconds }}
+          timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+        {{ end -}}
+        {{- if .Values.readiness.enabled }}
+        readinessProbe:
+          httpGet:
+            path: /-/ready
+            port: {{ .Values.service.internalPort }}
+          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.readiness.periodSeconds }}
+          timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+        {{ end -}}
+        volumeMounts:
+          - name: {{ include "common.fullname" . }}-config
+            mountPath: /etc/config
+          - name: {{ include "common.fullname" . }}-storage
+            mountPath: {{ .Values.persistence.containerMountPath }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+      volumes:
+        - name: {{ include "common.fullname" . }}-config
+          configMap:
+            name: {{ include "common.fullname" . }}
+        - name: {{ include "common.fullname" . }}-storage
+        {{- if .Values.persistence.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ include "common.fullname" . }}
+        {{- else }}
+          emptyDir: {}
+        {{- end }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      restartPolicy: Always
+
+{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/pv.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/pv.yaml
new file mode 100644
index 0000000..961b6bb
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/templates/pv.yaml
@@ -0,0 +1,41 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.prometheus.enabled -}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+    name: {{ include "common.fullname" . }}
+spec:
+  capacity:
+    storage: {{ .Values.persistence.size}}
+  accessModes:
+    - {{ .Values.persistence.accessMode }}
+  persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+  hostPath:
+    path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
+
+{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pvc.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/pvc.yaml
similarity index 93%
copy from kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pvc.yaml
copy to kubernetes/multicloud/charts/multicloud-prometheus/templates/pvc.yaml
index 1deed4e..73fcc30 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pvc.yaml
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/templates/pvc.yaml
@@ -1,6 +1,5 @@
 {{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright 2018 Intel Corporation, Inc
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,6 +14,8 @@
 # limitations under the License.
 */}}
 
+{{- if .Values.global.prometheus.enabled -}}
+
 {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
 kind: PersistentVolumeClaim
 apiVersion: v1
@@ -47,3 +48,5 @@
 {{- end }}
 {{- end }}
 {{- end -}}
+
+{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/service.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/service.yaml
new file mode 100644
index 0000000..88f5cac
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/templates/service.yaml
@@ -0,0 +1,46 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.prometheus.enabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.service.name }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+  - name: {{ .Values.service.portName }}
+    {{if eq .Values.service.type "NodePort" -}}
+    port: {{ .Values.service.internalPort }}
+    nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }}
+    {{- else -}}
+    port: {{ .Values.service.externalPort }}
+    targetPort: {{ .Values.service.internalPort }}
+    {{- end}}
+    protocol: TCP
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ .Release.Name }}
+
+{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/values.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/values.yaml
new file mode 100644
index 0000000..5065392
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/values.yaml
@@ -0,0 +1,108 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  nodePortPrefix: 302
+  readinessRepository: oomk8s
+  readinessImage: readiness-check:2.0.0
+  loggingRepository: docker.elastic.co
+  loggingImage: beats/filebeat:5.5.0
+  busyboxRepository: registry.hub.docker.com
+  busyboxImage: library/busybox:latest
+  alertmanager:
+    enabled: false
+  grafana:
+    enabled: false
+  configmapReload:
+    image:
+      repository: jimmidyson/configmap-reload
+      tag: v0.2.2
+  persistence: {}
+
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+#Server Configuration
+image:
+  repository: prom/prometheus
+  tag: v2.4.0
+
+server:
+  enableAdminApi: false
+
+persistence:
+  enabled: true
+  volumeReclaimPolicy: Retain
+  accessMode: ReadWriteOnce
+  size: 8Gi
+  mountPath: /dockerdata-nfs
+  mountSubPath: multicloud/prometheus/server
+  containerMountPath: /prometheus/data
+
+#Service configuration for this chart
+service:
+  type: ClusterIP
+  name: multicloud-prometheus
+  portName: multicloud-prometheus
+  internalPort: 9090
+  externalPort: 9090
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 10
+  periodSeconds: 30
+  timeoutSeconds: 30
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+
+readiness:
+  initialDelaySeconds: 10
+  periodSeconds: 30
+  timeoutSeconds: 30
+  enabled: true
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+ingress:
+  enabled: false
+
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 10m
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 2
+      memory: 8Gi
+    requests:
+      cpu: 20m
+      memory: 2Gi
+  unlimited: {}
diff --git a/kubernetes/multicloud/charts/multicloud-windriver/values.yaml b/kubernetes/multicloud/charts/multicloud-windriver/values.yaml
index f9039d9..c453ed5 100644
--- a/kubernetes/multicloud/charts/multicloud-windriver/values.yaml
+++ b/kubernetes/multicloud/charts/multicloud-windriver/values.yaml
@@ -24,7 +24,7 @@
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-windriver:1.2.1
+image: onap/multicloud/openstack-windriver:1.2.2
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml
index 0135841..8ebcb82 100644
--- a/kubernetes/multicloud/values.yaml
+++ b/kubernetes/multicloud/values.yaml
@@ -20,13 +20,15 @@
   nodePortPrefix: 302
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
+  prometheus:
+    enabled: false
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/multicloud/framework:1.2.1
+image: onap/multicloud/framework:1.2.2
 pullPolicy: Always
 
 #Istio sidecar injection policy
diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml
index 386a3cf..6be1a00 100644
--- a/kubernetes/onap/resources/environments/dev.yaml
+++ b/kubernetes/onap/resources/environments/dev.yaml
@@ -75,6 +75,8 @@
   enabled: false
 log:
   enabled: false
+  log-logstash:
+    replicaCount: 1
 sniro-emulator:
   enabled: false
 oof:
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 62999b2..1ca2b84 100644
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2018 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -112,7 +112,7 @@
 robot:
   enabled: true
   config:
-# openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
+    # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
     openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
 sdc:
   enabled: true
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
index a970f38..98c6b4a 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
@@ -65,7 +65,7 @@
   internalPort: 8080
   externalPort: 8080
   #nodePort: 23
-  # as of 20181022 port 23 is reserved for cmso 
+  # as of 20181022 port 23 is reserved for cmso
   # see https://wiki.onap.org/display/DW/OOM+NodePort+List
 
 
@@ -94,9 +94,18 @@
   # Minimum memory for development is 2 CPU cores and 4GB memory
   # Minimum memory for production is 4 CPU cores and 8GB memory
 resources:
-  limits:
-    cpu: 1
-    memory: 1.2Gi
-  requests:
-    cpu: 10m
-    memory: 800Mi
+  small:
+    limits:
+      cpu: 1
+      memory: 1.2Gi
+    requests:
+      cpu: 10m
+      memory: 800Mi
+  large:
+    limits:
+      cpu: 1
+      memory: 1.2Gi
+    requests:
+      cpu: 10m
+      memory: 800Mi
+  unlimited: {}
diff --git a/kubernetes/oof/charts/oof-has/values.yaml b/kubernetes/oof/charts/oof-has/values.yaml
index d825e44..d223f4b 100755
--- a/kubernetes/oof/charts/oof-has/values.yaml
+++ b/kubernetes/oof/charts/oof-has/values.yaml
@@ -25,7 +25,7 @@
   commonConfigPrefix: onap-oof-has
   image:
     readiness: oomk8s/readiness-check:2.0.0
-    optf_has: onap/optf-has:1.2.4
+    optf_has: onap/optf-has:1.2.5
     filebeat: docker.elastic.co/beats/filebeat:5.5.0
 
 pullPolicy: Always
diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/scripts/bootstrap.sh b/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/scripts/bootstrap.sh
index 1c2608a..e9b6f34 100644
--- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/scripts/bootstrap.sh
+++ b/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/scripts/bootstrap.sh
@@ -49,17 +49,21 @@
 
 for i in 1 2 3 4 5 6 7 8 9
 do
-  MIRROR_IP=$(curl -s $KUBE_API/namespaces/{{ include "common.namespace" . }}/services/dcae-pnda-mirror \
-                 --header "Authorization: Bearer $KUBE_TOKEN" \
-                 --insecure | jq -r '.status.loadBalancer.ingress[0].ip')
+  MIRROR_IP=$(curl -s $KUBE_API/namespaces/{{ include "common.namespace" . }}/pods \
+            --header "Authorization: Bearer $KUBE_TOKEN" \
+            --insecure | jq -r '.items[].status | select(.containerStatuses != null) | select(.containerStatuses[].ready and .containerStatuses[].name=="dcae-pnda-mirror") | .hostIP')
+  MIRROR_PORT=$(curl -s $KUBE_API/namespaces/{{ include "common.namespace" . }}/services/dcae-pnda-mirror \
+              --header "Authorization: Bearer $KUBE_TOKEN" \
+              --insecure | jq -r '.spec.ports[] | select(.name=="dcae-pnda-mirror") | .nodePort')
 
-  if [ "$MIRROR_IP" != "null" ]; then
+  if [ "x${MIRROR_IP}" != "xnull" -a "x${MIRROR_PORT}" != "xnull" ]; then
+    PNDA_MIRROR="http://$MIRROR_IP:$MIRROR_PORT"
     break
   fi
   sleep 5
 done
 
-PNDA_MIRROR="http://$MIRROR_IP:80"
+[ -z "${PNDA_MIRROR}" ] && { echo "Unable to get PNDA mirror IP:PORT"; exit 1; }
 
 sed -i -e 's?CLIENT_IP/32?CLIENT_IP?' bootstrap-scripts/package-install.sh
 
diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/values.yaml b/kubernetes/pnda/charts/dcae-pnda-bootstrap/values.yaml
index 43f35b6..e22b8d2 100644
--- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/values.yaml
+++ b/kubernetes/pnda/charts/dcae-pnda-bootstrap/values.yaml
@@ -18,7 +18,7 @@
 # Global configuration defaults.
 #################################################################
 global:
-  nodePortPrefix: 302
+  nodePortPrefixExt: 304
   readinessRepository: oomk8s
   readinessImage: readiness-check:2.0.0
   loggingRepository: docker.elastic.co
diff --git a/kubernetes/pnda/charts/dcae-pnda-mirror/templates/service.yaml b/kubernetes/pnda/charts/dcae-pnda-mirror/templates/service.yaml
index b233a17..fd376d1 100644
--- a/kubernetes/pnda/charts/dcae-pnda-mirror/templates/service.yaml
+++ b/kubernetes/pnda/charts/dcae-pnda-mirror/templates/service.yaml
@@ -30,7 +30,7 @@
   ports:
     {{if eq .Values.service.type "NodePort" -}}
     - port: {{ .Values.service.externalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+      nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
       name: {{ .Values.service.portName }}
     {{- else -}}
     - port: {{ .Values.service.externalPort }}
diff --git a/kubernetes/pnda/charts/dcae-pnda-mirror/values.yaml b/kubernetes/pnda/charts/dcae-pnda-mirror/values.yaml
index 6f346b8..34de52a 100644
--- a/kubernetes/pnda/charts/dcae-pnda-mirror/values.yaml
+++ b/kubernetes/pnda/charts/dcae-pnda-mirror/values.yaml
@@ -18,7 +18,7 @@
 # Global configuration defaults.
 #################################################################
 global:
-  nodePortPrefix: 302
+  nodePortPrefixExt: 304
   readinessRepository: oomk8s
   readinessImage: readiness-check:2.0.0
   loggingRepository: docker.elastic.co
@@ -59,9 +59,9 @@
   periodSeconds: 10
 
 service:
-  type: LoadBalancer
-  name: dcae-pnda-mirror
-  portName: client
+  type: NodePort
+  portName: dcae-pnda-mirror
+  nodePort: "00"
   externalPort: 80
   internalPort: 80
 
diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf
index 7afaeae..cff0dee 100644
--- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf
+++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf
@@ -22,19 +22,19 @@
 
 # Telemetry credentials
 
-ENGINE_MANAGEMENT_PORT=9696
-ENGINE_MANAGEMENT_HOST=0.0.0.0
-ENGINE_MANAGEMENT_USER=demo@people.osaaf.org
-ENGINE_MANAGEMENT_PASSWORD=demo123456!
+TELEMETRY_PORT=9696
+TELEMETRY_HOST=0.0.0.0
+TELEMETRY_USER=demo@people.osaaf.org
+TELEMETRY_PASSWORD=demo123456!
 
 # nexus repository
 
-snapshotRepositoryID=policy-nexus-snapshots
-snapshotRepositoryUrl=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots/
-releaseRepositoryID=policy-nexus-releases
-releaseRepositoryUrl=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases/
-repositoryUsername=admin
-repositoryPassword=admin123
+SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots
+SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots/
+RELEASE_REPOSITORY_ID=policy-nexus-releases
+RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases/
+REPOSITORY_USERNAME=admin
+REPOSITORY_PASSWORD=admin123
 
 # Relational (SQL) DB access 
 
diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json b/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json
index c8908c7..57542c3 100644
--- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json
+++ b/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json
@@ -5,7 +5,7 @@
 #  you may not use this file except in compliance with the License.
 #  You may obtain a copy of the License at
 #
-#       http://www.apache.org/licenses/LICENSE-2.0
+#     http://www.apache.org/licenses/LICENSE-2.0
 #
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,63 +16,49 @@
 #  SPDX-License-Identifier: Apache-2.0
 #  ============LICENSE_END=========================================================
 {
-        "engineServiceParameters": {
-                "name": "PolicyApexPDPEngine",
-                "version": "0.0.1",
-                "id": 45,
-                "instanceCount": 4,
-                "deploymentPort": 12345,
-                "engineParameters": {
-                        "executorParameters": {
-                                "JAVASCRIPT": {
-                                        "parameterClassName": "org.onap.policy.apex.plugins.executor.javascript.JavascriptExecutorParameters"
-                                }
-                        },
-                        "contextParameters": {
-                                "parameterClassName": "org.onap.policy.apex.context.parameters.ContextParameters",
-                                "schemaParameters": {
-                                        "Avro": {
-                                                "parameterClassName": "org.onap.policy.apex.plugins.context.schema.avro.AvroSchemaHelperParameters"
-                                        }
-                                }
-                        }
-                }
-        },
-        "eventInputParameters": {
-          "ApexConsumer": {
-            "carrierTechnologyParameters" : {
-              "carrierTechnology" : "RESTSERVER",
-              "parameterClassName" :
-                "org.onap.policy.apex.plugins.event.carrier.restserver.RestServerCarrierTechnologyParameters",
-              "parameters" : {
-                "standalone" : true,
-                "host" : "localhost",
-                "port" : 12346
-              }
-            },
-            "eventProtocolParameters":{
-              "eventProtocol" : "JSON"
-            },
-            "synchronousMode"    : true,
-            "synchronousPeer"    : "ApexProducer",
-            "synchronousTimeout" : 500
-          }
-        },
-        "eventOutputParameters": {
-          "ApexProducer": {
-            "carrierTechnologyParameters":{
-              "carrierTechnology" : "RESTSERVER",
-              "parameterClassName" :
-                "org.onap.policy.apex.plugins.event.carrier.restserver.RestServerCarrierTechnologyParameters"
-            },
-            "eventProtocolParameters":{
-              "eventProtocol" : "JSON"
-            },
-            "synchronousMode"    : true,
-            "synchronousPeer"    : "ApexConsumer",
-            "synchronousTimeout" : 500
-          }
+  "javaProperties" : [
+    ["javax.net.ssl.trustStore", "/opt/app/policy/apex-pdp/etc/ssl/policy-truststore"],
+    ["javax.net.ssl.trustStorePassword", "UG9sMWN5XzBuYXA="]
+  ],
+  "engineServiceParameters": {
+    "name": "MyApexEngine",
+    "version": "0.0.1",
+    "id": 45,
+    "instanceCount": 4,
+    "deploymentPort": 12345,
+    "policyModelFileName": "examples/models/SampleDomain/SamplePolicyModelJAVASCRIPT.json",
+    "engineParameters": {
+      "executorParameters": {
+        "JAVASCRIPT": {
+          "parameterClassName": "org.onap.policy.apex.plugins.executor.javascript.JavascriptExecutorParameters"
         }
+      }
+    }
+  },
+  "eventOutputParameters": {
+    "FirstProducer": {
+      "carrierTechnologyParameters": {
+        "carrierTechnology": "FILE",
+        "parameters": {
+          "standardIo": true
+        }
+      },
+      "eventProtocolParameters": {
+        "eventProtocol": "JSON"
+      }
+    }
+  },
+  "eventInputParameters": {
+    "FirstConsumer": {
+      "carrierTechnologyParameters": {
+        "carrierTechnology": "FILE",
+        "parameters": {
+          "standardIo": true
+        }
+      },
+      "eventProtocolParameters": {
+        "eventProtocol": "JSON"
+      }
+    }
+  }
 }
-
-
diff --git a/kubernetes/policy/charts/policy-distribution/resources/config/config.json b/kubernetes/policy/charts/policy-distribution/resources/config/config.json
index b0a6504..5591e58 100644
--- a/kubernetes/policy/charts/policy-distribution/resources/config/config.json
+++ b/kubernetes/policy/charts/policy-distribution/resources/config/config.json
@@ -21,7 +21,8 @@
         "host":"0.0.0.0",
         "port":6969,
         "userName":"healthcheck",
-        "password":"zb!XztG34"
+        "password":"zb!XztG34",
+        "https":true
     },
     "receptionHandlerParameters":{
         "SDCReceptionHandler":{
@@ -107,14 +108,14 @@
         "xacmlPdpConfiguration":{
             "parameterClassName":"org.onap.policy.distribution.forwarding.xacml.pdp.XacmlPdpPolicyForwarderParameterGroup",
             "parameters":{
-                "useHttps": false,
+                "useHttps": true,
                 "hostname": "pdp",
                 "port": 8081,
                 "userName": "testpdp",
                 "password": "alpha123",
                 "clientAuth": "cHl0aG9uOnRlc3Q=",
                 "isManaged": true,
-                "pdpGroup": "pdpGroup"
+                "pdpGroup": "default"
             }
         },
         "apexForwarderConfiguration":{
diff --git a/kubernetes/policy/resources/config/pe/push-policies.sh b/kubernetes/policy/resources/config/pe/push-policies.sh
index f591096..9074b9a 100644
--- a/kubernetes/policy/resources/config/pe/push-policies.sh
+++ b/kubernetes/policy/resources/config/pe/push-policies.sh
@@ -139,6 +139,26 @@
     }
 }' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
 
+sleep 2
+
+echo "Create BRMSParamCCVPN Policy"
+curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
+    "policyConfigType": "BRMS_PARAM",
+    "policyName": "com.BRMSParamCCVPN",
+    "policyDescription": "BRMS Param CCVPN policy",
+    "policyScope": "com",
+    "attributes": {
+        "MATCHING": {
+            "controller" : "amsterdam"
+        },
+        "RULE": {
+            "templateName": "ClosedLoopControlName",
+            "closedLoopControlName": "ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b",
+            "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b%0D%0A++trigger_policy%3A+unique-policy-id-16-Reroute%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-16-Reroute%0D%0A++++name%3A+Connectivity Reroute%0D%0A++++description%3A%0D%0A++++actor%3A+SDNC%0D%0A++++recipe%3A+Reroute%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
+        }
+    }
+}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
+
 #########################################Create Micro Service Config policies##########################################
 
 echo "Create MicroService Config Policies"
@@ -414,6 +434,15 @@
   "policyType": "BRMS_Param"
 }' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
 
+sleep 2
+
+echo "pushPolicy : PUT : com.BRMSParamCCVPN"
+curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
+  "pdpGroup": "default",
+  "policyName": "com.BRMSParamCCVPN",
+  "policyType": "BRMS_Param"
+}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
+
 #########################################Pushing MicroService Config policies##########################################
 
 echo "Pushing MicroService Config policies"
diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties b/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties
index 194ab1d..41ec250 100644
--- a/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties
+++ b/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties
@@ -28,6 +28,11 @@
 # AAI REST Client Configuration
 aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}}
 aai.servicePort={{ .Values.config.aaiPort }}
+# AAI APIs authentication mode. Valid values: [basic_auth, client_cert]
+aai.authentication=basic_auth
+aai.trustStorePath=n/a
+aai.keyStorePath=n/a
+aai.keyStorePassword=n/a
 aai.username={{ .Values.config.aaiUsername }}
 aai.password={{ .Values.config.aaiPassword }}
 aai.httpProtocol={{ .Values.config.aaiHttpProtocol }}
diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/future-builders/ndcb.properties b/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties
old mode 100755
new mode 100644
similarity index 100%
rename from kubernetes/pomba/charts/pomba-contextaggregator/resources/config/future-builders/ndcb.properties
rename to kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties
diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/sdnc.properties b/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/sdnc.properties
new file mode 100644
index 0000000..b36f0c3
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/sdnc.properties
@@ -0,0 +1,27 @@
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+server.host={{ .Values.config.sdncCtxBuilderHost }}
+basicauth.username={{ .Values.config.sdncCtxBuilderUsername }}
+basicauth.password={{ .Values.config.sdncCtxBuilderPassword }}
+server.port={{ .Values.config.ctxBuilderExternalPort }}
+server.protocol=http
+trust.store.path=/auth/tomcat_keystore
+key.store.path=/auth/aai-client-cert.p12
+key.store.password=70c87528c88dcd9f9c2558d30e817868
+key.store.type=PKCS12
+key.manager.factory.algorithm=SunX509
+security.protocol=TLS
+connection.timeout.ms=60000
+read.timeout.ms=60000
+base.uri=/sdnccontextbuilder/v1/service/context
diff --git a/kubernetes/pomba/charts/pomba-data-router/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-data-router/templates/deployment.yaml
index 3244a74..cb5c210 100644
--- a/kubernetes/pomba/charts/pomba-data-router/templates/deployment.yaml
+++ b/kubernetes/pomba/charts/pomba-data-router/templates/deployment.yaml
@@ -111,6 +111,8 @@
           name: {{ include "common.fullname" . }}-dynamic-policy
         - mountPath: /logs/
           name: {{ include "common.fullname" . }}-logs
+        resources:
+{{ include "common.resources" . | indent 10 }}
         ports:
         - containerPort: {{ .Values.service.internalPort }}
         {{- if eq .Values.liveness.enabled true }}
diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/resources/config/elasticsearch.yml b/kubernetes/pomba/charts/pomba-elasticsearch/resources/config/elasticsearch.yml
index 2e469d5..2ffa686 100644
--- a/kubernetes/pomba/charts/pomba-elasticsearch/resources/config/elasticsearch.yml
+++ b/kubernetes/pomba/charts/pomba-elasticsearch/resources/config/elasticsearch.yml
@@ -131,3 +131,4 @@
 
 xpack.watcher.enabled: false
 #Set to false to disable Watcher.
+
diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.crt.pem b/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.crt.pem
new file mode 100644
index 0000000..11125ea
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.crt.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID/TCCAuWgAwIBAgIJALVJyrUvH8uGMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
+VQQGEwJBVTERMA8GA1UECAwIVmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTEd
+MBsGA1UECgwURXhhbXBsZSBPcmdhbml6YXRpb24xGzAZBgNVBAMMEmtpYmFuYS5l
+eGFtcGxlLm9yZzEiMCAGCSqGSIb3DQEJARYTZXhhbXBsZUBleGFtcGxlLm9yZzAe
+Fw0xNjA5MTgwMzU4NTNaFw0yNjA5MTYwMzU4NTNaMIGUMQswCQYDVQQGEwJBVTER
+MA8GA1UECAwIVmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTEdMBsGA1UECgwU
+RXhhbXBsZSBPcmdhbml6YXRpb24xGzAZBgNVBAMMEmtpYmFuYS5leGFtcGxlLm9y
+ZzEiMCAGCSqGSIb3DQEJARYTZXhhbXBsZUBleGFtcGxlLm9yZzCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAK3AKz7Jq8CGR75NcbuUKiLTJhSS0/TBGA9M
+k+OmradT5qWhFKbxUDoMwT4YpUTzkUGUzkGEVbUsrKK4XaYXldRoHOm8mS0aBErk
+g2ffmpi+TiGk5LHykZ0avmYeEsqVESAjVEMuU3fWJzZd4NfUcTKsBA7Ccqfnb3CB
+TS5fbAz/zw1K//XR5ZNCEBOsFD+0oFGKTNLCeMBCwccFNyVI2mNZpDA++HilNiQj
+TEJytBXGcMVZaS+Tc0vENfVWHAAtVdk8+dd6jkpNnDhK1W1TB7HvhScewyEGh9yb
+cK5asE8TBebEvUIrPaVFz+ef/o3lRev0Gq1QUYAoaG7ps9JlDcsCAwEAAaNQME4w
+HQYDVR0OBBYEFIKSLrYMY9fXpCS7OGnyxhS7JzRrMB8GA1UdIwQYMBaAFIKSLrYM
+Y9fXpCS7OGnyxhS7JzRrMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
+ABiu7+GH8WGNPqPUUHP17HHYK41xAyYoKSzCrELKmFLphYhnUQA6EeBY8rjYr3X0
+Z2O0F9J6Cik/kG/uBYW0Oi8PQ0EeSZwzvd+CsAc2EJAryOBpafWRXa2XrOtFkKjq
+jKWHSa0QJsBALiu8+JVfcwXYshbhmdVBxrktxMoY9WpGI7EcZkf77SW5enY4LtSF
+wuRr2lv29YADsa/Q7JV2I4oAbWUjW3513mR5JsefHPk7hXZbRCXqUxFTmWpnDomF
+HDeEDAdSgMgzODnbU/qHI9tmP6iDaCTz/eVfyCMKGYA0oIX1j5GdJ6HXK1OHafJK
+W/M9gDRhQKU0bTXC2CoEOAs=
+-----END CERTIFICATE-----
diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.key.pem b/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.key.pem
new file mode 100644
index 0000000..db46f0d
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCtwCs+yavAhke+
+TXG7lCoi0yYUktP0wRgPTJPjpq2nU+aloRSm8VA6DME+GKVE85FBlM5BhFW1LKyi
+uF2mF5XUaBzpvJktGgRK5INn35qYvk4hpOSx8pGdGr5mHhLKlREgI1RDLlN31ic2
+XeDX1HEyrAQOwnKn529wgU0uX2wM/88NSv/10eWTQhATrBQ/tKBRikzSwnjAQsHH
+BTclSNpjWaQwPvh4pTYkI0xCcrQVxnDFWWkvk3NLxDX1VhwALVXZPPnXeo5KTZw4
+StVtUwex74UnHsMhBofcm3CuWrBPEwXmxL1CKz2lRc/nn/6N5UXr9BqtUFGAKGhu
+6bPSZQ3LAgMBAAECggEAKE5S+d7ItAGydOf8QTpux+NZix5Agx+kGDB4gi/xSsbA
+051ZcBy8sqqwzVnkROmHwcHmUvaC92NkrN6+AsCn5j08r9ArbHYDlugJv7f0YgiL
+kWxyDQGrW9mPX5sMWuhXr6/iZS9C96K7N/ZxKUBD/jA/RLlA5chfZqboI6DJLP5s
+u03ZW4toaGItLZtPxF07eElE4MGG/TbkoBZ5t79Y98TJP2oO95IpPQa8omqQcDEM
+w0DsbV/dJV9AtyZBfmIRNaG5beiIUH26OQzUJP7FP2eIN4F/CAXLdlMnHtQA1XJz
+QRwMxbfBQ+JfKD7YWedqivrjR0iPMx80M4HSU9DFaQKBgQDa+7F7zDRy4WU0GtfP
+g+ArDUMjQv5pTXA0b2hKjHJRXM3LVo5qNJYWlirHtPjkVL4BJSY+iVl9/lfV2Xrf
+gDXQLcUhABx5HNzZ5p+NyDHWrpZamFkfw9wLwQHXZGG8I+dla/iToHRWEH2QYxdz
+VvfntpyE7XbxzhPPiS5haHGerwKBgQDLHxPn/jm2dSHa6jAidJXFJCMblcDuwIBy
+7Cm7vnRro9Mbx/hZkRPXYWHQ/4WEVlWO9Sgkf4ambPSmdFg8ksQwBBd+l3K5K4Un
+2AIL/PqgZg+anoEYYn1sqiWSc+YiO2GiRaHh5wOWtekEBBH9HcYkmKIXm3JHVdSw
+SpQsryxppQKBgDi7qqDLJ+93a7PTHIRbwzEEL5esHKOFd4NuNZPSzS89HugGVcE4
+PIY/g3fX7/+f4NYFHOJozTGyOmlh/c53tfloUkEZeUb7blBZyo5+BkN7WeLAw55S
+LOkyqNp33EZU+vcwwObmVB2UCiPlOEceif2TNvvNVdqRrFpBTS3ZVE5rAoGAJivk
+9cgU2HESt60i9paqPq4X2us9oqCSgwZWoW2dO01CMwpVZZ+Z9vPaCgi68q+2zHLN
+5G4Cw+vd3honKtr5+3wJXkTfzmSbVW2GlPIpt1L2w7vdztNTdsRS4z7clLpMEs67
+KVTcm8n7zEFnkAW0YtQ8Qet4gmdi3O5nAi65TfECgYEA0Pw2X4R37IrYM7tFDJSz
+zDF4mRmk2qfhHBd8IaIDBpsXSgLcVRduro4HBzf/JeCt8rvw3VMLEFyqwyszpHro
+xNnqPvbMPMCtOvUcr1VtXnO7CzaFNCJrfjYdV8vmDgvbYmBEHzG+LGbnVZIBUhQa
+igVjtqU1uT83+VpR703IcBI=
+-----END PRIVATE KEY-----
diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/bin/kibana_start.sh b/kubernetes/pomba/charts/pomba-kibana/resources/bin/kibana_start.sh
new file mode 100644
index 0000000..2323fe1
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-kibana/resources/bin/kibana_start.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+mkdir -p /usr/share/kibana/auth
+chmod 0777 /usr/share/kibana/auth
+
+cp /opt/app/auth/* /usr/share/kibana/auth/.
+
+chmod 0400 /usr/share/kibana/auth/*
+
+/usr/share/kibana/node/bin/node --no-warnings /usr/share/kibana/src/cli --cpu.cgroup.path.override=/ --cpuacct.cgroup.path.override=/
diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/config/kibana.yml b/kubernetes/pomba/charts/pomba-kibana/resources/config/kibana.yml
index 6d31c44..fdcdd02 100644
--- a/kubernetes/pomba/charts/pomba-kibana/resources/config/kibana.yml
+++ b/kubernetes/pomba/charts/pomba-kibana/resources/config/kibana.yml
@@ -51,9 +51,9 @@
 elasticsearch.password: "changeme"
 # Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
 # These settings enable SSL for outgoing requests from the Kibana server to the browser.
-#server.ssl.enabled: $server_ssl_enabled
-#server.ssl.certificate: $server_ssl_certificate
-#server.ssl.key: $server_ssl_key
+server.ssl.enabled: {{.Values.config.serverSslEnabled}}
+server.ssl.certificate: {{.Values.config.serverSslCertificate}}
+server.ssl.key: {{.Values.config.serverSslKey}}
 
 # Optional settings that provide the paths to the PEM-format SSL certificate and key files.
 # These files validate that your Elasticsearch backend uses the same key files.
diff --git a/kubernetes/pomba/charts/pomba-kibana/templates/configmap.yaml b/kubernetes/pomba/charts/pomba-kibana/templates/configmap.yaml
index fd8934b..4eb25fe 100644
--- a/kubernetes/pomba/charts/pomba-kibana/templates/configmap.yaml
+++ b/kubernetes/pomba/charts/pomba-kibana/templates/configmap.yaml
@@ -19,3 +19,19 @@
   namespace: {{ include "common.namespace" . }}
 data:
 {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-auth
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/auth/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-bin
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/bin/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/pomba/charts/pomba-kibana/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-kibana/templates/deployment.yaml
index e87a04f..2bc9e79 100644
--- a/kubernetes/pomba/charts/pomba-kibana/templates/deployment.yaml
+++ b/kubernetes/pomba/charts/pomba-kibana/templates/deployment.yaml
@@ -117,12 +117,15 @@
         - name: {{ include "common.name" . }}
           image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command: ["/bin/bash"]
+          args: ["-c", "/opt/app/bin/kibana_start.sh"]
           ports:
           - containerPort: {{ .Values.service.internalPort }}
             name: {{ .Values.service.name }}
           readinessProbe:
             httpGet:
               path: "/"
+              scheme: "HTTPS"
               port: {{ .Values.service.internalPort }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
@@ -133,6 +136,7 @@
           livenessProbe:
             httpGet:
               path: "/"
+              scheme: "HTTPS"
               port: {{ .Values.service.internalPort }}
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
@@ -143,8 +147,12 @@
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
-          - mountPath: /usr/share/kibana/config/
+          - mountPath: /usr/share/kibana/config
             name: {{ include "common.fullname" . }}
+          - mountPath: /opt/app/auth
+            name: {{ include "common.fullname" . }}-auth
+          - mountPath: /opt/app/bin
+            name: {{ include "common.fullname" . }}-bin
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -166,12 +174,20 @@
             - key: kibana.yml
               path: kibana.yml
             - key: default.json
-              path: default.json                    
+              path: default.json
             - key: validationsDump.json
               path: validationsDump.json
             - key: violationsDump.json
               path: violationsDump.json
             - key: default-mapping.json
-              path: default-mapping.json                                                                                                       
+              path: default-mapping.json
+        - name: {{ include "common.fullname" . }}-auth
+          configMap:
+            name: {{ include "common.fullname" . }}-auth
+            defaultMode: 0777
+        - name: {{ include "common.fullname" . }}-bin
+          configMap:
+            name: {{ include "common.fullname" . }}-bin
+            defaultMode: 0777
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/pomba/charts/pomba-kibana/values.yaml b/kubernetes/pomba/charts/pomba-kibana/values.yaml
index aa48263..fe50e47 100644
--- a/kubernetes/pomba/charts/pomba-kibana/values.yaml
+++ b/kubernetes/pomba/charts/pomba-kibana/values.yaml
@@ -45,6 +45,11 @@
   elasticsearchServiceName: pomba-es
   elasticsearchPort: 9200
 
+  #Enable HTTPS
+  serverSslEnabled: true
+  serverSslCertificate: /usr/share/kibana/auth/pomba.crt.pem
+  serverSslKey: /usr/share/kibana/auth/pomba.key.pem
+
 # default number of instances
 replicaCount: 1
 
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties
index 274a872..cccba6b 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties
@@ -31,24 +31,25 @@
 #Servlet context parameters
 server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
 
+#Enable HTTPS
+server.port={{ .Values.config.serverSslPort }}
+server.ssl.key-store={{ .Values.config.serverSslKeyStore }}
+server.ssl.key-store-password={{ .Values.config.serverSslKeyStorePassword }}
+server.ssl.client-auth={{ .Values.config.serverSslClientAuth }}
+server.ssl.enabled={{ .Values.config.serverSslEnabled }}
+server.ssl.enabled-protocols={{ .Values.config.serverSslEnabledProtocols }}
+
 # Basic Authentication
 basicAuth.username={{ .Values.config.networkDiscoveryUserId }}
 basicAuth.password={{ .Values.config.networkDiscoveryPassword }}
 
-enricher.types = vserver, l3-network
-enricher.type.vserver.url    = /enricher/v11/cloud-infrastructure/vservers/vserver/{0}?sot=!aai
-enricher.type.l3-network.url = /enricher/v11/network/l3-networks/l3-network/{0}?sot=!aai
+openstack.identity.url ={{ .Values.config.openstackIdentityUrl }}
+openstack.identity.user ={{ .Values.config.openstackUserId }}
+openstack.identity.password ={{ .Values.config.openstackPassword }}
 
-# Mapping from Enricher Attribute name to POMBA Attribute name in the format
-#   <Enricher Attribute Name>:<Pomba Attribute Name>;  and separated by semicolon ";"
-# for example,
-#          vserser-id:id;
-# means Attribute name "vserver-id" from Enricher will be converted to "id" in POMBA.
-enricher.attributeNameMappingList=Id:id;id:id;vserver-id:id;name:name;locked:inMaintenance; \
-            hostname:hostName;status:status;vm_state:vmState;vm-state:vmState;admin_state_up:adminState; \
-            favor.disk:flavorDisk;flavor.ephemeral:flavorEphemoral;flavor.extra_specs.hw.cpu_model:flavorHwCpuModel; \
-            flavor.extra_specs.hw.cpu_policy:flavorHwCpuPolicy;flavor.extra_specs.hw.mem_page_size:flavorHwMemPageSize; \
-            flavor.original_name:flavorOriginalName;flavor.ram:flavorRam;flavor.swap:flavorSwag;flavorvcpus:flavorVcpus; \
-            image.id:imageId;hostId:hostId;host:host;host_status:hostStatus;security_group.name:securityGroupName; \
-            serverName:serverName;metadata.myservername:otherServerName;shared:sharedNetwork;subnets:subnets; \
-            userId:userId;tenant_id:tenantId
+openstack.types = vserver, l3-network
+openstack.type.vserver.url    = {{ .Values.config.openstackTypeVserverUrl }}
+openstack.type.l3-network.url = {{ .Values.config.openstackTypeL3NetworkUrl }}
+
+openstack.api.microversion = 2.42
+
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/client-cert-onap.p12 b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/client-cert-onap.p12
new file mode 100644
index 0000000..dbf4fca
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/client-cert-onap.p12
Binary files differ
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/enricher-client-cert.p12 b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/enricher-client-cert.p12
deleted file mode 100644
index 12e0ae9..0000000
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/enricher-client-cert.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/tomcat_keystore b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore
similarity index 100%
copy from kubernetes/aai/charts/aai-sparky-be/resources/config/auth/tomcat_keystore
copy to kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/log/logback.xml b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/logback.xml
similarity index 90%
rename from kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/log/logback.xml
rename to kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/logback.xml
index 1f00cbd..0a4b616 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/log/logback.xml
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/logback.xml
@@ -1,30 +1,31 @@
-<configuration>

-    <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>

-    <property name="p_lvl" value="%level"/>

-    <property name="p_log" value="%logger"/>

-    <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>

-    <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>

-    <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>

-    <!-- tabs -->

-    <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>

-    <property name="p_thr" value="%thread"/>

-    <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>

-    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">

-        <encoder>

-            <pattern>${pattern}</pattern>

-        </encoder>

-    </appender>

-    <appender name="FILE" class="ch.qos.logback.core.FileAppender">

-        <file>output.log</file>

-        <encoder>

-            <pattern>${pattern}</pattern>

-        </encoder>

-    </appender>

-    <logger level="INFO" name="org.onap.logging.ref.slf4j" additivity="false">

-        <appender-ref ref="STDOUT" />

-        <appender-ref ref="FILE" />

-    </logger>

-    <root level="INFO">

-        <appender-ref ref="STDOUT" />

-    </root>

-</configuration>

+<configuration >
+    <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
+    <property name="p_lvl" value="%level"/>
+    <property name="p_log" value="%logger"/>
+    <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
+    <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+    <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+    <!-- tabs -->
+    <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+    <property name="p_thr" value="%thread"/>
+    <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>${pattern}</pattern>
+        </encoder>
+    </appender>
+    <appender name="FILE" class="ch.qos.logback.core.FileAppender">
+        <file>/opt/app/logs/EELF/output.log</file>
+        <encoder>
+            <pattern>${pattern}</pattern>
+        </encoder>
+    </appender>
+    <logger level="INFO" name="org.onap.logging.ref.slf4j" additivity="false">
+        <appender-ref ref="STDOUT" />
+        <appender-ref ref="FILE" />
+    </logger>
+    <root level="info">
+        <appender-ref ref="STDOUT" />
+        <appender-ref ref="FILE" />
+    </root>
+</configuration>
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/configmap.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/configmap.yaml
index 1e377b9..3c8606a 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/configmap.yaml
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/configmap.yaml
@@ -1,30 +1,29 @@
-# Copyright © 2018 Amdocs

-#

-# Licensed under the Apache License, Version 2.0 (the "License");

-# you may not use this file except in compliance with the License.

-# You may obtain a copy of the License at

-#

-#       http://www.apache.org/licenses/LICENSE-2.0

-#

-# Unless required by applicable law or agreed to in writing, software

-# distributed under the License is distributed on an "AS IS" BASIS,

-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-# See the License for the specific language governing permissions and

-# limitations under the License.

-#

-

-apiVersion: v1

-kind: ConfigMap

-metadata:

-  name: {{ include "common.fullname" . }}-log

-  namespace: {{ include "common.namespace" . }}

-data:

-{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }}

----

-apiVersion: v1

-kind: ConfigMap

-metadata:

-  name: {{ include "common.fullname" . }}-configmap

-  namespace: {{ include "common.namespace" . }}

-data:

-{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}

+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-log
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-configmap
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml
index 7f44106..0f980bb 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml
@@ -1,118 +1,127 @@
-# Copyright © 2018 Amdocs

-#

-# Licensed under the Apache License, Version 2.0 (the "License");

-# you may not use this file except in compliance with the License.

-# You may obtain a copy of the License at

-#

-#       http://www.apache.org/licenses/LICENSE-2.0

-#

-# Unless required by applicable law or agreed to in writing, software

-# distributed under the License is distributed on an "AS IS" BASIS,

-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-# See the License for the specific language governing permissions and

-# limitations under the License.

-

-apiVersion: extensions/v1beta1

-kind: Deployment

-metadata:

-  name: {{ include "common.fullname" . }}

-  namespace: {{ include "common.namespace" . }}

-  labels:

-    app: {{ include "common.name" . }}

-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}

-    release: {{ .Release.Name }}

-    heritage: {{ .Release.Service }}

-spec:

-  replicas: {{ .Values.replicaCount }}

-  template:

-    metadata:

-      labels:

-        app: {{ include "common.name" . }}

-        release: {{ .Release.Name }}

-    spec:

-      containers:

-        - name: {{ include "common.name" . }}

-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"

-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}

-          ports:

-          - containerPort: {{ .Values.service.internalPort }}

-          # disable liveness probe when breakpoints set in debugger

-          # so K8s doesn't restart unresponsive container

-          {{ if .Values.liveness.enabled }}

-          livenessProbe:

-            tcpSocket:

-              port: {{ .Values.service.internalPort }}

-            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}

-            periodSeconds: {{ .Values.liveness.periodSeconds }}

-          {{ end }}

-          readinessProbe:

-            tcpSocket:

-              port: {{ .Values.service.internalPort }}

-            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}

-            periodSeconds: {{ .Values.readiness.periodSeconds }}

-          env:

-          volumeMounts:

-          - mountPath: /etc/localtime

-            name: localtime

-            readOnly: true

-          - name: {{ include "common.fullname" . }}-logs

-            mountPath: /var/log/onap

-          - mountPath: /opt/app/config/logback.xml

-            name: {{ include "common.fullname" . }}-log-conf

-            subPath: logback.xml

-          - mountPath: /opt/app/config/application.properties

-            name: {{ include "common.fullname" . }}-config

-            subPath: application.properties

-            readOnly: true

-          - mountPath: /opt/app/config/auth/enricher-client-cert.p12

-            name: {{ include "common.fullname" . }}-auth-secret

-            subPath: enricher-client-cert.p12

-            readOnly: true

-

-          resources:

-{{ include "common.resources" . | indent 12 }}

-        {{- if .Values.nodeSelector }}

-        nodeSelector:

-{{ toYaml .Values.nodeSelector | indent 10 }}

-        {{- end -}}

-        {{- if .Values.affinity }}

-        affinity:

-{{ toYaml .Values.affinity | indent 10 }}

-        {{- end }}

-

-        # Filebeat sidecar container

-        - name: {{ include "common.name" . }}-filebeat-onap

-          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"

-          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}

-          volumeMounts:

-          - name: {{ include "common.fullname" . }}-filebeat-conf

-            mountPath: /usr/share/filebeat/filebeat.yml

-            subPath: filebeat.yml

-          - name: {{ include "common.fullname" . }}-data-filebeat

-            mountPath: /usr/share/filebeat/data

-          - name: {{ include "common.fullname" . }}-logs

-            mountPath: /var/log/onap

-

-      volumes:

-        - name: localtime

-          hostPath:

-            path: /etc/localtime

-        - name:  {{ include "common.fullname" . }}-logs

-          emptyDir: {}

-        - name: {{ include "common.fullname" . }}-log-conf

-          configMap:

-            name: {{ include "common.fullname" . }}-log

-        - name: {{ include "common.fullname" . }}-config

-          configMap:

-            name: {{ include "common.fullname" . }}-configmap

-        - name: {{ include "common.fullname" . }}-auth-secret

-          secret:

-            secretName: {{ include "common.fullname" . }}-auth

-        - name: {{ include "common.fullname" . }}-filebeat-conf

-          configMap:

-            name: {{ .Release.Name }}-pomba-filebeat-configmap

-        - name: {{ include "common.fullname" . }}-data-filebeat

-          emptyDir: {}

-

-      imagePullSecrets:

-      - name: "{{ include "common.namespace" . }}-docker-registry-key"

+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      containers:
+        - name: {{ include "common.name" . }}
+          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          ports:
+          - containerPort: {{ .Values.service.internalPort }}
+          # disable liveness probe when breakpoints set in debugger
+          # so K8s doesn't restart unresponsive container
+          {{ if .Values.liveness.enabled }}
+          livenessProbe:
+            tcpSocket:
+              port: {{ .Values.service.internalPort }}
+            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.liveness.periodSeconds }}
+          {{ end }}
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.service.internalPort }}
+            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readiness.periodSeconds }}
+          env:
+          volumeMounts:
+          - mountPath: /etc/localtime
+            name: localtime
+            readOnly: true
+          - name: {{ include "common.fullname" . }}-logs
+            mountPath: /opt/app/logs
+            readOnly: false
+          - mountPath: /opt/app/config/logback.xml
+            name: {{ include "common.fullname" . }}-log-conf
+            subPath: logback.xml
+          - mountPath: /opt/app/config/application.properties
+            name: {{ include "common.fullname" . }}-config
+            subPath: application.properties
+            readOnly: true
+          - mountPath: /opt/app/config/auth/client-cert-onap.p12
+            name: {{ include "common.fullname" . }}-auth-secret
+            subPath: client-cert-onap.p12
+            readOnly: true
+          - mountPath: /opt/app/config/auth/tomcat_keystore
+            name: {{ include "common.fullname" . }}-auth-secret
+            subPath: tomcat_keystore
+            readOnly: true
+          - name: {{ include "common.fullname" . }}-logs-eelf
+            mountPath: /opt/app/logs/EELF
+            readOnly: false
+
+          resources:
+{{ include "common.resources" . | indent 12 }}
+        {{- if .Values.nodeSelector }}
+        nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+        {{- end -}}
+        {{- if .Values.affinity }}
+        affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+        {{- end }}
+
+        # Filebeat sidecar container
+        - name: {{ include "common.name" . }}-filebeat-onap
+          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          volumeMounts:
+          - name: {{ include "common.fullname" . }}-filebeat-conf
+            mountPath: /usr/share/filebeat/filebeat.yml
+            subPath: filebeat.yml
+          - name: {{ include "common.fullname" . }}-data-filebeat
+            mountPath: /usr/share/filebeat/data
+          - name: {{ include "common.fullname" . }}-logs
+            mountPath: /opt/app/logs
+
+      volumes:
+        - name: localtime
+          hostPath:
+            path: /etc/localtime
+        - name:  {{ include "common.fullname" . }}-logs
+          emptyDir: {}
+        - name: {{ include "common.fullname" . }}-log-conf
+          configMap:
+            name: {{ include "common.fullname" . }}-log
+        - name: {{ include "common.fullname" . }}-config
+          configMap:
+            name: {{ include "common.fullname" . }}-configmap
+        - name: {{ include "common.fullname" . }}-auth-secret
+          secret:
+            secretName: {{ include "common.fullname" . }}-auth
+        - name: {{ include "common.fullname" . }}-filebeat-conf
+          configMap:
+            name: {{ .Release.Name }}-pomba-filebeat-configmap
+        - name: {{ include "common.fullname" . }}-data-filebeat
+          emptyDir: {}
+        - name:  {{ include "common.fullname" . }}-logs-eelf
+          emptyDir: {}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/service.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/service.yaml
index 2b54def..913a2d8 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/service.yaml
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/service.yaml
@@ -27,8 +27,7 @@
   ports:

     {{if eq .Values.service.type "NodePort" -}}

     - port: {{ .Values.service.externalPort }}

-      #Example internal target port if required

-      #targetPort: {{ .Values.service.internalPort }}

+      targetPort: {{ .Values.service.internalPort }}

       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}

       name: {{ .Values.service.portName | default "http" }}

     {{- else -}}

diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml
index 0e42192..fdc4429 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml
@@ -24,7 +24,7 @@
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image:  onap/network-discovery:1.4.2
+image:  onap/network-discovery:1.4.1-latest
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -34,10 +34,28 @@
 # Example:
 config:
   # Network Discovery Micro Service REST Client Configuration
+
+  #Enable HTTPS
+  serverSslPort: 8443
+  serverSslKeyStore: /opt/app/config/auth/tomcat_keystore
+  serverSslKeyStorePassword: password(OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10)
+  serverSslClientAuth: want
+  serverSslEnabled: true
+  serverSslEnabledProtocols: TLSv1.1,TLSv1.2
+
   # Basic Authorization credentials for Network Discovery Micro Service Rest Service
   networkDiscoveryUserId: admin
   networkDiscoveryPassword: OBF:1u2a1toa1w8v1tok1u30
 
+  # Basic Authorization credentials for Openstack Rest APIs
+  openstackIdentityUrl: http://10.69.36.11:5000/v3/auth/tokens
+  openstackUserId: admin
+  openstackPassword: OBF:1w951ugg1vun1uha1w8l
+
+  # Openstack Rest API URLs:
+  openstackTypeVserverUrl: http://10.69.36.11:8774/v2.1/servers/{0}
+  openstackTypeL3NetworkUrl: http://10.69.36.11:9696/v2.0/networks/{0}
+
 # default number of instances
 replicaCount: 1
 
@@ -66,12 +84,12 @@
 
   #Services may use any combination of ports depending on the 'type' of
   #service being defined.
-  type: ClusterIP
+  type: NodePort
+  name: pomba-networkdiscovery  
   externalPort: 9531
-  internalPort: 8080
-#  nodePort: <replace with unused node port suffix eg. 23>
-  # optional port name override - default can be defined in service.yaml
-  #portName: http
+  internalPort: 8443
+  nodePort: 99
+  portName: https
 
 ingress:
   enabled: false
@@ -94,4 +112,4 @@
     requests:
       cpu: 20m
       memory: 800Mi
-  unlimited: {}
\ No newline at end of file
+  unlimited: {}
diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml
index 79c5f0b..0a4b616 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml
+++ b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml
@@ -1,236 +1,31 @@
-<configuration scan="true" scanPeriod="10 seconds" debug="false">
-		<jmxConfigurator />
-		<property file="/opt/app/config/application.properties" />
-		<property name="logDirectory" value="/var/log/onap/pomba-networkdiscoveryctxbuilder" />
-		<!-- Example evaluator filter applied against console appender -->
-		<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
-				<!-- filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>ERROR</level> 
-						<onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter -->
-				<!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
-				<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
-						<level>INFO</level>
-				</filter>
-				<encoder>
-						<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
-						</pattern>
-				</encoder>
-		</appender>
-
-		<appender name="ERROR"
-				class="ch.qos.logback.core.rolling.RollingFileAppender">
-				<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
-						<level>INFO</level>
-				</filter>
-				<file>${logDirectory}/error.log</file>
-				<append>true</append>
-				<encoder>
-						<pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSXXX", UTC}|%X{RequestId}|%.20thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDescription}|%msg%n</pattern>
-				</encoder>
-				<rollingPolicy
-						class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
-						<maxIndex>10</maxIndex>
-						<FileNamePattern>${logDirectory}/error.%i.log.zip
-						</FileNamePattern>
-				</rollingPolicy>
-				<triggeringPolicy
-						class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
-						<maxFileSize>10MB</maxFileSize>
-				</triggeringPolicy>
-		</appender>
-
-		<appender name="DEBUG"
-				class="ch.qos.logback.core.rolling.RollingFileAppender">
-				<file>${logDirectory}/debug.log</file>
-				<append>true</append>
-				<encoder>
-						<pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSXXX",UTC}|%X{RequestId}|%.20thread|%.-5level|%logger{36}|%msg%n</pattern>
-				</encoder>
-				<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-					<fileNamePattern>${logDirectory}/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
-					<timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
-						<maxFileSize>10MB</maxFileSize>
-					</timeBasedFileNamingAndTriggeringPolicy>
-					<maxHistory>5</maxHistory>
-				</rollingPolicy>
-		</appender>
-
-		<appender name="AUDIT"
-				class="ch.qos.logback.core.rolling.RollingFileAppender">
-				<file>${logDirectory}/audit.log</file>
-				<append>true</append>
-				<encoder>
-						<pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
-						</pattern>
-				</encoder>
-				<rollingPolicy
-						class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
-						<maxIndex>10</maxIndex>
-						<FileNamePattern>${logDirectory}/audit.%i.log.zip
-						</FileNamePattern>
-				</rollingPolicy>
-				<triggeringPolicy
-						class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
-						<maxFileSize>10MB</maxFileSize>
-				</triggeringPolicy>
-		</appender>
-		<appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
-				<queueSize>256</queueSize>
-				<appender-ref ref="AUDIT" />
-		</appender>
-
-		<appender name="METRIC"
-				class="ch.qos.logback.core.rolling.RollingFileAppender">
-				<file>${logDirectory}/metric.log</file>
-				<append>true</append>
-				<encoder>
-						<pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|
-								%msg%n</pattern>
-				</encoder>
-				<rollingPolicy
-						class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
-						<maxIndex>10</maxIndex>
-						<FileNamePattern>${logDirectory}/metric.%i.log.zip
-						</FileNamePattern>
-				</rollingPolicy>
-				<triggeringPolicy
-						class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
-						<maxFileSize>10MB</maxFileSize>
-				</triggeringPolicy>
-		</appender>
-		<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
-				<queueSize>256</queueSize>
-				<appender-ref ref="METRIC" />
-		</appender>
-
-		<!-- SECURITY related loggers -->
-		<appender name="SECURITY"
-				class="ch.qos.logback.core.rolling.RollingFileAppender">
-				<file>${logDirectory}/security.log</file>
-				<append>true</append>
-				<encoder>
-						<pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
-						</pattern>
-				</encoder>
-				<rollingPolicy
-						class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
-						<maxIndex>10</maxIndex>
-						<FileNamePattern>${logDirectory}/security.%i.log.zip
-						</FileNamePattern>
-				</rollingPolicy>
-				<triggeringPolicy
-						class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
-						<maxFileSize>10MB</maxFileSize>
-				</triggeringPolicy>
-		</appender>
-		<appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">
-				<queueSize>256</queueSize>
-				<appender-ref ref="SECURITY" />
-		</appender>
-
-		<!-- CLDS related loggers -->
-		<logger name="org.onap.pomba.clds" level="INFO" additivity="true">
-				<appender-ref ref="ERROR" />
-		</logger>
-
-		<!-- CLDS related loggers -->
-		<logger name="com.att.eelf.error" level="OFF" additivity="true">
-				<appender-ref ref="ERROR" />
-		</logger>
-		<!-- EELF related loggers -->
-		<logger name="com.att.eelf.audit" level="INFO" additivity="false">
-				<appender-ref ref="asyncEELFAudit" />
-		</logger>
-		<logger name="com.att.eelf.metrics" level="DEBUG" additivity="false">
-				<appender-ref ref="asyncEELFMetrics" />
-		</logger>
-		<logger name="com.att.eelf.security" level="DEBUG" additivity="false">
-				<appender-ref ref="asyncEELFSecurity" />
-		</logger>
-
-
-		<!-- Spring related loggers -->
-		<logger name="org.springframework" level="WARN" />
-		<logger name="org.springframework.beans" level="WARN" />
-		<logger name="org.springframework.web" level="WARN" />
-		<logger name="com.blog.spring.jms" level="WARN" />
-
-		<!-- Other Loggers that may help troubleshoot -->
-		<logger name="net.sf" level="WARN" />
-		<logger name="org.apache.commons.httpclient" level="WARN" />
-		<logger name="org.apache.commons" level="WARN" />
-		<logger name="org.apache.coyote" level="WARN" />
-		<logger name="org.apache.jasper" level="WARN" />
-
-		<!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
-				May aid in troubleshooting) -->
-		<logger name="org.apache.camel" level="WARN" />
-		<logger name="org.apache.cxf" level="WARN" />
-		<logger name="org.apache.camel.processor.interceptor" level="WARN" />
-		<logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
-		<logger name="org.apache.cxf.service" level="WARN" />
-		<logger name="org.restlet" level="DEBUG" />
-		<logger name="org.apache.camel.component.restlet" level="DEBUG" />
-
-		<!-- logback internals logging -->
-		<logger name="ch.qos.logback.classic" level="INFO" />
-		<logger name="ch.qos.logback.core" level="INFO" />
-
-		<!-- logback jms appenders & loggers definition starts here -->
-		<!-- logback jms appenders & loggers definition starts here -->
-		<appender name="auditLogs"
-				class="ch.qos.logback.core.rolling.RollingFileAppender">
-				<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
-				</filter>
-				<file>${logDirectory}/Audit.log</file>
-				<rollingPolicy
-						class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
-						<fileNamePattern>${logDirectory}/Audit.%i.log.zip
-						</fileNamePattern>
-						<minIndex>1</minIndex>
-						<maxIndex>9</maxIndex>
-				</rollingPolicy>
-				<triggeringPolicy
-						class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
-						<maxFileSize>5MB</maxFileSize>
-				</triggeringPolicy>
-				<encoder>
-						<pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
-				</encoder>
-		</appender>
-		<appender name="perfLogs"
-				class="ch.qos.logback.core.rolling.RollingFileAppender">
-				<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
-				</filter>
-				<file>${logDirectory}/Perform.log</file>
-				<rollingPolicy
-						class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
-						<fileNamePattern>${logDirectory}/Perform.%i.log.zip
-						</fileNamePattern>
-						<minIndex>1</minIndex>
-						<maxIndex>9</maxIndex>
-				</rollingPolicy>
-				<triggeringPolicy
-						class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
-						<maxFileSize>5MB</maxFileSize>
-				</triggeringPolicy>
-				<encoder>
-						<pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
-				</encoder>
-		</appender>
-		<logger name="AuditRecord" level="INFO" additivity="FALSE">
-				<appender-ref ref="auditLogs" />
-		</logger>
-		<logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE">
-				<appender-ref ref="auditLogs" />
-		</logger>
-		<logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
-				<appender-ref ref="perfLogs" />
-		</logger>
-		<!-- logback jms appenders & loggers definition ends here -->
-
-		<root level="WARN">
-				<appender-ref ref="DEBUG" />
-				<appender-ref ref="STDOUT" />
-		</root>
-
+<configuration >
+    <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
+    <property name="p_lvl" value="%level"/>
+    <property name="p_log" value="%logger"/>
+    <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
+    <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+    <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+    <!-- tabs -->
+    <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+    <property name="p_thr" value="%thread"/>
+    <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>${pattern}</pattern>
+        </encoder>
+    </appender>
+    <appender name="FILE" class="ch.qos.logback.core.FileAppender">
+        <file>/opt/app/logs/EELF/output.log</file>
+        <encoder>
+            <pattern>${pattern}</pattern>
+        </encoder>
+    </appender>
+    <logger level="INFO" name="org.onap.logging.ref.slf4j" additivity="false">
+        <appender-ref ref="STDOUT" />
+        <appender-ref ref="FILE" />
+    </logger>
+    <root level="info">
+        <appender-ref ref="STDOUT" />
+        <appender-ref ref="FILE" />
+    </root>
 </configuration>
diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml
index 462ee68..ebb1d37 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml
+++ b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml
@@ -56,7 +56,8 @@
             name: localtime
             readOnly: true
           - name: {{ include "common.fullname" . }}-logs
-            mountPath: /var/log/onap
+            mountPath: /opt/app/logs
+            readOnly: false
           - mountPath: /opt/app/config/logback.xml
             name: {{ include "common.fullname" . }}-log-conf
             subPath: logback.xml
@@ -64,6 +65,9 @@
             name: {{ include "common.fullname" . }}-config
             readOnly: true
             subPath: application.properties
+          - name: {{ include "common.fullname" . }}-logs-eelf
+            mountPath: /opt/app/logs/EELF
+            readOnly: false
 
           resources:
 {{ include "common.resources" . | indent 12 }}
@@ -87,7 +91,7 @@
           - name: {{ include "common.fullname" . }}-data-filebeat
             mountPath: /usr/share/filebeat/data
           - name: {{ include "common.fullname" . }}-logs
-            mountPath: /var/log/onap
+            mountPath: /opt/app/logs
 
       volumes:
         - name: localtime
@@ -106,7 +110,7 @@
           emptyDir: {}
         - name:  {{ include "common.fullname" . }}-logs
           emptyDir: {}
-        
-
+        - name:  {{ include "common.fullname" . }}-logs-eelf
+          emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml
index ff1f6c8..b45c24b 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml
+++ b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml
@@ -24,7 +24,7 @@
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image:  onap/pomba-network-discovery-context-builder:1.3.1
+image:  onap/pomba-network-discovery-context-builder:1.4.0-SNAPSHOT-latest
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -52,7 +52,7 @@
   # Network Discovery Micro Service REST Client Configuration
   networkDiscoveryServiceName: pomba-networkdiscovery
   networkDiscoveryPort: 9531
-  networkDiscoveryHttpProtocol: http
+  networkDiscoveryHttpProtocol: https
   networkDiscoveryPath: /network-discovery/v1/network/resource
   # Wait for Network Discovery MicroService response in milliseconds
   networkDiscoveryTimeOutInMilliseconds: 60000
@@ -116,4 +116,4 @@
     requests:
       cpu: 200m
       memory: 800Mi
-  unlimited: {}
\ No newline at end of file
+  unlimited: {}
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/.helmignore b/kubernetes/pomba/charts/pomba-sdncctxbuilder/.helmignore
new file mode 100644
index 0000000..f0c1319
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/Chart.yaml b/kubernetes/pomba/charts/pomba-sdncctxbuilder/Chart.yaml
new file mode 100644
index 0000000..c9dad03
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP POMBA SDNC Context Builder
+name: pomba-sdncctxbuilder
+version: 3.0.0
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/requirements.yaml b/kubernetes/pomba/charts/pomba-sdncctxbuilder/requirements.yaml
new file mode 100644
index 0000000..cf40869
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~3.0.0
+    repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties b/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties
new file mode 100644
index 0000000..fcfe9dc
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties
@@ -0,0 +1,72 @@
+# Copyright © 2019 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License
+
+spring.jersey.type=filter
+spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
+camel.springboot.xmlRoutes = file:config/dynamic/routes/*.route
+service.xml.beans = config/dynamic/conf/*.xml
+
+server.contextPath=/sdnccontextbuilder/v1
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+
+#This property is used to set the Tomcat connector attributes.developers can define multiple attributes separated by comma
+#tomcat.connector.attributes=allowTrace-true
+#The max number of active threads in this pool
+server.tomcat.max-threads=200
+#The minimum number of threads always kept alive
+server.tomcat.min-spare-threads=25
+
+# Basic Authorization credentials for SDNC Context Builder REST Service
+sdncCtxBuilder.userId={{ .Values.config.sdncCtxBuilderUserId }}
+sdncCtxBuilder.password={{ .Values.config.sdncCtxBuilderPassword }}
+
+# AAI REST Client Configuration
+aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}}
+aai.servicePort={{ .Values.config.aaiPort }}
+# AAI APIs authentication mode. Valid values: [basic_auth, client_cert]
+aai.authentication=basic_auth
+aai.trustStorePath=n/a
+aai.keyStorePath=n/a
+aai.keyStorePassword=n/a
+aai.username={{ .Values.config.aaiUsername }}
+aai.password={{ .Values.config.aaiPassword }}
+aai.httpProtocol={{ .Values.config.aaiHttpProtocol }}
+aai.authentication={{ .Values.config.aaiAuthentication }}
+aai.trustStorePath={{ .Values.config.aaiTrustStorePath }}
+aai.keyStorePath={{ .Values.config.aaiKeyStorePath }}
+aai.keyStorePassword={{ .Values.config.aaiKeyStorePassword }}
+aai.connectionTimeout={{ .Values.config.aaiConnectionTimeout }}
+aai.readTimeout={{ .Values.config.aaiReadTimeout }}
+
+# HTTP Basic Authorization credentials for AAI Rest Service API
+aai.http.userId={{ .Values.config.aaiHttpUserId }}
+aai.http.password={{ .Values.config.aaiHttpPassword }}
+
+aai.searchNodeQuery=/aai/v11/search/nodes-query?search-node-type=service-instance&filter=service-instance-id:EQUALS:
+aai.customerQuery=/aai/v11/business/customers/customer/
+aai.serviceInstancePath=/aai/v11/business/customers/customer/{0}/service-subscriptions/service-subscription/{1}/service-instances/service-instance/{2}
+
+# SDNC REST Client Configuration
+sdnc.serviceName={{ .Values.config.sdncServiceName }}.{{.Release.Namespace}}
+sdnc.servicePort={{ .Values.config.sdncPort }}
+sdnc.user={{ .Values.config.sdncUsername }}
+sdnc.password={{ .Values.config.sdncPassword }}
+sdnc.httpProtocol={{ .Values.config.sdncHttpProtocol }}
+sdnc.connectionTimeout={{ .Values.config.sdncConnectionTimeout }}
+sdnc.readTimeout={{ .Values.config.sdncReadTimeout }}
+sdnc.genericResourcePath=/restconf/config/GENERIC-RESOURCE-API:services/service/{0}
+sdnc.vnfPath=/restconf/config/VNF-API:vnfs/vnf-list/{0}
+
+#Servlet context parameters
+server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/logback.xml b/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/logback.xml
new file mode 100644
index 0000000..519cf24
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/logback.xml
@@ -0,0 +1,235 @@
+<configuration scan="true" scanPeriod="10 seconds" debug="false">
+    <jmxConfigurator />
+    <property name="logDirectory" value="/var/log/onap/pomba-sdncctxbuilder" />
+    <!-- Example evaluator filter applied against console appender -->
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <!-- filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>ERROR</level>
+            <onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter -->
+        <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>INFO</level>
+        </filter>
+        <encoder>
+            <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+            </pattern>
+        </encoder>
+    </appender>
+
+    <appender name="ERROR"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>INFO</level>
+        </filter>
+        <file>${logDirectory}/error.log</file>
+        <append>true</append>
+        <encoder>
+            <pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSXXX", UTC}|%X{RequestId}|%.20thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDescription}|%msg%n</pattern>
+        </encoder>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+            <maxIndex>10</maxIndex>
+            <FileNamePattern>${logDirectory}/error.%i.log.zip
+            </FileNamePattern>
+        </rollingPolicy>
+        <triggeringPolicy
+            class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+            <maxFileSize>10MB</maxFileSize>
+        </triggeringPolicy>
+    </appender>
+
+    <appender name="DEBUG"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${logDirectory}/debug.log</file>
+        <append>true</append>
+        <encoder>
+            <pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSXXX",UTC}|%X{RequestId}|%.20thread|%.-5level|%logger{36}|%msg%n</pattern>
+        </encoder>
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+          <fileNamePattern>${logDirectory}/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+          <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+            <maxFileSize>10MB</maxFileSize>
+          </timeBasedFileNamingAndTriggeringPolicy>
+          <maxHistory>5</maxHistory>
+        </rollingPolicy>
+    </appender>
+
+    <appender name="AUDIT"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${logDirectory}/audit.log</file>
+        <append>true</append>
+        <encoder>
+            <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
+            </pattern>
+        </encoder>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+            <maxIndex>10</maxIndex>
+            <FileNamePattern>${logDirectory}/audit.%i.log.zip
+            </FileNamePattern>
+        </rollingPolicy>
+        <triggeringPolicy
+            class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+            <maxFileSize>10MB</maxFileSize>
+        </triggeringPolicy>
+    </appender>
+    <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+        <queueSize>256</queueSize>
+        <appender-ref ref="AUDIT" />
+    </appender>
+
+    <appender name="METRIC"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${logDirectory}/metric.log</file>
+        <append>true</append>
+        <encoder>
+            <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|
+                %msg%n</pattern>
+        </encoder>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+            <maxIndex>10</maxIndex>
+            <FileNamePattern>${logDirectory}/metric.%i.log.zip
+            </FileNamePattern>
+        </rollingPolicy>
+        <triggeringPolicy
+            class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+            <maxFileSize>10MB</maxFileSize>
+        </triggeringPolicy>
+    </appender>
+    <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+        <queueSize>256</queueSize>
+        <appender-ref ref="METRIC" />
+    </appender>
+
+    <!-- SECURITY related loggers -->
+    <appender name="SECURITY"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${logDirectory}/security.log</file>
+        <append>true</append>
+        <encoder>
+            <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
+            </pattern>
+        </encoder>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+            <maxIndex>10</maxIndex>
+            <FileNamePattern>${logDirectory}/security.%i.log.zip
+            </FileNamePattern>
+        </rollingPolicy>
+        <triggeringPolicy
+            class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+            <maxFileSize>10MB</maxFileSize>
+        </triggeringPolicy>
+    </appender>
+    <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">
+        <queueSize>256</queueSize>
+        <appender-ref ref="SECURITY" />
+    </appender>
+
+    <!-- CLDS related loggers -->
+    <logger name="org.onap.pomba.clds" level="INFO" additivity="true">
+        <appender-ref ref="ERROR" />
+    </logger>
+
+    <!-- CLDS related loggers -->
+    <logger name="com.att.eelf.error" level="OFF" additivity="true">
+        <appender-ref ref="ERROR" />
+    </logger>
+    <!-- EELF related loggers -->
+    <logger name="com.att.eelf.audit" level="INFO" additivity="false">
+        <appender-ref ref="asyncEELFAudit" />
+    </logger>
+    <logger name="com.att.eelf.metrics" level="DEBUG" additivity="false">
+        <appender-ref ref="asyncEELFMetrics" />
+    </logger>
+    <logger name="com.att.eelf.security" level="DEBUG" additivity="false">
+        <appender-ref ref="asyncEELFSecurity" />
+    </logger>
+
+
+    <!-- Spring related loggers -->
+    <logger name="org.springframework" level="WARN" />
+    <logger name="org.springframework.beans" level="WARN" />
+    <logger name="org.springframework.web" level="WARN" />
+    <logger name="com.blog.spring.jms" level="WARN" />
+
+    <!-- Other Loggers that may help troubleshoot -->
+    <logger name="net.sf" level="WARN" />
+    <logger name="org.apache.commons.httpclient" level="WARN" />
+    <logger name="org.apache.commons" level="WARN" />
+    <logger name="org.apache.coyote" level="WARN" />
+    <logger name="org.apache.jasper" level="WARN" />
+
+    <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+        May aid in troubleshooting) -->
+    <logger name="org.apache.camel" level="WARN" />
+    <logger name="org.apache.cxf" level="WARN" />
+    <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+    <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+    <logger name="org.apache.cxf.service" level="WARN" />
+    <logger name="org.restlet" level="DEBUG" />
+    <logger name="org.apache.camel.component.restlet" level="DEBUG" />
+
+    <!-- logback internals logging -->
+    <logger name="ch.qos.logback.classic" level="INFO" />
+    <logger name="ch.qos.logback.core" level="INFO" />
+
+    <!-- logback jms appenders & loggers definition starts here -->
+    <!-- logback jms appenders & loggers definition starts here -->
+    <appender name="auditLogs"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+        </filter>
+        <file>${logDirectory}/Audit.log</file>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+            <fileNamePattern>${logDirectory}/Audit.%i.log.zip
+            </fileNamePattern>
+            <minIndex>1</minIndex>
+            <maxIndex>9</maxIndex>
+        </rollingPolicy>
+        <triggeringPolicy
+            class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+            <maxFileSize>5MB</maxFileSize>
+        </triggeringPolicy>
+        <encoder>
+            <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+        </encoder>
+    </appender>
+    <appender name="perfLogs"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+        </filter>
+        <file>${logDirectory}/Perform.log</file>
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+            <fileNamePattern>${logDirectory}/Perform.%i.log.zip
+            </fileNamePattern>
+            <minIndex>1</minIndex>
+            <maxIndex>9</maxIndex>
+        </rollingPolicy>
+        <triggeringPolicy
+            class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+            <maxFileSize>5MB</maxFileSize>
+        </triggeringPolicy>
+        <encoder>
+            <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+        </encoder>
+    </appender>
+    <logger name="AuditRecord" level="INFO" additivity="FALSE">
+        <appender-ref ref="auditLogs" />
+    </logger>
+    <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE">
+        <appender-ref ref="auditLogs" />
+    </logger>
+    <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
+        <appender-ref ref="perfLogs" />
+    </logger>
+    <!-- logback jms appenders & loggers definition ends here -->
+
+    <root level="WARN">
+        <appender-ref ref="DEBUG" />
+        <appender-ref ref="STDOUT" />
+    </root>
+
+</configuration>
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/configmap.yaml b/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/configmap.yaml
new file mode 100644
index 0000000..7c47fea
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/configmap.yaml
@@ -0,0 +1,30 @@
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-log
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-configmap
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/deployment.yaml
new file mode 100644
index 0000000..ca96dc6
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/deployment.yaml
@@ -0,0 +1,111 @@
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      containers:
+        - name: {{ include "common.name" . }}
+          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          ports:
+          - containerPort: {{ .Values.service.internalPort }}
+          # disable liveness probe when breakpoints set in debugger
+          # so K8s doesn't restart unresponsive container
+          {{ if .Values.liveness.enabled }}
+          livenessProbe:
+            tcpSocket:
+              port: {{ .Values.service.internalPort }}
+            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.liveness.periodSeconds }}
+          {{ end }}
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.service.internalPort }}
+            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readiness.periodSeconds }}
+          env:
+          volumeMounts:
+          - mountPath: /etc/localtime
+            name: localtime
+            readOnly: true
+          - name: {{ include "common.fullname" . }}-logs
+            mountPath: /var/log/onap
+          - mountPath: /opt/app/config/logback.xml
+            name: {{ include "common.fullname" . }}-log-conf
+            subPath: logback.xml
+          - mountPath: /opt/app/config/application.properties
+            name: {{ include "common.fullname" . }}-config
+            subPath: application.properties
+            readOnly: true
+
+          resources:
+{{ include "common.resources" . | indent 12 }}
+        {{- if .Values.nodeSelector }}
+        nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+        {{- end -}}
+        {{- if .Values.affinity }}
+        affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+        {{- end }}
+
+        # Filebeat sidecar container
+        - name: {{ include "common.name" . }}-filebeat-onap
+          image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          volumeMounts:
+          - name: {{ include "common.fullname" . }}-filebeat-conf
+            mountPath: /usr/share/filebeat/filebeat.yml
+            subPath: filebeat.yml
+          - name: {{ include "common.fullname" . }}-data-filebeat
+            mountPath: /usr/share/filebeat/data
+          - name: {{ include "common.fullname" . }}-logs
+            mountPath: /var/log/onap
+
+      volumes:
+        - name: localtime
+          hostPath:
+            path: /etc/localtime
+        - name: {{ include "common.fullname" . }}-config
+          configMap:
+            name: {{ include "common.fullname" . }}-configmap
+        - name: {{ include "common.fullname" . }}-log-conf
+          configMap:
+            name: {{ include "common.fullname" . }}-log
+        - name: {{ include "common.fullname" . }}-filebeat-conf
+          configMap:
+            name: {{ .Release.Name }}-pomba-filebeat-configmap
+        - name: {{ include "common.fullname" . }}-data-filebeat
+          emptyDir: {}
+        - name:  {{ include "common.fullname" . }}-logs
+          emptyDir: {}
+
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/service.yaml b/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/service.yaml
new file mode 100644
index 0000000..defd063
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/service.yaml
@@ -0,0 +1,41 @@
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.servicename" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    {{if eq .Values.service.type "NodePort" -}}
+    - port: {{ .Values.service.externalPort }}
+      #Example internal target port if required
+      #targetPort: {{ .Values.service.internalPort }}
+      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+      name: {{ .Values.service.portName | default "http" }}
+    {{- else -}}
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      name: {{ .Values.service.portName | default "http" }}
+    {{- end}}
+  selector:
+    app: {{ include "common.name" . }}
+    release: {{ .Release.Name }}
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/values.yaml b/kubernetes/pomba/charts/pomba-sdncctxbuilder/values.yaml
new file mode 100644
index 0000000..7947b18
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/values.yaml
@@ -0,0 +1,119 @@
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+  nodePortPrefix: 302
+  repository: nexus3.onap.org:10001
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image:  onap/pomba-sdnc-context-builder:1.4.0-SNAPSHOT-latest
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+config:
+  # AAI Rest Client Connection
+  aaiServiceName: aai
+  aaiPort: 8443
+  aaiUsername: AAI
+  aaiPassword: OBF:1gfr1ev31gg7
+  aaiHttpProtocol: https
+  aaiAuthentication: basic_auth
+  aaiTrustStorePath: n/a
+  aaiKeyStorePath: n/a
+  aaiKeyStorePassword: n/a
+  aaiConnectionTimeout: 5000
+  aaiReadTimeout: 5000
+  # HTTP Basic Authorization credentials for Rest Service API
+  aaiHttpUserId: admin
+  aaiHttpPassword: OBF:1u2a1toa1w8v1tok1u30
+  sdncCtxBuilderUserId: admin
+  sdncCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
+
+  # SDNC Rest Client Connection
+  sdncServiceName: sdnc
+  sdncPort: 8282
+  sdncUsername: admin
+  sdncPassword: OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
+  sdncHttpProtocol: http
+  sdncConnectionTimeout: 5000
+  sdncReadTimeout: 5000
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+  initialDelaySeconds: 60
+  periodSeconds: 30
+  # necessary to disable liveness probe when setting breakpoints
+  # in debugger so K8s doesn't restart unresponsive container
+  enabled: true
+
+readiness:
+  initialDelaySeconds: 60
+  periodSeconds: 30
+
+#Example service definition with external, internal and node ports.
+service:
+  # The default service name (exposed in the service.yaml) will be the same
+  # name as the chart. If the service name needs to be overriden (such as
+  # when a subchart is shared), uncomment the value below.
+  #name: <service-name-override>
+
+  #Services may use any combination of ports depending on the 'type' of
+  #service being defined.
+  type: ClusterIP
+  externalPort: 9530
+  internalPort: 8080
+#  nodePort: <replace with unused node port suffix eg. 23>
+  # optional port name override - default can be defined in service.yaml
+  #portName: http
+
+ingress:
+  enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+  small:
+    limits:
+      cpu: 1
+      memory: 800Mi
+    requests:
+      cpu: 100m
+      memory: 400Mi
+  large:
+    limits:
+      cpu: 2
+      memory: 1600Mi
+    requests:
+      cpu: 200m
+      memory: 800Mi
+  unlimited: {}
diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/application.properties b/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/application.properties
index 5b64f84..8c7d27c 100644
--- a/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/application.properties
+++ b/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/application.properties
@@ -34,6 +34,11 @@
 # AAI REST Client Configuration
 aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}}
 aai.servicePort={{ .Values.config.aaiPort }}
+# AAI APIs authentication mode. Valid values: [basic_auth, client_cert]
+aai.authentication=basic_auth
+aai.trustStorePath=n/a
+aai.keyStorePath=n/a
+aai.keyStorePassword=n/a
 aai.username={{ .Values.config.aaiUsername }}
 aai.password={{ .Values.config.aaiPassword }}
 aai.httpProtocol={{ .Values.config.aaiHttpProtocol }}
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy b/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy
index f74d832..1dc97da 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy
+++ b/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy
@@ -65,6 +65,90 @@
       attributes 'context-list.ndcb.vfList[*].vfModuleList[*].networkList[*]', 'context-list.aai.vfList[*].vfModuleList[*].networkList[*]'
     }
 
+    // SDNC-AAI comparison: Context level
+    useRule {
+      name 'SDNC-AAI-attribute-comparison'
+      attributes 'context-list.sdnc', 'context-list.aai'
+    }
+
+    // SDNC-AAI comparison: Service entity
+    useRule {
+      name 'SDNC-AAI-attribute-comparison'
+      attributes 'context-list.sdnc.service', 'context-list.aai.service'
+    }
+
+    // SDNC-AAI comparison: VF list
+    useRule {
+      name 'SDNC-AAI-attribute-comparison'
+      attributes 'context-list.sdnc.vfList[*]', 'context-list.aai.vfList[*]'
+    }
+
+    // SDNC-AAI comparison: VF-Module list
+    useRule {
+      name 'SDNC-AAI-attribute-comparison'
+      attributes 'context-list.sdnc.vfList[*].vfModuleList[*]', 'context-list.aai.vfList[*].vfModuleList[*]'
+    }
+
+    // SDNC-AAI comparison: VNFC list
+    useRule {
+      name 'SDNC-AAI-attribute-comparison'
+      attributes 'context-list.sdnc.vfList[*].vnfcList[*]', 'context-list.aai.vfList[*].vnfcList[*]'
+    }
+
+    // SDNC-AAI comparison: VM list
+    useRule {
+      name 'SDNC-AAI-attribute-comparison'
+      attributes 'context-list.sdnc.vfList[*].vfModuleList[*].vmList[*]', 'context-list.aai.vfList[*].vfModuleList[*].vmList[*]'
+    }
+
+    // SDNC-AAI comparison: Network list
+    useRule {
+      name 'SDNC-AAI-attribute-comparison'
+      attributes 'context-list.sdnc.vfList[*].vfModuleList[*].networkList[*]', 'context-list.aai.vfList[*].vfModuleList[*].networkList[*]'
+    }
+
+    // SDNC-NDCB comparison: Context level
+    useRule {
+      name 'SDNC-NDCB-attribute-comparison'
+      attributes 'context-list.sdnc', 'context-list.ndcb'
+    }
+
+    // SDNC-NDCB comparison: Service entity
+    useRule {
+      name 'SDNC-NDCB-attribute-comparison'
+      attributes 'context-list.sdnc.service', 'context-list.ndcb.service'
+    }
+
+    // SDNC-NDCB comparison: VF list
+    useRule {
+      name 'SDNC-NDCB-attribute-comparison'
+      attributes 'context-list.sdnc.vfList[*]', 'context-list.ndcb.vfList[*]'
+    }
+
+    // SDNC-NDCB comparison: VF-Module list
+    useRule {
+      name 'SDNC-NDCB-attribute-comparison'
+      attributes 'context-list.sdnc.vfList[*].vfModuleList[*]', 'context-list.ndcb.vfList[*].vfModuleList[*]'
+    }
+
+    // SDNC-NDCB comparison: VNFC list
+    useRule {
+      name 'SDNC-NDCB-attribute-comparison'
+      attributes 'context-list.sdnc.vfList[*].vnfcList[*]', 'context-list.ndcb.vfList[*].vnfcList[*]'
+    }
+
+    // SDNC-NDCB comparison: VM list
+    useRule {
+      name 'SDNC-NDCB-attribute-comparison'
+      attributes 'context-list.sdnc.vfList[*].vfModuleList[*].vmList[*]', 'context-list.ndcb.vfList[*].vfModuleList[*].vmList[*]'
+    }
+
+    // SDNC-NDCB comparison: Network list
+    useRule {
+      name 'SDNC-NDCB-attribute-comparison'
+      attributes 'context-list.sdnc.vfList[*].vfModuleList[*].networkList[*]', 'context-list.ndcb.vfList[*].vfModuleList[*].networkList[*]'
+    }
+
     // SDC-AAI VNFC type
     useRule {
       name 'SDC-AAI-vnfc-type'
@@ -155,7 +239,7 @@
   name        'NDCB-AAI-attribute-comparison'
   category    'Attribute Mismatch'
   description 'Verify that all attributes in Network-Discovery are the same as in AAI'
-  errorText   'Error found with attribute "{0}"; value "{1}" does not exist in Network-Discovery'
+  errorText   'Error found with attribute "{0}"; Network-Discovery value does not match AAI value "{1}"'
   severity    'ERROR'
   attributes  'ndcbItems', 'aaiItems'
   validate    '''
@@ -231,4 +315,169 @@
         }
         return new Tuple2(result, details)
         '''
-}
\ No newline at end of file
+}
+
+rule {
+  name        'SDNC-AAI-attribute-comparison'
+  category    'Attribute Mismatch'
+  description 'Verify that all attributes in SDN-C are the same as in AAI'
+  errorText   'Error found with attribute "{0}"; SDN-C value does not match AAI value "{1}"'
+  severity    'ERROR'
+  attributes  'sdncItems', 'aaiItems'
+  validate    '''
+        Closure<java.util.Map> getAttributes = { parsedData ->
+          java.util.Map attributeMap = new java.util.HashMap()
+
+          def isAttributeDataQualityOk = { attribute ->
+            attribute.findResult{ k, v -> if(k.equals("dataQuality") ) {return v.get("status")}}.equals("ok")
+          }
+
+          def addToMap = { attrKey, attrValue ->
+            java.util.Set values = attributeMap.get("$attrKey")
+            if(values == null) {
+              values = new java.util.HashSet()
+              attributeMap.put("$attrKey", values)
+            }
+            values.add("$attrValue")
+          }
+
+          def addAttributeToMap = { attribute ->
+            if(isAttributeDataQualityOk(attribute)) {
+              String key, value
+              attribute.each { k, v ->
+                if(k.equals("name")) {key = "$v"}
+                if(k.equals("value")) {value = "$v"}
+              }
+              addToMap("$key", "$value")
+            }
+          }
+
+          def processKeyValue = { key, value ->
+            if(value instanceof java.util.ArrayList) {
+              if(key.equals("attributeList")) {
+                value.each {
+                  addAttributeToMap(it)
+                }
+              }
+            } else if(!(value instanceof groovy.json.internal.LazyMap)) {
+              // only add key-value attributes, skip the rest
+              addToMap("$key", "$value")
+            }
+          }
+
+          if(parsedData instanceof java.util.ArrayList) {
+            parsedData.each {
+              it.each { key, value -> processKeyValue(key, value) }
+            }
+          } else {
+            parsedData.each { key, value -> processKeyValue(key, value) }
+          }
+          return attributeMap
+        }
+
+        def slurper = new groovy.json.JsonSlurper()
+        java.util.Map sdnc = getAttributes(slurper.parseText(sdncItems.toString()))
+        java.util.Map aai = getAttributes(slurper.parseText(aaiItems.toString()))
+
+        boolean result = true
+        List<String> details = new ArrayList<>();
+        sdnc.any{ sdncKey, sdncValueList ->
+          def aaiValueList = aai.get("$sdncKey")
+          aaiValueList.each{ aaiValue ->
+            if(!sdncValueList.any{ it == "$aaiValue" }) {
+              result = false
+              details.add("$sdncKey")
+              details.add("$aaiValue")
+            }
+          }
+          if(result == false) {
+            // break out of 'any' loop
+            return true
+          }
+        }
+        return new Tuple2(result, details)
+        '''
+}
+
+
+rule {
+  name        'SDNC-NDCB-attribute-comparison'
+  category    'Attribute Mismatch'
+  description 'Verify that all attributes in SDN-C are the same as in Network Discovery'
+  errorText   'Error found with attribute "{0}"; SDN-C value does not match Network-Discovery value "{1}"'
+  severity    'ERROR'
+  attributes  'sdncItems', 'ndcbItems'
+  validate    '''
+        Closure<java.util.Map> getAttributes = { parsedData ->
+          java.util.Map attributeMap = new java.util.HashMap()
+
+          def isAttributeDataQualityOk = { attribute ->
+            attribute.findResult{ k, v -> if(k.equals("dataQuality") ) {return v.get("status")}}.equals("ok")
+          }
+
+          def addToMap = { attrKey, attrValue ->
+            java.util.Set values = attributeMap.get("$attrKey")
+            if(values == null) {
+              values = new java.util.HashSet()
+              attributeMap.put("$attrKey", values)
+            }
+            values.add("$attrValue")
+          }
+
+          def addAttributeToMap = { attribute ->
+            if(isAttributeDataQualityOk(attribute)) {
+              String key, value
+              attribute.each { k, v ->
+                if(k.equals("name")) {key = "$v"}
+                if(k.equals("value")) {value = "$v"}
+              }
+              addToMap("$key", "$value")
+            }
+          }
+
+          def processKeyValue = { key, value ->
+            if(value instanceof java.util.ArrayList) {
+              if(key.equals("attributeList")) {
+                value.each {
+                  addAttributeToMap(it)
+                }
+              }
+            } else if(!(value instanceof groovy.json.internal.LazyMap)) {
+              // only add key-value attributes, skip the rest
+              addToMap("$key", "$value")
+            }
+          }
+
+          if(parsedData instanceof java.util.ArrayList) {
+            parsedData.each {
+              it.each { key, value -> processKeyValue(key, value) }
+            }
+          } else {
+            parsedData.each { key, value -> processKeyValue(key, value) }
+          }
+          return attributeMap
+        }
+
+        def slurper = new groovy.json.JsonSlurper()
+        java.util.Map sdnc = getAttributes(slurper.parseText(sdncItems.toString()))
+        java.util.Map ndcb = getAttributes(slurper.parseText(ndcbItems.toString()))
+
+        boolean result = true
+        List<String> details = new ArrayList<>();
+        sdnc.any{ sdncKey, sdncValueList ->
+          def ndcbValueList = ndcb.get("$sdncKey")
+          ndcbValueList.each{ ndcbValue ->
+            if(!sdncValueList.any{ it == "$ndcbValue" }) {
+              result = false
+              details.add("$sdncKey")
+              details.add("$ndcbValue")
+            }
+          }
+          if(result == false) {
+            // break out of 'any' loop
+            return true
+          }
+        }
+        return new Tuple2(result, details)
+        '''
+}
diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
index 964e3e8..f34d247 100644
--- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
+++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
@@ -1,62 +1,75 @@
-/*

-# Copyright © 2018 Amdocs, Bell Canada, AT&T

-#

-# Licensed under the Apache License, Version 2.0 (the "License");

-# you may not use this file except in compliance with the License.

-# You may obtain a copy of the License at

-#

-#       http://www.apache.org/licenses/LICENSE-2.0

-#

-# Unless required by applicable law or agreed to in writing, software

-# distributed under the License is distributed on an "AS IS" BASIS,

-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-# See the License for the specific language governing permissions and

-# limitations under the License.

-

-*/

-

-USE portal;

-/*

-Any updates required by OOM to the portaldb are made here.

-1. split up SDC-FE and SDC-BE.  Originally both FE and BE point to the same IP

-while the OOM K8s version has these service split up.

-*/

--- app_url is the FE, app_rest_endpoint is the BE

---portal-sdk => TODO: doesn't open a node port yet

-update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';

---dmaap-bc => the dmaap-bc doesn't open a node port..

-update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';

---sdc-be => 8443:30204, 8080:30205

---sdc-fe => 8181:30206, 9443:30207

-update fn_app set app_url = 'http://{{.Values.config.sdcFeHostName}}:{{.Values.config.sdcFePort}}/sdc1/portal', app_rest_endpoint = 'http://sdc-be:8080/api/v3' where app_name = 'SDC';

---pap => 8443:30219

-update fn_app set app_url = 'https://{{.Values.config.papHostName}}:{{.Values.config.papPort}}/onap/policy', app_rest_endpoint = 'https://pap:8443/onap/api/v3' where app_name = 'Policy';

---vid => 8080:30200

-update fn_app set app_url = 'https://{{.Values.config.vidHostName}}:{{.Values.config.vidPort}}/vid/welcome.htm', app_rest_endpoint = 'https://vid:8443/vid/api/v3' where app_name = 'Virtual Infrastructure Deployment';

---sparky => TODO: sparky doesn't open a node port yet

-update fn_app set app_url = 'http://{{.Values.config.aaiSparkyHostName}}:{{.Values.config.aaiSparkyPort}}/services/aai/webapp/index.html#/viewInspect', app_rest_endpoint = 'http://aai-sparky-be.{{.Release.Namespace}}:9517/api/v2' where app_name = 'A&AI UI';

---cli => 8080:30260

-update fn_app set app_url = 'http://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI';

---msb-iag => 80:30280

-update fn_app set app_url = 'http://{{.Values.config.msbHostName}}:{{.Values.config.msbPort}}/iui/microservices/default.html' where app_name = 'MSB';

-

-

-/*

-Additionally, some more update statments; these should be refactored to another SQL file in future releases 

-*/

-

--- portal

-update fn_app set auth_central = 'Y' , auth_namespace = 'org.onap.portal' where app_id = 1;

--- portal-sdk

-update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='ueb_key' where app_id = 2;

--- SDC

-update fn_app set app_username='sdc', app_password='j85yNhyIs7zKYbR1VlwEfNhS6b7Om4l0Gx5O8931sCI=', ueb_key='ueb_key' where app_id = 4;

--- policy

-update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='ueb_key_5', auth_central = 'Y' , auth_namespace = 'org.onap.policy' where app_id = 5;

--- vid

-update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='2Re7Pvdkgw5aeAUD', auth_central = 'Y' , auth_namespace = 'org.onap.vid' where app_id = 6;

--- aai sparky

-update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key' where app_id = 7;

-

-

-

+/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+*/
+
+USE portal;
+/*
+Any updates required by OOM to the portaldb are made here.
+1. split up SDC-FE and SDC-BE.  Originally both FE and BE point to the same IP
+while the OOM K8s version has these service split up.
+*/
+-- app_url is the FE, app_rest_endpoint is the BE
+--portal-sdk => TODO: doesn't open a node port yet
+update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
+--dmaap-bc => the dmaap-bc doesn't open a node port..
+update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
+--sdc-be => 8443:30204, 8080:30205
+--sdc-fe => 8181:30206, 9443:30207
+update fn_app set app_url = 'http://{{.Values.config.sdcFeHostName}}:{{.Values.config.sdcFePort}}/sdc1/portal', app_rest_endpoint = 'http://sdc-be:8080/api/v3' where app_name = 'SDC';
+--pap => 8443:30219
+update fn_app set app_url = 'https://{{.Values.config.papHostName}}:{{.Values.config.papPort}}/onap/policy', app_rest_endpoint = 'https://pap:8443/onap/api/v3' where app_name = 'Policy';
+--vid => 8080:30200
+update fn_app set app_url = 'https://{{.Values.config.vidHostName}}:{{.Values.config.vidPort}}/vid/welcome.htm', app_rest_endpoint = 'https://vid:8443/vid/api/v3' where app_name = 'Virtual Infrastructure Deployment';
+--sparky => TODO: sparky doesn't open a node port yet
+update fn_app set app_url = 'https://{{.Values.config.aaiSparkyHostName}}:{{.Values.config.aaiSparkyPort}}/services/aai/webapp/index.html#/viewInspect', app_rest_endpoint = 'https://aai-sparky-be.{{.Release.Namespace}}:8000/api/v2' where app_name = 'A&AI UI';
+--cli => 8080:30260
+update fn_app set app_url = 'http://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI';
+--msb-iag => 80:30280
+update fn_app set app_url = 'http://{{.Values.config.msbHostName}}:{{.Values.config.msbPort}}/iui/microservices/default.html' where app_name = 'MSB';
+
+
+/*
+Create SO-Monitoring App
+*/
+INSERT IGNORE INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, `app_notes`, `app_url`, `app_alternate_url`, `app_rest_endpoint`, `ml_app_name`, `ml_app_admin_id`, `mots_id`, `app_password`, `open`, `enabled`, `thumbnail`, `app_username`, `ueb_key`, `ueb_secret`, `ueb_topic_name`, `app_type`,`auth_central`,`auth_namespace`) VALUES
+(10, 'SO-Monitoring', 'images/cache/portal-345993588_92550.png', NULL, NULL, 'http://{{.Values.config.soMonitoringHostName}}:{{.Values.config.soMonitoringPort}}', NULL, 'http://so-monitoring:30224', '', '', NULL, 'password', 'Y', 'Y', NULL, 'user', '', '', '', 1,'N','SO-Monitoring');
+
+/*
+Add SO Monitoring to Default apps
+*/
+INSERT IGNORE INTO `fn_pers_user_app_sel` VALUES (10,1,10,'S');
+
+/*
+Add Contact information for SO Monitoring
+*/
+INSERT IGNORE INTO `fn_app_contact_us` (app_id, contact_name, contact_email, url, active_yn, description) VALUES ( 10,"SO Team","so@lists.onap.org","https://wiki.onap.org/display/DW/Approved+Projects",NULL, "Service Orchestration (SO).");
+
+/*
+Additionally, some more update statments; these should be refactored to another SQL file in future releases 
+*/
+
+-- portal
+update fn_app set auth_central = 'Y' , auth_namespace = 'org.onap.portal' where app_id = 1;
+-- portal-sdk
+update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='ueb_key' where app_id = 2;
+-- SDC
+update fn_app set app_username='sdc', app_password='j85yNhyIs7zKYbR1VlwEfNhS6b7Om4l0Gx5O8931sCI=', ueb_key='ueb_key' where app_id = 4;
+-- policy
+update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='ueb_key_5', auth_central = 'Y' , auth_namespace = 'org.onap.policy' where app_id = 5;
+-- vid
+update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='2Re7Pvdkgw5aeAUD', auth_central = 'Y' , auth_namespace = 'org.onap.vid' where app_id = 6;
+-- aai sparky
+update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key' where app_id = 7;
\ No newline at end of file
diff --git a/kubernetes/portal/charts/portal-mariadb/values.yaml b/kubernetes/portal/charts/portal-mariadb/values.yaml
index 4b4463a..24b92f3 100644
--- a/kubernetes/portal/charts/portal-mariadb/values.yaml
+++ b/kubernetes/portal/charts/portal-mariadb/values.yaml
@@ -68,6 +68,11 @@
   msbPort: "30280"
   # application's front end hostname.  Must be resolvable on the client side environment
   msbHostName: "msb.api.simpledemo.onap.org"
+  # SO Monitoring assignment for port 30224
+  soMonitoringPort: "30224"
+  # application's front end hostname.  Must be resolvable on the client side environment
+  soMonitoringHostName: "so-monitoring"
+
 
 # default number of instances
 replicaCount: 1
diff --git a/kubernetes/portal/docker/init/mariadb-client/Dockerfile b/kubernetes/portal/docker/init/mariadb-client/Dockerfile
index 5eb5ad1..72f60d3 100644
--- a/kubernetes/portal/docker/init/mariadb-client/Dockerfile
+++ b/kubernetes/portal/docker/init/mariadb-client/Dockerfile
@@ -14,7 +14,7 @@
 
 FROM boxfuse/flyway:5.0.7-alpine
 
-ARG branch=master
+ARG branch=3.0.0-ONAP
 ENV no_proxy "localhost,127.0.0.1,.cluster.local,$KUBERNETES_SERVICE_HOST"
 # Setup Corporate proxy
 ENV https_proxy ${HTTP_PROXY}
diff --git a/kubernetes/robot/templates/deployment.yaml b/kubernetes/robot/templates/deployment.yaml
index e230f4c..7b0c140 100644
--- a/kubernetes/robot/templates/deployment.yaml
+++ b/kubernetes/robot/templates/deployment.yaml
@@ -59,15 +59,15 @@
         - name: robot-logs
           mountPath: /share/logs
         resources:
-{{ include "common.resources" . | indent 12 }}
-        {{- if .Values.nodeSelector }}
-        nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
-        {{- end -}}
-        {{- if .Values.affinity }}
-        affinity:
-{{ toYaml .Values.affinity | indent 10 }}
-        {{- end }}
+{{ include "common.resources" . }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
       volumes:
     {{- if .Values.persistence.enabled }}
       - name: robot-logs
diff --git a/kubernetes/so/charts/so-mariadb/values.yaml b/kubernetes/so/charts/so-mariadb/values.yaml
index fa16a7b..b1544aa 100755
--- a/kubernetes/so/charts/so-mariadb/values.yaml
+++ b/kubernetes/so/charts/so-mariadb/values.yaml
@@ -40,7 +40,7 @@
 config:
   mariadbRootPassword: password
   # gerrit branch where the latest heat code is checked in
-  gerritBranch: master
+  gerritBranch: 3.0.0-ONAP
   # gerrit project where the latest heat code is checked in
   gerritProject: http://gerrit.onap.org/r/so/docker-config.git
 # default number of instances
diff --git a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml
index 0eb083d..b06a975 100755
--- a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml
@@ -24,6 +24,14 @@
       max-total: 20
       validation-query: select 1
       test-on-borrow: true
+  security:
+    usercredentials:
+    - username: bpel
+      password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+      role: BPEL-Client
+    - username: mso_admin
+      password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+      role: ACTUATOR
 server:
     port: {{ index .Values.containerPort }}
     tomcat:
diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml
index 3e6b319..8bce2cf 100644
--- a/kubernetes/vid/templates/deployment.yaml
+++ b/kubernetes/vid/templates/deployment.yaml
@@ -72,10 +72,8 @@
               value: "{{ .Values.config.asdcclientrestauth }}"
             - name: ASDC_CLIENT_REST_PORT
               value: "{{ .Values.config.asdcclientrestport }}"
-            - name: VID_AAI_HOST
-              value: aai.{{ include "common.namespace" . }}
-            - name: VID_AAI_PORT
-              value: "{{ .Values.config.vidaaiport }}"
+            - name: VID_AAI_URL
+              value: https://aai.{{ include "common.namespace" . }}:{{ .Values.config.vidaaiport }}
             - name: VID_ECOMP_SHARED_CONTEXT_REST_URL
               value: http://portal-app.{{ include "common.namespace" . }}:{{ .Values.config.onapport }}/ONAPPORTAL/context
             - name: VID_MSO_SERVER_URL