Merge "[POLICY] Fix SSL Failure in Clamp Backend"
diff --git a/.gitignore b/.gitignore
index 6d071f6..8b573a4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,6 @@
+# Helm generated stuff
+Chart.lock
+**/charts/
 # auto generated certificates
 kubernetes/platform/components/oom-cert-service/resources/*.jks
 kubernetes/platform/components/oom-cert-service/resources/*.p12
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
index cccc2b1..d0147aa 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
@@ -63,9 +63,9 @@
           echo "*** retrieve Truststore and Keystore password"
           export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
           echo "*** obfuscate them "
-          export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
-          export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
-          export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
           echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
           echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
           echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
index 95c3fe2..0730713 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
@@ -68,9 +68,9 @@
           echo "*** retrieve Truststore and Keystore password"
           export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
           echo "*** obfuscate them "
-          export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
-          export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
-          export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
           echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
           echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
           echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
index 62e27b6..b483489 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
@@ -63,9 +63,9 @@
           echo "*** retrieve Truststore and Keystore password"
           export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
           echo "*** obfuscate them "
-          export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
-          export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
-          export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
           echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
           echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
           echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
index 07009b2..0d471f7 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
@@ -68,9 +68,9 @@
           echo "*** retrieve Truststore and Keystore password"
           export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
           echo "*** obfuscate them "
-          export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
-          export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
-          export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
           echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
           echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
           echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
@@ -266,9 +266,9 @@
           echo "*** retrieve Truststore and Keystore password"
           export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
           echo "*** obfuscate them "
-          export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
-          export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
-          export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
           echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
           echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
           echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
index c4098b1..22f0dbc 100644
--- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
@@ -56,8 +56,8 @@
           echo "*** obfuscate them "
           export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}
           export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}
-          export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
-          export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
           echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
           echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
         image: {{ include "repositoryGenerator.image.jetty" . }}
diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
index e4f1d72..cb58120 100644
--- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
@@ -52,8 +52,9 @@
           echo "*** obfuscate them "
           export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}
           export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}
-          export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
-          export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          ls -l /usr/local/jetty/lib
+          export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
+          export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
           echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
           echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
         image: {{ include "repositoryGenerator.image.jetty" . }}
@@ -75,8 +76,6 @@
         - |
           echo "*** retrieve Truststore and Keystore password"
           export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
-          echo "keystore pass: $KEYSTORE_PASSWORD"
-          echo "truststore pass: $TRUSTSTORE_PASSWORD"
           echo "*** actual launch of AAI Schema Service"
           /bin/bash /opt/app/aai-schema-service/docker-entrypoint.sh
         {{- end }}
diff --git a/kubernetes/common/cassandra/templates/servicemonitor.yaml b/kubernetes/common/cassandra/templates/servicemonitor.yaml
new file mode 100644
index 0000000..5297e69
--- /dev/null
+++ b/kubernetes/common/cassandra/templates/servicemonitor.yaml
@@ -0,0 +1,19 @@
+{{/*
+# Copyright © 2022 Amdocs, Bitnami, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{  include "common.serviceMonitor" . }}
+{{- end }}
\ No newline at end of file
diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml
index 840e95b..43367ee 100644
--- a/kubernetes/common/cassandra/templates/statefulset.yaml
+++ b/kubernetes/common/cassandra/templates/statefulset.yaml
@@ -1,5 +1,5 @@
 {{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
+# Copyright © 2022 Amdocs, AT&T, Bell Canada, Bitnami
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -26,6 +26,15 @@
     type: {{ .Values.updateStrategy.type }}
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+      {{- if or .Values.podAnnotations (and .Values.metrics.serviceMonitor.enabled .Values.metrics.podAnnotations) }}
+      annotations:
+        {{- if .Values.podAnnotations }}
+        {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
+        {{- end }}
+        {{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.podAnnotations }}
+        {{- include "common.tplValue" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }}
+        {{- end }}
+      {{- end }}
     spec:
       hostNetwork: {{ .Values.hostNetwork }}
       imagePullSecrets:
@@ -126,6 +135,41 @@
               command: ["/bin/sh", "-c", "PID=$(pidof java) && kill $PID && while ps -p $PID > /dev/null; do sleep 1; done"]
         {{- end }}
         resources: {{ toYaml .Values.resources | nindent 10 }}
+      {{- if .Values.metrics.serviceMonitor.enabled }}
+      - name: {{ include "common.name" . }}-metrics
+        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.metrics.image }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.metrics.pullPolicy | quote}}
+        {{- if (.Values.metrics.enabled) }}
+        ports:
+        {{- range $index, $metricPort := .Values.metrics.ports }}
+        - name: {{ $metricPort.name }}
+          containerPort: {{ $metricPort.port }}
+          protocol: TCP
+        {{- end }}
+        livenessProbe:
+          httpGet:
+            path: {{ .Values.metrics.livenessProbe.httpGet.path }}
+            port: {{ .Values.metrics.livenessProbe.httpGet.port }}
+          initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }}
+          timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }}
+          failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }}
+        readinessProbe:
+          httpGet:
+            path: {{ .Values.metrics.readinessProbe.httpGet.path }}
+            port: {{ .Values.metrics.readinessProbe.httpGet.port }}
+          initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }}
+          timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }}
+          failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }}
+        {{- end }}
+        {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+        {{- if .Values.metrics.resources }}
+        resources: {{- toYaml .Values.metrics.resources | nindent 10 }}
+        {{- end }}
+      {{- end }}
       {{- if .Values.nodeSelector }}
       nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
       {{- end -}}
diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml
index 1d69993..597174e 100644
--- a/kubernetes/common/cassandra/values.yaml
+++ b/kubernetes/common/cassandra/values.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Copyright © 2022 Amdocs, Bell Canada, AT&T, Bitnami
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -168,3 +168,63 @@
   nameOverride: cassandra
   roles:
     - nothing
+
+# Cassandra Metrics
+metrics:
+  enabled: false
+  image: bitnami/cassandra-exporter:2.3.4-debian-10-r641
+  pullPolicy: IfNotPresent
+  ports:
+  - name: tcp-metrics
+    port: 8080
+  podAnnotations:
+    prometheus.io/scrape: 'true'
+    prometheus.io/port: '8080'
+  livenessProbe:
+    enabled: true
+    httpGet:
+      path: /metrics
+      port: 8080
+    initialDelaySeconds: 30
+    periodSeconds: 10
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+  readinessProbe:
+    httpGet:
+      path: /metrics
+      port: 8080
+    enabled: true
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+  serviceMonitor:
+    enabled: false
+    targetPort: 8080
+    path: /metrics
+    basicAuth:
+      enabled: false
+    ## Namespace in which Prometheus is running
+    ##
+    # namespace: monitoring
+
+    ## Interval at which metrics should be scraped.
+    #interval: 30s
+
+    ## Timeout after which the scrape is ended
+    # scrapeTimeout: 10s
+
+    ## ServiceMonitor selector labels
+    selector:
+      app.kubernetes.io/name: '{{ include "common.name" . }}'
+      helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+      app.kubernetes.io/instance: '{{ include "common.release" . }}'
+      app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+
+    ## RelabelConfigs to apply to samples before scraping
+    relabelings: []
+
+    ## MetricRelabelConfigs to apply to samples before ingestion
+    metricRelabelings: []
diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
index fa3de03..96b0c0c 100755
--- a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
+++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
@@ -41,7 +41,7 @@
   if echo $f | grep '\.sh$' >/dev/null; then
     continue
   fi
-  if echo $f | grep '\.b64$' >/dev/null; then
+  if echo $f | grep '\.b64$' >/dev/null
     then
       base64 -d $f > $WORK_DIR/`basename $f .b64`
     else
@@ -87,4 +87,4 @@
     exit 1
   else
     cp /etc/ssl/certs/ca-certificates.crt $WORK_DIR/.
-fi
\ No newline at end of file
+fi
diff --git a/kubernetes/common/common/templates/_dmaapProvisioning.tpl b/kubernetes/common/common/templates/_dmaapProvisioning.tpl
index d28494a..eefd00d 100644
--- a/kubernetes/common/common/templates/_dmaapProvisioning.tpl
+++ b/kubernetes/common/common/templates/_dmaapProvisioning.tpl
@@ -138,6 +138,7 @@
   args:
   - -c
   - |
+    set -uex -o pipefail
     if [ -d /opt/app/config/cache ]; then
       cd /opt/app/config/cache
       for file in $(ls feed*); do
@@ -147,8 +148,6 @@
       done
       for file in $(ls drpub*); do
         NUM=$(echo "$file" | sed 's/drpubConfig-\([0-9]\+\)-resp.json/\1/')
-        export DR_USERNAME_"$NUM"="$(grep -o '"username":"[^"]*' "$file" | cut -d '"' -f4)"
-        export DR_PASSWORD_"$NUM"="$(grep -o '"userpwd":"[^"]*' "$file" | cut -d '"' -f4)"
         export DR_FILES_PUBLISHER_ID_"$NUM"="$(grep -o '"pubId":"[^"]*' "$file" | cut -d '"' -f4)"
       done
       for file in $(ls drsub*); do
diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl
index a488e0d..f6a0f21 100644
--- a/kubernetes/common/common/templates/_service.tpl
+++ b/kubernetes/common/common/templates/_service.tpl
@@ -267,6 +267,11 @@
 {{- $ports := $dot.Values.service.headlessPorts -}}
 {{- $labels := default (dict) .labels -}}
 {{- $matchLabels := default (dict) .matchLabels -}}
+{{- if ($dot.Values.metrics) }}
+{{-   range $index, $metricPort := $dot.Values.metrics.ports }}
+{{-     $ports = append $ports $metricPort }}
+{{-   end }}
+{{- end }}
 {{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true "labels" $labels "matchLabels" $matchLabels) }}
 {{- end -}}
 
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index f49a898..9f7c882 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -608,8 +608,8 @@
     ## ServiceMonitor selector labels
     ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
     ##
-    selector:
-      prometheus: kube-prometheus
+    # selector:
+    #   prometheus: kube-prometheus
 
     ## RelabelConfigs to apply to samples before scraping
     ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml
index 5a43eef..7058f86 100644
--- a/kubernetes/common/repositoryGenerator/values.yaml
+++ b/kubernetes/common/repositoryGenerator/values.yaml
@@ -1,6 +1,6 @@
 # Copyright © 2020 Orange
 # Copyright © 2021 Nokia, AT&T
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (c) 2022 Nordix Foundation.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -28,7 +28,10 @@
   envsubstImage: dibi/envsubst:1
   # there's only latest image for htpasswd
   htpasswdImage: xmartlabs/htpasswd:latest
-  jettyImage: jetty:9-jdk11-slim
+  # if you change jetty image, you'll also need to update jar file which is
+  # "hardcoded" to the value...
+  # (/usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar) for 9.4.45
+  jettyImage: jetty:9.4.45-jdk11-slim
   jreImage: onap/integration-java11:10.0.0
   kubectlImage: bitnami/kubectl:1.19
   loggingImage: beats/filebeat:5.5.0
@@ -37,7 +40,7 @@
   postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
   readinessImage: onap/oom/readiness:3.0.1
   dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
-  dbcClientImage: onap/dmaap/dbc-client:2.0.7
+  dbcClientImage: onap/dmaap/dbc-client:2.0.9
   quitQuitImage: onap/oom/readiness:4.1.0
 
   # Default credentials
diff --git a/kubernetes/cps/Chart.yaml b/kubernetes/cps/Chart.yaml
index 40bf488..5e951d7 100644
--- a/kubernetes/cps/Chart.yaml
+++ b/kubernetes/cps/Chart.yaml
@@ -23,9 +23,6 @@
   - name: common
     version: ~10.x-0
     repository: '@local'
-  - name: roles-wrapper
-    version: ~10.x-0
-    repository: '@local'
   - name: cps-core
     version: ~10.x-0
     repository: '@local'
diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
index 8f904ef..e9958f1 100644
--- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
@@ -20,9 +20,9 @@
 spring:
   datasource:
 {{- if .Values.global.postgres.localCluster }}
-    url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}
+    url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:{{ .Values.postgres.service.externalPort2 }}/{{ .Values.postgres.config.pgDatabase }}
 {{- else }}
-    url: jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}
+    url: jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:{{ .Values.global.postgres.service.externalPort2 }}/{{ .Values.postgres.config.pgDatabase }}
 {{- end }}
     username: ${DB_USERNAME}
     password: ${DB_PASSWORD}
diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml
index a482152..e67cfb2 100644
--- a/kubernetes/cps/components/cps-core/values.yaml
+++ b/kubernetes/cps/components/cps-core/values.yaml
@@ -58,8 +58,11 @@
     localCluster: false
     service:
       name: pgset
+      externalPort: 5432
       name2: tcp-pgset-primary
+      externalPort2: 5432
       name3: tcp-pgset-replica
+      externalPort3: 5432
     container:
       name: postgres
 
@@ -200,8 +203,11 @@
   nameOverride: &postgresName cps-core-postgres
   service:
     name: *postgresName
+    externalPort: 5432
     name2: cps-core-pg-primary
+    externalPort2: 5432
     name3: cps-core-pg-replica
+    externalPort3: 5432
   container:
     name:
       primary: cps-core-pg-primary
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml
new file mode 100644
index 0000000..13a14a5
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml
@@ -0,0 +1,19 @@
+{{/*
+################################################################################
+#   Copyright (c) 2022 Nordix Foundation.                                      #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+*/}}
+
+{{ include "common.secretFast" . }}
\ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
index 7408f44..2ce6c89 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
@@ -1,6 +1,6 @@
 # ================================ LICENSE_START ==========================
 # =========================================================================
-#  Copyright (C) 2021 Nordix Foundation.
+#  Copyright (c) 2021 Nordix Foundation.
 # =========================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -31,6 +31,16 @@
   logstashPort: 5044
 
 #################################################################
+# Secrets Configuration.
+#################################################################
+secrets:
+  - uid: &drPubCredsUID drpubcreds
+    type: basicAuth
+    login: '{{ .Values.drPubscriberCreds.username }}'
+    password: '{{ .Values.drPubscriberCreds.password }}'
+    passwordPolicy: required
+
+#################################################################
 # InitContainer Images.
 #################################################################
 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
@@ -116,6 +126,19 @@
 # It's a workaround because DMAAP specific env variables are not available in main container.
   CBS_CLIENT_CONFIG_PATH: ''
 
+# Data Router Publisher Credentials
+drPubscriberCreds:
+  username: username
+  password: password
+
+credentials:
+- name: DR_USERNAME
+  uid: *drPubCredsUID
+  key: login
+- name: DR_PASSWORD
+  uid: *drPubCredsUID
+  key: password
+
 # Initial Application Configuration
 applicationConfig:
   dmaap.certificateConfig.keyCert: /opt/app/datafile/etc/cert/cert.p12
@@ -139,8 +162,8 @@
         location: loc00
         log_url: ${DR_LOG_URL_0}
         publish_url: ${DR_FILES_PUBLISHER_URL_0}
-        username: ${DR_USERNAME_0}
-        password: ${DR_PASSWORD_0}
+        username: ${DR_USERNAME}
+        password: ${DR_PASSWORD}
       type: data_router
   streams_subscribes:
     dmaap_subscriber:
@@ -159,6 +182,8 @@
 # DataRouter Publisher Configuration
 drPubConfig:
   - feedName: bulk_pm_feed
+    username: ${DR_USERNAME}
+    userpwd: ${DR_PASSWORD}
     dcaeLocationName: loc00
 
 # ConfigMap Configuration for Feed, Dr_Publisher
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
index 84a3c1e..2bfa496 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
@@ -79,7 +79,7 @@
             name: {{ include "common.fullname" . }}-log-conf
             subPath: logback.xml
           - mountPath: {{ .Values.global.loggingDirectory }}
-            name: {{ include "common.fullname" . }}-logs
+            name: logs
           resources: {{ include "common.resources" . | nindent 12 }}
         {{- if .Values.nodeSelector }}
         nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
@@ -106,7 +106,7 @@
           configMap:
             name: {{ include "common.fullname" . }}-log
         {{ include "common.log.volumes" . | nindent 8 }}
-        - name:  {{ include "common.fullname" . }}-logs
+        - name: logs
           emptyDir: {}
       {{- if not .Values.persistence.enabled }}
         - name:  {{ include "common.fullname" . }}-event-logs
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
index 5f99ea3..b7acbc9 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
@@ -95,7 +95,7 @@
             name: {{ include "common.fullname" . }}-log-conf
             subPath: logback.xml
           - mountPath: {{ .Values.global.loggingDirectory }}
-            name: {{ include "common.fullname" . }}-logs
+            name: logs
           resources:
 {{ include "common.resources" . }}
         {{- if .Values.nodeSelector }}
@@ -123,7 +123,7 @@
         configMap:
           name: {{ include "common.fullname" . }}-log
       {{ include "common.log.volumes" . | nindent 6 }}
-      - name:  {{ include "common.fullname" . }}-logs
+      - name: logs
         emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml
index 27b79fd..455996b 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml
@@ -15,7 +15,7 @@
 # limitations under the License.
 
 apiVersion: v2
-appVersion: "1.0"
+appVersion: "2.0"
 description: Holmes Engine Management
 name: holmes-engine-mgmt
 version: 10.0.0
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
index b625f6d..aef0c8c 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
@@ -20,6 +20,13 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+{{- $sum := "" }}
+{{- range $path, $bytes := .Files.Glob "resources/config/*.json"}}
+{{- $sum = $.Files.Get $path | sha256sum | print $sum }}
+{{- end }}
+  annotations:
+    checksum/config: {{ $sum | sha256sum }}
+
 spec:
   replicas: 1
   selector: {{- include "common.selectors" . | nindent 4 }}
@@ -27,19 +34,6 @@
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }}
-      - name: init-consul
-        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        env:
-        - name: CONSUL_HOST
-          value: {{ .Values.consulHost | default "consul-server-ui" }}.{{ include "common.namespace" . }}
-        args:
-        - --key
-        - holmes-engine-mgmt|/hemconfig/cfy.json
-        resources: {}
-        volumeMounts:
-        - mountPath: /hemconfig
-          name: {{ include "common.fullname" . }}-config
       - name: {{ include "common.name" . }}-env-config
         image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -73,6 +67,8 @@
         volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
         - name: {{ include "common.fullname" . }}-env-config
           mountPath: /opt/hemconfig
+        - name: {{ include "common.fullname" . }}-config
+          mountPath: /opt/hemtopics
         # disable liveness probe when breakpoints set in debugger
         # so K8s doesn't restart unresponsive container
         {{- if eq .Values.liveness.enabled true }}
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
index 1bdf35d..d9dfa2d 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
@@ -25,7 +25,7 @@
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/holmes/engine-management:9.0.0
+image: onap/holmes/engine-management:10.0.0
 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
 
 #################################################################
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml
index d224e94..97d7fe3 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml
@@ -15,7 +15,7 @@
 # limitations under the License.
 
 apiVersion: v2
-appVersion: "1.0"
+appVersion: "2.0"
 description: Holmes Rule Management
 name: holmes-rule-mgmt
 version: 10.0.0
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/cfy.json b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/cfy.json
deleted file mode 100644
index 8710f81..0000000
--- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/cfy.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-    "holmes.default.rule.volte.scenario1": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b$$$package org.onap.holmes.droolsRule;\n\nimport org.onap.holmes.common.dmaap.DmaapService;\nimport org.onap.holmes.common.api.stat.VesAlarm;\nimport org.onap.holmes.common.aai.CorrelationUtil;\nimport org.onap.holmes.common.dmaap.entity.PolicyMsg;\nimport org.onap.holmes.common.dropwizard.ioc.utils.ServiceLocatorHolder;\nimport org.onap.holmes.common.utils.DroolsLog;\n \n\nrule \"Relation_analysis_Rule\"\nsalience 200\nno-loop true\n    when\n        $root : VesAlarm(alarmIsCleared == 0,\n            $sourceId: sourceId, sourceId != null && !sourceId.equals(\"\"),\n\t\t\t$sourceName: sourceName, sourceName != null && !sourceName.equals(\"\"),\n\t\t\t$startEpochMicrosec: startEpochMicrosec,\n            eventName in (\"Fault_MultiCloud_VMFailure\"),\n            $eventId: eventId)\n        $child : VesAlarm( eventId != $eventId, parentId == null,\n            CorrelationUtil.getInstance().isTopologicallyRelated(sourceId, $sourceId, $sourceName),\n            eventName in (\"Fault_MME_eNodeB out of service alarm\"),\n            startEpochMicrosec < $startEpochMicrosec + 60000 && startEpochMicrosec > $startEpochMicrosec - 60000 )\n    then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"Relation_analysis_Rule: rootId=\" + $root.getEventId() + \", childId=\" + $child.getEventId());\n\t\t$child.setParentId($root.getEventId());\n\t\tupdate($child);\n\t\t\nend\n\nrule \"root_has_child_handle_Rule\"\nsalience 150\nno-loop true\n\twhen\n\t\t$root : VesAlarm(alarmIsCleared == 0, rootFlag == 0, $eventId: eventId)\n\t\t$child : VesAlarm(eventId != $eventId, parentId == $eventId)\n\tthen\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"root_has_child_handle_Rule: rootId=\" + $root.getEventId() + \", childId=\" + $child.getEventId());\n\t\tDmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);\n\t\tPolicyMsg policyMsg = dmaapService.getPolicyMsg($root, $child, \"org.onap.holmes.droolsRule\");\n        dmaapService.publishPolicyMsg(policyMsg, \"dcae_cl_out\");\n\t\t$root.setRootFlag(1);\n\t\tupdate($root);\nend\n\nrule \"root_no_child_handle_Rule\"\nsalience 100\nno-loop true\n    when\n        $root : VesAlarm(alarmIsCleared == 0, rootFlag == 0,\n            sourceId != null && !sourceId.equals(\"\"),\n\t\t\tsourceName != null && !sourceName.equals(\"\"),\n            eventName in (\"Fault_MultiCloud_VMFailure\"))\n    then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"root_no_child_handle_Rule: rootId=\" + $root.getEventId());\n\t\tDmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);\n\t\tPolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, \"org.onap.holmes.droolsRule\");\n        dmaapService.publishPolicyMsg(policyMsg, \"dcae_cl_out\");\n\t\t$root.setRootFlag(1);\n\t\tupdate($root);\nend\n\nrule \"root_cleared_handle_Rule\"\nsalience 100\nno-loop true\n    when\n        $root : VesAlarm(alarmIsCleared == 1, rootFlag == 1)\n    then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"root_cleared_handle_Rule: rootId=\" + $root.getEventId());\n\t\tDmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);\n\t\tPolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, \"org.onap.holmes.droolsRule\");\n        dmaapService.publishPolicyMsg(policyMsg, \"dcae_cl_out\");\n\t\tretract($root);\nend\n\nrule \"child_handle_Rule\"\nsalience 100\nno-loop true\n    when\n        $child : VesAlarm(alarmIsCleared == 1, rootFlag == 0)\n    then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"child_handle_Rule: childId=\" + $child.getEventId());\n\t\tretract($child);\nend",
-    "services_calls": {},
-    "streams_publishes": {},
-    "streams_subscribes": {}
-}
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl b/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl
new file mode 100644
index 0000000..494333c
--- /dev/null
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl
@@ -0,0 +1,88 @@
+package org.onap.holmes.droolsRule;
+
+import org.onap.holmes.common.dmaap.DmaapService;
+import org.onap.holmes.common.api.stat.VesAlarm;
+import org.onap.holmes.common.aai.CorrelationUtil;
+import org.onap.holmes.common.dmaap.entity.PolicyMsg;
+import org.onap.holmes.common.dropwizard.ioc.utils.ServiceLocatorHolder;
+import org.onap.holmes.common.utils.DroolsLog;
+
+rule "Relation_analysis_Rule"
+salience 200
+no-loop true
+    when
+        $root : VesAlarm(alarmIsCleared == 0,
+            $sourceId: sourceId, sourceId != null && !sourceId.equals(""),
+            $sourceName: sourceName, sourceName != null && !sourceName.equals(""),
+            $startEpochMicrosec: startEpochMicrosec,
+            eventName in ("Fault_MultiCloud_VMFailure"),
+            $eventId: eventId)
+        $child : VesAlarm( eventId != $eventId, parentId == null,
+            CorrelationUtil.getInstance().isTopologicallyRelated(sourceId, $sourceId, $sourceName),
+            eventName in ("Fault_MME_eNodeB out of service alarm"),
+            startEpochMicrosec < $startEpochMicrosec + 60000 && startEpochMicrosec > $startEpochMicrosec - 60000 )
+    then
+        DroolsLog.printInfo("===========================================================");
+        DroolsLog.printInfo("Relation_analysis_Rule: rootId=" + $root.getEventId() + ", childId=" + $child.getEventId());
+        $child.setParentId($root.getEventId());
+        update($child);
+end
+
+rule "root_has_child_handle_Rule"
+salience 150
+no-loop true
+    when
+        $root : VesAlarm(alarmIsCleared == 0, rootFlag == 0, $eventId: eventId)
+        $child : VesAlarm(eventId != $eventId, parentId == $eventId)
+    then
+        DroolsLog.printInfo("===========================================================");
+        DroolsLog.printInfo("root_has_child_handle_Rule: rootId=" + $root.getEventId() + ", childId=" + $child.getEventId());
+        DmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);
+        PolicyMsg policyMsg = dmaapService.getPolicyMsg($root, $child, "org.onap.holmes.droolsRule");
+        dmaapService.publishPolicyMsg(policyMsg, "dcae_cl_out");
+        $root.setRootFlag(1);
+        update($root);
+end
+
+rule "root_no_child_handle_Rule"
+salience 100
+no-loop true
+    when
+        $root : VesAlarm(alarmIsCleared == 0, rootFlag == 0,
+            sourceId != null && !sourceId.equals(""),
+            sourceName != null && !sourceName.equals(""),
+            eventName in ("Fault_MultiCloud_VMFailure"))
+    then
+        DroolsLog.printInfo("===========================================================");
+        DroolsLog.printInfo("root_no_child_handle_Rule: rootId=" + $root.getEventId());
+        DmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);
+        PolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, "org.onap.holmes.droolsRule");
+        dmaapService.publishPolicyMsg(policyMsg, "dcae_cl_out");
+        $root.setRootFlag(1);
+        update($root);
+end
+
+rule "root_cleared_handle_Rule"
+salience 100
+no-loop true
+    when
+        $root : VesAlarm(alarmIsCleared == 1, rootFlag == 1)
+    then
+        DroolsLog.printInfo("===========================================================");
+        DroolsLog.printInfo("root_cleared_handle_Rule: rootId=" + $root.getEventId());
+        DmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);
+        PolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, "org.onap.holmes.droolsRule");
+        dmaapService.publishPolicyMsg(policyMsg, "dcae_cl_out");
+        retract($root);
+end
+
+rule "child_handle_Rule"
+salience 100
+no-loop true
+    when
+        $child : VesAlarm(alarmIsCleared == 1, rootFlag == 0)
+    then
+        DroolsLog.printInfo("===========================================================");
+        DroolsLog.printInfo("child_handle_Rule: childId=" + $child.getEventId());
+        retract($child);
+end
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/index.json b/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/index.json
new file mode 100644
index 0000000..70f9dd0
--- /dev/null
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/index.json
@@ -0,0 +1,6 @@
+[
+    {
+        "closedControlLoopName": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b",
+        "file": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl"
+    }
+]
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/configmap.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/configmap.yaml
index 76b339f..3d54264 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/configmap.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/templates/configmap.yaml
@@ -17,5 +17,12 @@
 
 apiVersion: v1
 kind: ConfigMap
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+metadata:
+  name: {{ include "common.fullname" . }}-general-config
 data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | nindent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-rule-config
+data: {{ tpl (.Files.Glob "resources/rules/*").AsConfig . | nindent 2 }}
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
index 19ccbc0..f3e9ce5 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
@@ -20,6 +20,12 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+{{- $sum := "" }}
+{{- range $path, $bytes := .Files.Glob "resources/rules/*"}}
+{{- $sum = $.Files.Get $path | sha256sum | print $sum }}
+{{- end }}
+  annotations:
+    checksum/rules: {{ $sum | sha256sum }}
 spec:
   replicas: 1
   selector: {{- include "common.selectors" . | nindent 4 }}
@@ -27,19 +33,6 @@
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }}
-      - name: init-consul
-        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        env:
-        - name: CONSUL_HOST
-          value: {{ .Values.consulHost | default "consul-server-ui" }}.{{ include "common.namespace" . }}
-        args:
-        - --key
-        - holmes-rule-mgmt|/hrmconfigs/cfy.json
-        resources: {}
-        volumeMounts:
-        - mountPath: /hrmconfigs
-          name: {{ include "common.fullname" . }}-config
       - name: {{ include "common.name" . }}-env-config
         image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -61,7 +54,7 @@
           value: "{{ .Values.config.pgConfig.dbPort }}"
         volumeMounts:
         - mountPath: /hrmconfig
-          name: {{ include "common.fullname" . }}-config
+          name: {{ include "common.fullname" . }}-general-config
         - mountPath: /config
           name: {{ include "common.fullname" . }}-env-config
       containers:
@@ -72,6 +65,8 @@
         volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
         - name: {{ include "common.fullname" . }}-env-config
           mountPath: /opt/hrmconfig
+        - name: {{ include "common.fullname" . }}-rule-config
+          mountPath: /opt/hrmrules
         # disable liveness probe when breakpoints set in debugger
         # so K8s doesn't restart unresponsive container
         {{- if eq .Values.liveness.enabled true }}
@@ -119,10 +114,14 @@
           value: "{{ .Values.config.pgConfig.dbPort }}"
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:  {{ include "common.certInitializer.volumes" . | nindent 6 }}
-      - name: {{ include "common.fullname" . }}-config
+      - name: {{ include "common.fullname" . }}-general-config
         configMap:
           defaultMode: 422
-          name: {{ include "common.fullname" . }}
+          name: {{ include "common.fullname" . }}-general-config
+      - name: {{ include "common.fullname" . }}-rule-config
+        configMap:
+          defaultMode: 422
+          name: {{ include "common.fullname" . }}-rule-config
       - name: {{ include "common.fullname" . }}-env-config
         emptyDir:
           medium: Memory
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
index 0624882..d26e88d 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
@@ -25,7 +25,7 @@
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/holmes/rule-management:9.0.1
+image: onap/holmes/rule-management:10.0.0
 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
 
 #################################################################
@@ -120,17 +120,17 @@
   small:
     limits:
       cpu: 250m
-      memory: 256Mi
+      memory: 1024Mi
     requests:
       cpu: 250m
-      memory: 1024Mi
+      memory: 256Mi
   large:
     limits:
       cpu: 500m
-      memory: 512Mi
+      memory: 2Gi
     requests:
       cpu: 500m
-      memory: 2Gi
+      memory: 512Mi
   unlimited: {}
 
 #Pods Service Account
diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml
index 312fc4b..06ad5b7 100644
--- a/kubernetes/onap/resources/overrides/sm-onap.yaml
+++ b/kubernetes/onap/resources/overrides/sm-onap.yaml
@@ -44,6 +44,11 @@
 #######################
 global:
   aafEnabled: false
+  centralizedLoggingEnabled: false
+  serviceMesh:
+    enabled: true
+    tls: true
+    engine: "istio"
 aai:
   enabled: true
   global: