From: Krzysztof Opasiak <k.opasiak@samsung.com>
Date: Thu, 18 Feb 2021 15:28:20 +0000 (+0000)
Subject: Merge "[AAI][SPARKY] Updating the sparky config"
X-Git-Tag: 8.0.0~113
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=69e8c90cb3c8171d397319b4339b3ce79da07b9c;hp=ef13604954fe3b16ca210ea6ec4d1bf9ec6076c4;p=oom.git

Merge "[AAI][SPARKY] Updating the sparky config"
---

diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
index 6fc63e47d7..3a61e77f40 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
@@ -7,6 +7,7 @@ aai@aai.onap.org|aai|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|60|{'
 aai@aai.onap.org|aai.onap|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12'}
 aai@aai.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.aai|jg1555|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'}
 appc@appc.onap.org|appc|local|/opt/app/osaaf/local||mailto:|org.onap.appc|root|60|{'appc.api.simpledemo.onap.org', 'appc.onap', 'appc.simpledemo.onap.org'}|mmanager@osaaf.org|{'pkcs12'}
+appc-cdt@appc-cdt.onap.org|appc-cdt|local|/opt/app/osaaf/local||mailto:|org.onap.appc-cdt|root|30|{'appc-cdt', 'appc-cdt.api.simpledemo.onap.org', 'appc-cdt.onap'}|mmanager@osaaf.org|{'file', 'pkcs12', 'script'}
 clamp@clamp.onap.org|clamp|local|/opt/app/osaaf/local||mailto:|org.onap.clamp|root|30|{'clamp', 'clamp-onap', 'clamp.api.simpledemo.onap.org', 'clamp.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
 clamp@clamp.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.clamp|jg1555|30|{'clamp.api.simpledemo.onap.org', 'clamp.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'}
 dcae@dcae.onap.org|dcae|local|/opt/app/osaaf/local||mailto:|org.onap.dcae|root|60|{'bbs-event-processor', 'bbs-event-processor.onap', 'bbs-event-processor.onap.svc.cluster.local', 'config-binding-service', 'config-binding-service.onap', 'config-binding-service.onap.svc.cluster.local', 'dashboard', 'dashboard.onap', 'dashboard.onap.svc.cluster.local', 'dcae-cloudify-manager', 'dcae-cloudify-manager.onap', 'dcae-cloudify-manager.onap.svc.cluster.local', 'dcae-datafile-collector', 'dcae-datafile-collector.onap', 'dcae-datafile-collector.onap.svc.cluster.local', 'dcae-hv-ves-collector', 'dcae-hv-ves-collector.onap', 'dcae-hv-ves-collector.onap.svc.cluster.local', 'dcae-pm-mapper', 'dcae-pm-mapper.onap', 'dcae-pm-mapper.onap.svc.cluster.local', 'dcae-pmsh', 'dcae-pmsh.onap', 'dcae-pmsh.onap.svc.cluster.local', 'dcae-prh', 'dcae-prh.onap', 'dcae-prh.onap.svc.cluster.local', 'dcae-tca-analytics', 'dcae-tca-analytics.onap', 'dcae-tca-analytics.onap.svc.cluster.local', 'dcae-ves-collector', 'dcae-ves-collector.onap', 'dcae-ves-collector.onap.svc.cluster.local', 'deployment-handler', 'deployment-handler.onap', 'deployment-handler.onap.svc.cluster.local', 'holmes-engine-mgmt', 'holmes-engine-mgmt.onap', 'holmes-engine-mgmt.onap.svc.cluster.local', 'holmes-rule-mgmt', 'holmes-rules-mgmt.onap', 'holmes-rules-mgmt.onap.svc.cluster.local', 'inventory', 'inventory.onap', 'inventory.onap.svc.cluster.local', 'policy-handler', 'policy-handler.onap', 'policy-handler.onap.svc.cluster.local'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
@@ -29,6 +30,8 @@ dmaap.mr@mr.dmaap.onap.org|dmaap.mr|local|/opt/app/osaaf/local||mailto:|org.onap
 dmaap.mr@mr.dmaap.onap.org|dmaapmr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
 dmaap.mr@mr.dmaap.onap.org|dmaap-mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
 holmes@holmes.onap.org|holmes|local|/opt/app/osaaf/local||mailto:|org.onap.holmes|root|30|{'holmes.api.simpledemo.onap.org', 'holmes.onap'}|aaf_admin@osaaf.org|{'pkcs12'}
+msb-eag@msb-eag.onap.org|msb-eag|local|/opt/app/osaaf/local||mailto:|org.onap.msb-eag|root|30|{'msb-eag', 'msb-eag.api.simpledemo.onap.org', 'msb-eag.onap'}|mmanager@osaaf.org|{'file', 'pkcs12'}
+msb-iag@msb-iag.onap.org|msb-iag|local|/opt/app/osaaf/local||mailto:|org.onap.msb-iag|root|30|{'msb-iag', 'msb-iag.api.simpledemo.onap.org', 'msb-iag.onap'}|mmanager@osaaf.org|{'file', 'pkcs12'}
 music@music.onap.org|music|aaf|/opt/app/aaf/local||mailto:|org.onap.music|root|30|{'music.api.simpledemo.onap.org', 'music.onap'}|mmanager@osaaf.org|{'pkcs12', 'script'}
 music@music.onap.org|music.onap|local|/opt/app/osaaf/local||mailto:|org.onap.music|root|30|{'music-api', 'music-api.onap', 'music-onap', 'music.api.simpledemo.onap.org', 'music.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
 nbi@nbi.onap.org|nbi|local|/opt/app/osaaf/local||mailto:|org.onap.nbi|root|30|{'nbi', 'nbi.api.simpledemo.onap.org', 'nbi.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'}
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat
index ff5caacf47..591f732551 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat
@@ -5,6 +5,7 @@ aaf-sms@aaf-sms.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d0
 clamp@clamp.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.clamp|53344||
 aai@aai.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai|53344||
 appc@appc.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.appc|53344||
+appc-cdt@appc-cdt.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.appc-cdt|53344||
 dcae@dcae.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dcae|53344||
 oof@oof.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.oof|53344||
 so@so.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.so|53344||
@@ -16,6 +17,8 @@ policy@policy.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04d
 pomba@pomba.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.pomba|53344||
 holmes@holmes.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.holmes|53344||
 nbi@nbi.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.nbi|53344||
+msb-eag@msb-eag.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.msb-eag|53344||
+msb-iag@msb-iag.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.msb-iag|53344||
 music@music.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.music|53344||
 vid@vid.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid|53344||
 vid1@vid1.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid1|53344||
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat
index 9b8149dc6a..223fe03afa 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat
@@ -1,6 +1,7 @@
 org.onap.aaf-sms||org.onap||3
 org.onap.aai||org.onap||3
 org.onap.appc||org.onap||3
+org.onap.appc-cdt||org.onap||3
 org.onap.cds||org.onap||3
 org.onap.clampdemo|Onap clamp demo NS|org.onap|2|2
 org.onap.clamp||org.onap||3
@@ -52,6 +53,8 @@ org.onap.dmaap.mr.topic-002||org.onap.dmaap.mr||3
 org.onap.dmaap||org.onap||3
 org.onap.holmes||org.onap||3
 org.onap.music||org.onap||3
+org.onap.msb-eag||org.onap||3
+org.onap.msb-iag||org.onap||3
 org.onap.nbi||org.onap||3
 org.onap|ONAP|org|2|2
 org.onap.oof||org.onap||3
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat
index 23b1d1d690..10edaa596a 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat
@@ -22,6 +22,9 @@ org.onap.appc|apidoc|/apidoc/.*|ALL||"{'org.onap.appc|apidoc'}"
 org.onap.appc|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
 org.onap.appc|odl|odl-api|*|Appc ODL API Access|"{'org.onap.appc.odl', 'org.onap.appc|admin'}"
 org.onap.appc|restconf|/restconf/.*|ALL||"{'org.onap.appc|restconf'}"
+org.onap.appc-cdt|access|*|*|AAF Namespace Write Access|"{'org.onap.appc-cdt|admin', 'org.onap.appc-cdt|service'}"
+org.onap.appc-cdt|access|*|read|AAF Namespace Read Access|"{'org.onap.appc-cdt|owner'}"
+org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
 org.onap.cds|access|*|*|AAF Namespace Write Access|"{'org.onap.cds|admin'}"
 org.onap.cds|access|*|read|AAF Namespace Read Access|"{'org.onap.cds|owner'}"
 org.onap.clamp|access|*|*|AAF Namespace Write Access|"{'org.onap.clamp|admin', 'org.onap.clamp|service'}"
@@ -289,6 +292,12 @@ org.onap.dmaap.mr|topic|*|view||"{'org.onap.dmaap-bc|service', 'org.onap.dmaap.m
 org.onap.dmaap.mr|viewtest|*|view||"{'org.onap.dmaap.mr|viewtest'}"
 org.onap.holmes|access|*|*|AAF Namespace Write Access|"{'org.onap.holmes|admin'}"
 org.onap.holmes|access|*|read|AAF Namespace Read Access|"{'org.onap.holmes|owner'}"
+org.onap.msb-eag|access|*|*|AAF Namespace Write Access|"{'org.onap.msb-eag|admin', 'org.onap.msb-eag|service'}"
+org.onap.msb-eag|access|*|read|AAF Namespace Read Access|"{'org.onap.msb-eag|owner'}"
+org.onap.msb-eag|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
+org.onap.msb-iag|access|*|*|AAF Namespace Write Access|"{'org.onap.msb-iag|admin', 'org.onap.msb-iag|service'}"
+org.onap.msb-iag|access|*|read|AAF Namespace Read Access|"{'org.onap.msb-iag|owner'}"
+org.onap.msb-iag|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
 org.onap.music|access|*|*|AAF Namespace Write Access|"{'org.onap.music|admin'}"
 org.onap.music|access|*|read|AAF Namespace Read Access|"{'org.onap.music|owner'}"
 org.onap.music|certman|local|request,ignoreIPs,showpass||"{'org.onap.music|admin', 'org.osaaf.aaf|deploy'}"
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat
index 240373e5c9..bdacfaa6c3 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat
@@ -18,6 +18,9 @@ org.onap.appc|odl|Onap APPC ODL  Admins|"{'org.onap.appc.odl|odl-api|*'}"
 org.onap.appc|owner|AAF Namespace Owners|"{'org.onap.appc|access|*|read'}"
 org.onap.appc|restconf||"{'org.onap.appc|restconf|/restconf/.*|ALL'}"
 org.onap.appc|service||"{'org.onap.appc|access|*|*'}"
+org.onap.appc-cdt|admin|AAF Namespace Administrators|"{'org.onap.appc-cdt|access|*|*'}"
+org.onap.appc-cdt|owner|AAF Namespace Owners|"{'org.onap.appc-cdt|access|*|read'}"
+org.onap.appc-cdt|service||"{'org.onap.appc-cdt|access|*|*'}"
 org.onap.cds|admin|AAF Namespace Administrators|"{'org.onap.cds|access|*|*'}"
 org.onap.cds|owner|AAF Namespace Owners|"{'org.onap.cds|access|*|read'}"
 org.onap.clamp|admin|AAF Namespace Administrators|"{'org.onap.clamp|access|*|*', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass'}"
@@ -215,6 +218,12 @@ org.onap.dmaap|owner|AAF Namespace Owners|"{'org.onap.dmaap|access|*|read'}"
 org.onap.holmes|admin|AAF Namespace Administrators|"{'org.onap.holmes|access|*|*'}"
 org.onap.holmes|owner|AAF Namespace Owners|"{'org.onap.holmes|access|*|read'}"
 org.onap.holmes|service||
+org.onap.msb-eag|admin|AAF Namespace Administrators|"{'org.onap.msb-eag|access|*|*'}"
+org.onap.msb-eag|owner|AAF Namespace Owners|"{'org.onap.msb-eag|access|*|read'}"
+org.onap.msb-eag|service||"{'org.onap.msb-eag|access|*|*'}"
+org.onap.msb-iag|admin|AAF Namespace Administrators|"{'org.onap.msb-iag|access|*|*'}"
+org.onap.msb-iag|owner|AAF Namespace Owners|"{'org.onap.msb-iag|access|*|read'}"
+org.onap.msb-iag|service||"{'org.onap.msb-iag|access|*|*'}"
 org.onap.music|admin|AAF Namespace Administrators|"{'org.onap.music|access|*|*', 'org.onap.music|certman|local|request,ignoreIPs,showpass'}"
 org.onap.music|owner|AAF Namespace Owners|"{'org.onap.music|access|*|read'}"
 org.onap.music|service||
@@ -302,7 +311,7 @@ org.openecomp.dmaapBC|admin|AAF Admins|"{'org.openecomp.dmaapBC.access|*|*', 'or
 org.openecomp.dmaapBC|owner|AAF Owners|"{'org.openecomp.dmaapBC.access|*|read'}"
 org.openecomp|owner|OpenEcomp Owners|"{'org.openecomp.access|*|read'}"
 org.osaaf.aaf|admin|AAF Admins|"{'org.osaaf.aaf.access|*|*', 'org.osaaf.aaf|cache|all|clear', 'org.osaaf.aaf|cache|role|clear', 'org.osaaf.aaf|password|*|create,reset'}"
-org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}"
+org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}"
 org.osaaf.aaf|owner|AAF Owners|"{'org.osaaf.aaf.access|*|read,approve'}"
 org.osaaf.aaf|service||"{'org.osaaf.aaf|cache|*|clear'}"
 org.osaaf|admin|OSAAF Admins|"{'org.osaaf.access|*|*'}"
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat
index 63190b8a5a..a9dc752494 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat
@@ -5,6 +5,8 @@ mmanager@people.osaaf.org|org.onap.aai.owner|2020-11-26 12:31:54.000+0000|org.on
 mmanager@people.osaaf.org|org.onap.admin|2020-11-26 12:31:54.000+0000|org.onap|admin
 mmanager@people.osaaf.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin
 mmanager@people.osaaf.org|org.onap.appc.owner|2020-11-26 12:31:54.000+0000|org.onap.appc|owner
+mmanager@people.osaaf.org|org.onap.appc-cdt.admin|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|admin
+mmanager@people.osaaf.org|org.onap.appc-cdt.owner|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|owner
 mmanager@people.osaaf.org|org.onap.cds.admin|2020-11-26 12:31:54.000+0000|org.onap.cds|admin
 mmanager@people.osaaf.org|org.onap.cds.owner|2020-11-26 12:31:54.000+0000|org.onap.cds|owner
 mmanager@people.osaaf.org|org.onap.clamp.admin|2020-11-26 12:31:54.000+0000|org.onap.clamp|admin
@@ -49,6 +51,10 @@ mmanager@people.osaaf.org|org.onap.dmaap-mr.sunil.owner|2020-11-26 12:31:54.000+
 mmanager@people.osaaf.org|org.onap.dmaap-mr.test.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap-mr.test|owner
 mmanager@people.osaaf.org|org.onap.dmaap.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap|owner
 mmanager@people.osaaf.org|org.onap.holmes.owner|2020-11-26 12:31:54.000+0000|org.onap.holmes|owner
+mmanager@people.osaaf.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin
+mmanager@people.osaaf.org|org.onap.msb-eag.owner|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|owner
+mmanager@people.osaaf.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin
+mmanager@people.osaaf.org|org.onap.msb-iag.owner|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|owner
 mmanager@people.osaaf.org|org.onap.music.admin|2020-11-26 12:31:54.000+0000|org.onap.music|admin
 mmanager@people.osaaf.org|org.onap.music.owner|2020-11-26 12:31:54.000+0000|org.onap.music|owner
 mmanager@people.osaaf.org|org.onap.nbi.owner|2020-11-26 12:31:54.000+0000|org.onap.nbi|owner
@@ -109,6 +115,8 @@ portal@portal.onap.org|org.onap.dmaap.mr.topic-000.owner|2020-11-26 12:31:54.000
 portal@portal.onap.org|org.onap.dmaap.mr.topic-001.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-001|owner
 portal@portal.onap.org|org.onap.dmaap.mr.topic-002.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-002|owner
 portal@portal.onap.org|org.onap.holmes.admin|2020-11-26 12:31:54.000+0000|org.onap.holmes|admin
+portal@portal.onap.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin
+portal@portal.onap.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin
 portal@portal.onap.org|org.onap.music.admin|2020-11-26 12:31:54.000+0000|org.onap.music|admin
 portal@portal.onap.org|org.onap.music.owner|2020-11-26 12:31:54.000+0000|org.onap.music|owner
 portal@portal.onap.org|org.onap.nbi.admin|2020-11-26 12:31:54.000+0000|org.onap.nbi|admin
@@ -182,6 +190,7 @@ aaf_admin@people.osaaf.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.o
 aaf_admin@people.osaaf.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin
 aaf_admin@people.osaaf.org|org.onap.appc.apidoc|2020-11-26 12:31:54.000+0000|org.onap.appc|apidoc
 aaf_admin@people.osaaf.org|org.onap.appc.restconf|2020-11-26 12:31:54.000+0000|org.onap.appc|restconf
+aaf_admin@people.osaaf.org|org.onap.appc-cdt.admin|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|admin
 aaf_admin@people.osaaf.org|org.onap.cds.admin|2020-11-26 12:31:54.000+0000|org.onap.cds|admin
 aaf_admin@people.osaaf.org|org.onap.clamp.admin|2020-11-26 12:31:54.000+0000|org.onap.clamp|admin
 aaf_admin@people.osaaf.org|org.onap.dcae.admin|2020-11-26 12:31:54.000+0000|org.onap.dcae|admin
@@ -208,6 +217,8 @@ aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-000.owner|2020-11-26 12:31:54
 aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-001.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-001|owner
 aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-002.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-002|owner
 aaf_admin@people.osaaf.org|org.onap.holmes.admin|2020-11-26 12:31:54.000+0000|org.onap.holmes|admin
+aaf_admin@people.osaaf.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin
+aaf_admin@people.osaaf.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin
 aaf_admin@people.osaaf.org|org.onap.music.admin|2020-11-26 12:31:54.000+0000|org.onap.music|admin
 aaf_admin@people.osaaf.org|org.onap.music.owner|2020-11-26 12:31:54.000+0000|org.onap.music|owner
 aaf_admin@people.osaaf.org|org.onap.nbi.admin|2020-11-26 12:31:54.000+0000|org.onap.nbi|admin
@@ -259,6 +270,7 @@ appc@appc.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|
 appc@appc.onap.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin
 appc@appc.onap.org|org.onap.appc.odl|2020-11-26 12:31:54.000+0000|org.onap.appc|odl
 appc@appc.onap.org|org.onap.appc.service|2020-11-26 12:31:54.000+0000|org.onap.appc|service
+appc-cdt@appc-cdt.onap.org|org.onap.appc-cdt.service|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|service
 dcae@dcae.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
 dcae@dcae.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
 dcae@dcae.onap.org|org.onap.dcae.pmPublisher|2020-11-26 12:31:54.000+0000|org.onap.dcae|pmPublisher
@@ -303,6 +315,8 @@ policy@policy.onap.org|org.onap.policy.seeCerts|2020-11-26 12:31:54.000+0000|org
 pomba@pomba.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
 pomba@pomba.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
 holmes@holmes.onap.org|org.onap.holmes.service|2020-11-26 12:31:54.000+0000|org.onap.holmes|service
+msb-eag@msb-eag.onap.org|org.onap.msb-eag.service|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|service
+msb-iag@msb-iag.onap.org|org.onap.msb-iag.service|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|service
 nbi@nbi.onap.org|org.onap.nbi.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.nbi|seeCerts
 nbi@nbi.onap.org|org.onap.nbi.service|2020-11-26 12:31:54.000+0000|org.onap.nbi|service
 music@music.onap.org|org.onap.music.service|2020-11-26 12:31:54.000+0000|org.onap.music|service
diff --git a/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml b/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml
index ebf09e75c5..a10bb8a7a1 100644
--- a/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml
+++ b/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml
@@ -30,16 +30,3 @@ metadata:
     heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/cass-init-dats/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-cass-init-data
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/cass-init-data/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml
index e62d387a0a..4e18b3b746 100644
--- a/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml
+++ b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml
@@ -31,17 +31,9 @@ spec:
         args:
         - -c
         - |
-          echo "*** input data ***"
-          ls -l /config-input-data/*
-          echo "*** input dats ***"
-          ls -l /config-input-dats/*
-          cp -L /config-input-data/* /config-data/
+          echo "*** Move files from configmap to emptyDir"
           cp -L /config-input-dats/* /config-dats/
-          echo "*** output data ***"
-          ls -l /config-data/*
-          echo "*** output dats ***"
-          ls -l /config-dats/*
-          chown -R 1000:1000 /config-data
+          echo "*** set righ user to the different folders"
           chown -R 1000:1000 /config-dats
           chown -R 1000:1000 /var/lib/cassandra
           chown -R 1000:1000 /status
@@ -50,14 +42,10 @@ spec:
         volumeMounts:
           - mountPath: /var/lib/cassandra
             name: aaf-cass-vol
-          - mountPath: /config-input-data
-            name: config-cass-init-data
           - mountPath: /config-input-dats
             name: config-cass-init-dats
           - mountPath: /config-dats
             name: config-cass-dats
-          - mountPath: /config-data
-            name: config-cass-data
           - mountPath: /status
             name: aaf-status
         resources:
@@ -103,8 +91,6 @@ spec:
         - mountPath: /etc/localtime
           name: localtime
           readOnly: true
-        - mountPath: /opt/app/aaf/cass_init/data
-          name: config-cass-data
         - mountPath: /opt/app/aaf/cass_init/dats
           name: config-cass-dats
         - mountPath: /opt/app/aaf/status
@@ -144,12 +130,7 @@ spec:
       - name: config-cass-init-dats
         configMap:
           name: {{ include "common.fullname" . }}-cass-init-dats
-      - name: config-cass-init-data
-        configMap:
-          name: {{ include "common.fullname" . }}-cass-init-data
       - name: config-cass-dats
         emptyDir: {}
-      - name: config-cass-data
-        emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl
index afa5004a48..50da519a89 100644
--- a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl
+++ b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl
@@ -40,6 +40,8 @@ spec:
         - mountPath: /opt/app/osaaf/etc/org.osaaf.aaf.log4j.props
           name: aaf-log
           subPath: org.osaaf.aaf.log4j.props
+        - mountPath: /opt/app/osaaf/data/
+          name: config-identity
         {{- if eq .Values.liveness.enabled true }}
         livenessProbe:
           tcpSocket:
@@ -68,6 +70,11 @@ spec:
       - name: aaf-log
         configMap:
           name: {{ include "common.release" . }}-aaf-log
+      - name: config-init-identity
+        configMap:
+          name: {{ include "common.release" . }}-aaf-identity
+      - name: config-identity
+        emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
 {{- end -}}
diff --git a/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl
index 7cdf4d072e..755315296d 100644
--- a/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl
+++ b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl
@@ -15,12 +15,16 @@
 */}
 
 {{- define "aaf.permissionFixer" -}}
-- name: fix-permission
+- name: onboard-identity-and-fix-permission
   command:
   - /bin/sh
   args:
   - -c
   - |
+    echo "*** Move files from configmap to emptyDir"
+    cp -L /config-input-identity/* /config-identity/
+    echo "*** set righ user to the different folders"
+    chown -R 1000:1000 /config-identity
     chown -R 1000:1000 /opt/app/aaf
     chown -R 1000:1000 /opt/app/osaaf
   image: {{ include "repositoryGenerator.image.busybox" . }}
@@ -28,6 +32,10 @@
   volumeMounts:
   - mountPath: /opt/app/osaaf
     name: aaf-config-vol
+  - mountPath: /config-input-identity
+    name: config-init-identity
+  - mountPath: /config-identity
+    name: config-identity
   resources:
     limits:
       cpu: 100m
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-data/identities.dat b/kubernetes/aaf/resources/data/identities.dat
similarity index 94%
rename from kubernetes/aaf/components/aaf-cass/resources/cass-init-data/identities.dat
rename to kubernetes/aaf/resources/data/identities.dat
index 7e976621df..2ddc273aa3 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-data/identities.dat
+++ b/kubernetes/aaf/resources/data/identities.dat
@@ -53,6 +53,7 @@ aaf-sms|AAF SMS Application|AAF SMS|Application|314-123-1234|no_reply@people.osa
 clamp|ONAP CLAMP Application|CLAMP|Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
 aai|ONAP AAI Application|AAI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
 appc|ONAP APPC Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+appc-cdt|ONAP APPC CDT Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
 dcae|ONAP DCAE Application|CLAMP|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
 oof|ONAP OOF Application|OOF|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
 so|ONAP SO Application|SO|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
@@ -64,6 +65,8 @@ policy|ONAP Policy Application|POLICY|ONAP Application|314-123-1234|no_reply@peo
 pomba|ONAP Pomba Application|POMBA|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
 holmes|ONAP Holmes Application|HOLMES|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
 nbi|ONAP NBI Application|NBI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+msb-eag|ONAP MSB EAG Application|MSB EAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+msb-iag|ONAP MSB IAG Application|MSB IAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
 music|ONAP MUSIC Application|MUSIC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
 # VID Identities
 vid|ONAP VID Application|VID|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
diff --git a/kubernetes/aaf/templates/configmap.yaml b/kubernetes/aaf/templates/configmap.yaml
index 36628ea57a..969046551b 100644
--- a/kubernetes/aaf/templates/configmap.yaml
+++ b/kubernetes/aaf/templates/configmap.yaml
@@ -23,4 +23,17 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 data:
-{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-identity
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/data/*").AsConfig . | indent 2 }}
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties
index 0aee21778c..4f480cb5d7 100644
--- a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties
+++ b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties
@@ -3,7 +3,7 @@ spring.autoconfigure.exclude=\
   org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\
   org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
 
-
+multi.tenancy.enabled=true
 keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth
 keycloak.realm=aai-resources
 keycloak.resource=aai-resources-app
diff --git a/kubernetes/appc/components/appc-cdt/requirements.yaml b/kubernetes/appc/components/appc-cdt/requirements.yaml
index 5f5f1b145c..8fda7eb81d 100644
--- a/kubernetes/appc/components/appc-cdt/requirements.yaml
+++ b/kubernetes/appc/components/appc-cdt/requirements.yaml
@@ -16,6 +16,9 @@ dependencies:
   - name: common
     version: ~7.x-0
     repository: '@local'
+  - name: certInitializer
+    version: ~7.x-0
+    repository: '@local'
   - name: repositoryGenerator
     version: ~7.x-0
     repository: '@local'
diff --git a/kubernetes/appc/components/appc-cdt/resources/entrypoint/startCdt.sh b/kubernetes/appc/components/appc-cdt/resources/entrypoint/startCdt.sh
new file mode 100755
index 0000000000..b5fa5248fa
--- /dev/null
+++ b/kubernetes/appc/components/appc-cdt/resources/entrypoint/startCdt.sh
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+###
+# ============LICENSE_START=======================================================
+# APPC
+# ================================================================================
+# Copyright (C) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2021 Orange Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+if [ -z "$CDT_PORT" ]
+then
+  CDT_PORT="30232"
+fi
+echo "Setting CDT port to $CDT_PORT"
+sed -i -e "s/30290/$CDT_PORT/" /opt/cdt/main.bundle.js
+
+CDT_HOME=/opt/cdt; export CDT_HOME
+LOG_DIR=/opt/cdt/logs; export LOG_DIR
+MaxLogSize=3000000; export MaxLogSize
+PORT=18080; export PORT
+if [ -z "$HTTPS_KEY_FILE" ]
+then
+  HTTPS_KEY_FILE=/opt/cert/cdt-key.pem
+  export HTTPS_KEY_FILE
+fi
+if [ -z "$HTTPS_CERT_FILE" ]
+then
+  HTTPS_CERT_FILE=/opt/cert/cdt-cert.pem
+  export HTTPS_CERT_FILE
+fi
+echo "*** cert file: ${HTTPS_CERT_FILE}"
+echo "*** key file : ${HTTPS_KEY_FILE}"
+node $CDT_HOME/app/ndserver.js
\ No newline at end of file
diff --git a/kubernetes/msb/templates/secrets.yaml b/kubernetes/appc/components/appc-cdt/templates/configmap.yaml
similarity index 65%
rename from kubernetes/msb/templates/secrets.yaml
rename to kubernetes/appc/components/appc-cdt/templates/configmap.yaml
index 7dcec5a303..fea0ec2f7a 100644
--- a/kubernetes/msb/templates/secrets.yaml
+++ b/kubernetes/appc/components/appc-cdt/templates/configmap.yaml
@@ -1,5 +1,5 @@
 {{/*
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2021 Orange.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,14 +13,16 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 */}}
+
 apiVersion: v1
-kind: Secret
+kind: ConfigMap
 metadata:
-  name: {{ include "common.release" . }}-msb-https-cert
-  labels: {{ include "common.labels" . | nindent 4 }}
+  name: {{ include "common.fullname" . }}-entrypoint
+  namespace: {{ include "common.namespace" . }}
+  labels:
     app: {{ include "common.name" . }}
-    chart: {{ include "common.chart" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
     release: {{ include "common.release" . }}
-type: Opaque
+    heritage: {{ .Release.Service }}
 data:
-{{ tpl (.Files.Glob "resources/config/certificates/*").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/entrypoint/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/appc/components/appc-cdt/templates/deployment.yaml b/kubernetes/appc/components/appc-cdt/templates/deployment.yaml
index ebcabf5112..fb15897ae1 100644
--- a/kubernetes/appc/components/appc-cdt/templates/deployment.yaml
+++ b/kubernetes/appc/components/appc-cdt/templates/deployment.yaml
@@ -35,7 +35,7 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers:
+      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
       containers:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -65,10 +65,17 @@ spec:
           # for nodePort3. This value will be configured in appc main chart in appc-cdt section.
           - name: CDT_PORT
             value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort3 }}"
-          volumeMounts:
+          - name: HTTPS_KEY_FILE
+            value: {{ .Values.certInitializer.credsPath }}/certs/key.pem
+          - name: HTTPS_CERT_FILE
+            value: {{ .Values.certInitializer.credsPath }}/certs/cert.pem
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
+          - mountPath: /opt/startCdt.sh
+            name: entrypoint
+            subPath: startCdt.sh
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -79,9 +86,13 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
+        - name: entrypoint
+          configMap:
+            name: {{ include "common.fullname" . }}-entrypoint
+            defaultMode: 0755
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/appc/components/appc-cdt/values.yaml b/kubernetes/appc/components/appc-cdt/values.yaml
index b3dab719bd..3b1ff47116 100644
--- a/kubernetes/appc/components/appc-cdt/values.yaml
+++ b/kubernetes/appc/components/appc-cdt/values.yaml
@@ -18,6 +18,48 @@
 global:
   nodePortPrefix: 302
 
+
+#################################################################
+# AAF part
+#################################################################
+
+# dependency / sub-chart configuration
+certInitializer:
+  nameOverride: appc-cdt-cert-initializer
+  truststoreMountpath: /opt/onap/appc/data/stores
+  fqdn: "appc-cdt"
+  app_ns: "org.osaaf.aaf"
+  fqi: "appc-cdt@appc-cdt.onap.org"
+  fqi_namespace: org.onap.appc-cdt
+  public_fqdn: "appc-cdt.onap.org"
+  aafDeployFqi: "deployer@people.osaaf.org"
+  aafDeployPass: demo123456!
+  cadi_latitude: "38.0"
+  cadi_longitude: "-72.0"
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: |
+    echo "*** retrieving password for keystore"
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass \
+      {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
+    if [ -z "$cadi_keystore_password_p12" ]
+    then
+      echo "  /!\ certificates retrieval failed"
+      exit 1
+    else
+      cd {{ .Values.credsPath }};
+      mkdir -p certs;
+      echo "*** transform AAF certs into pem files"
+      mkdir -p {{ .Values.credsPath }}/certs
+      openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
+        -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
+        -passin pass:$cadi_keystore_password_p12 \
+        -passout pass:$cadi_keystore_password_p12
+      echo "*** copy key file"
+      cp {{ .Values.fqi_namespace }}.key certs/key.pem;
+      echo "*** change ownership of certificates to targeted user"
+      chown -R 1000 {{ .Values.credsPath }}
+    fi
+
 #################################################################
 # Application configuration defaults.
 #################################################################
diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml
index 471f88f735..953c89d24d 100644
--- a/kubernetes/common/cassandra/templates/statefulset.yaml
+++ b/kubernetes/common/cassandra/templates/statefulset.yaml
@@ -100,6 +100,14 @@ spec:
             value: {{ default "GossipingPropertyFileSnitch" .Values.config.endpoint_snitch | quote }}
           - name: CASSANDRA_AUTHENTICATOR
             value: {{ default "PasswordAuthenticator" .Values.config.authenticator | quote }}
+          {{- if include "common.onServiceMesh" . }}
+          - name: CASSANDRA_LISTEN_ADDRESS
+            value: "127.0.0.1"
+          - name: CASSANDRA_BROADCAST_ADDRESS
+            valueFrom:
+              fieldRef:
+                fieldPath: status.podIP
+          {{- end }}
           - name: POD_IP
             valueFrom:
               fieldRef:
diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl
index dddd63491d..9c3010c209 100644
--- a/kubernetes/common/common/templates/_service.tpl
+++ b/kubernetes/common/common/templates/_service.tpl
@@ -128,7 +128,7 @@ labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent
   name: {{ $port.name }}
 {{-       end }}
 {{-       if (eq $serviceType "NodePort") }}
-  nodePort: {{ include "common.nodePortPrefix" (dict "dot" $dot "portNodePortExt" $port.useNodePortExt) }}{{ $port.nodePort }}
+  nodePort: {{ include "common.nodePortPrefix" (dict "dot" $dot "useNodePortExt" $port.useNodePortExt) }}{{ $port.nodePort }}
 {{-       end }}
 {{-     else }}
 - port: {{ default $port.port $port.plain_port }}
diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
index a9c0029f41..9401bf5340 100644
--- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
@@ -92,7 +92,7 @@ postgres:
       mountInitPath: dcaemod
 
 # application image
-image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.4
+image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.5
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
index 03b5c83a97..2482748e4c 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
@@ -69,7 +69,7 @@ readiness:
   # Should have a proper readiness endpoint or script
 
 # application image
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.1
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.2
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/msb/components/msb-eag/requirements.yaml b/kubernetes/msb/components/msb-eag/requirements.yaml
index c59eb6fdf9..fe552019cc 100644
--- a/kubernetes/msb/components/msb-eag/requirements.yaml
+++ b/kubernetes/msb/components/msb-eag/requirements.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,4 +18,7 @@ dependencies:
     repository: '@local'
   - name: repositoryGenerator
     version: ~7.x-0
-    repository: '@local'
\ No newline at end of file
+    repository: '@local'
+  - name: certInitializer
+    version: ~7.x-0
+    repository: '@local'
diff --git a/kubernetes/msb/components/msb-eag/resources/config/log/logback.xml b/kubernetes/msb/components/msb-eag/resources/config/log/logback.xml
deleted file mode 100644
index 680cb7357a..0000000000
--- a/kubernetes/msb/components/msb-eag/resources/config/log/logback.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License. -->
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration debug="true" scan="true" scanPeriod="3 seconds">
-   <!--<jmxConfigurator /> -->
-   <!--  specify the base path of the log directory -->
-   <property name="logDir" value="/var/log/onap" />
-   <!--  specify the component name -->
-   <property name="componentName" value="msb" />
-   <!-- specify the sub component name -->
-   <property name="subComponentName" value="discovery" />
-   <!-- The directories where logs are written -->
-   <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
-   <property name="pattern" value="%d{&amp;quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&amp;quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
-   <!--  log file names -->
-   <property name="errorLogName" value="error" />
-   <property name="metricsLogName" value="metrics" />
-   <property name="auditLogName" value="audit" />
-   <property name="debugLogName" value="debug" />
-   <property name="queueSize" value="256" />
-   <property name="maxFileSize" value="50MB" />
-   <property name="maxHistory" value="30" />
-   <property name="totalSizeCap" value="10GB" />
-   <!-- Example evaluator filter applied against console appender -->
-   <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-   </appender>
diff --git a/kubernetes/msb/components/msb-eag/resources/config/nginx/msbhttps.conf b/kubernetes/msb/components/msb-eag/resources/config/nginx/msbhttps.conf
new file mode 100644
index 0000000000..70125753ed
--- /dev/null
+++ b/kubernetes/msb/components/msb-eag/resources/config/nginx/msbhttps.conf
@@ -0,0 +1,28 @@
+{{/*
+#
+# Copyright (C) 2017-2018 ZTE, Inc. and others. All rights reserved. (ZTE)
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+*/}}
+server {
+  listen 443 ssl;
+  ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.crt;
+  ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key;
+  ssl_protocols TLSv1.1 TLSv1.2;
+  ssl_dhparam ../ssl/dh-pubkey/dhparams.pem;
+  include ../msb-enabled/location-default/msblocations.conf;
+  # Add below settings for making SDC to work
+  underscores_in_headers on;
+}
\ No newline at end of file
diff --git a/kubernetes/msb/components/msb-eag/templates/configmap.yaml b/kubernetes/msb/components/msb-eag/templates/configmap.yaml
index 33c77e5eae..30c0a80209 100644
--- a/kubernetes/msb/components/msb-eag/templates/configmap.yaml
+++ b/kubernetes/msb/components/msb-eag/templates/configmap.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,3 +21,11 @@ metadata:
   namespace: {{ include "common.namespace" . }}
 data:
 {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-nginx
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/nginx/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/msb/components/msb-eag/templates/deployment.yaml b/kubernetes/msb/components/msb-eag/templates/deployment.yaml
index 36cb13dc52..113a174eb6 100644
--- a/kubernetes/msb/components/msb-eag/templates/deployment.yaml
+++ b/kubernetes/msb/components/msb-eag/templates/deployment.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -38,6 +39,7 @@ spec:
     spec:
       serviceAccountName: msb
       initContainers:
+      {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
       - command:
         - /app/ready.py
         args:
@@ -83,19 +85,15 @@ spec:
           - name: ROUTE_LABELS
             value: {{ .Values.config.routeLabels }}
           volumeMounts:
+          {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
-          - name: {{ include "common.fullname" . }}-cert
-            mountPath: /usr/local/openresty/nginx/ssl/cert/cert.crt
-            readOnly: true
-            subPath: "cert.crt"
-          - name: {{ include "common.fullname" . }}-cert
-            mountPath: /usr/local/openresty/nginx/html/cert/ca.crt
-            readOnly: true
-            subPath: "ca.crt"
           - mountPath: /usr/local/apiroute-works/logs
             name: {{ include "common.fullname" . }}-logs
+          - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
+            name: {{ include "common.fullname" . }}-nginx-conf
+            subPath: msbhttps.conf
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -122,12 +120,13 @@ spec:
             name: {{ include "common.fullname" . }}-log-conf
             subPath: logback.xml
       volumes:
-        - name: {{ include "common.fullname" . }}-cert
-          secret:
-            secretName: {{ include "common.release" . }}-msb-https-cert
+        {{ include "common.certInitializer.volumes" . | indent 8 | trim }}
         - name: {{ include "common.fullname" . }}-log-conf
           configMap:
             name: {{ include "common.fullname" . }}-log
+        - name: {{ include "common.fullname" . }}-nginx-conf
+          configMap:
+            name: {{ include "common.fullname" . }}-nginx
         - name: {{ include "common.fullname" . }}-filebeat-conf
           configMap:
             name: {{ include "common.release" . }}-msb-filebeat-configmap
diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml
index b8813b8f1a..ff158b592c 100644
--- a/kubernetes/msb/components/msb-eag/values.yaml
+++ b/kubernetes/msb/components/msb-eag/values.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,6 +18,45 @@
 global:
   nodePortPrefix: 302
 
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  nameOverride: msb-eag-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: msb-eag
+  fqi: msb-eag@msb-eag.onap.org
+  fqi_namespace: org.onap.msb-eag
+  public_fqdn: msb-eag.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: |
+    echo "*** retrieving passwords for certificates"
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass \
+      {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c')
+    if [ -z "$cadi_keystore_password_p12" ]
+    then
+      echo "  /!\ certificates retrieval failed"
+      exit 1
+    else
+      mkdir -p {{ .Values.credsPath }}/certs
+      echo "*** retrieve certificate from pkcs12"
+      openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
+        -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \
+        -passin pass:$cadi_keystore_password_p12 \
+        -passout pass:$cadi_keystore_password_p12
+      echo "*** copy key to relevant place"
+      cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key
+      echo "*** change ownership and read/write attributes"
+      chown -R 1000 {{ .Values.credsPath }}/certs
+      chmod 600 {{ .Values.credsPath }}/certs/cert.crt
+      chmod 600 {{ .Values.credsPath }}/certs/cert.key
+    fi
+
 #################################################################
 # Application configuration defaults.
 #################################################################
diff --git a/kubernetes/msb/components/msb-iag/requirements.yaml b/kubernetes/msb/components/msb-iag/requirements.yaml
index 467a52ab21..fe552019cc 100644
--- a/kubernetes/msb/components/msb-iag/requirements.yaml
+++ b/kubernetes/msb/components/msb-iag/requirements.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,3 +19,6 @@ dependencies:
   - name: repositoryGenerator
     version: ~7.x-0
     repository: '@local'
+  - name: certInitializer
+    version: ~7.x-0
+    repository: '@local'
diff --git a/kubernetes/msb/components/msb-iag/resources/config/log/logback.xml b/kubernetes/msb/components/msb-iag/resources/config/log/logback.xml
deleted file mode 100644
index 680cb7357a..0000000000
--- a/kubernetes/msb/components/msb-iag/resources/config/log/logback.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License. -->
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration debug="true" scan="true" scanPeriod="3 seconds">
-   <!--<jmxConfigurator /> -->
-   <!--  specify the base path of the log directory -->
-   <property name="logDir" value="/var/log/onap" />
-   <!--  specify the component name -->
-   <property name="componentName" value="msb" />
-   <!-- specify the sub component name -->
-   <property name="subComponentName" value="discovery" />
-   <!-- The directories where logs are written -->
-   <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
-   <property name="pattern" value="%d{&amp;quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&amp;quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
-   <!--  log file names -->
-   <property name="errorLogName" value="error" />
-   <property name="metricsLogName" value="metrics" />
-   <property name="auditLogName" value="audit" />
-   <property name="debugLogName" value="debug" />
-   <property name="queueSize" value="256" />
-   <property name="maxFileSize" value="50MB" />
-   <property name="maxHistory" value="30" />
-   <property name="totalSizeCap" value="10GB" />
-   <!-- Example evaluator filter applied against console appender -->
-   <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-   </appender>
diff --git a/kubernetes/msb/components/msb-iag/resources/config/nginx/msbhttps.conf b/kubernetes/msb/components/msb-iag/resources/config/nginx/msbhttps.conf
new file mode 100644
index 0000000000..70125753ed
--- /dev/null
+++ b/kubernetes/msb/components/msb-iag/resources/config/nginx/msbhttps.conf
@@ -0,0 +1,28 @@
+{{/*
+#
+# Copyright (C) 2017-2018 ZTE, Inc. and others. All rights reserved. (ZTE)
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+*/}}
+server {
+  listen 443 ssl;
+  ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.crt;
+  ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key;
+  ssl_protocols TLSv1.1 TLSv1.2;
+  ssl_dhparam ../ssl/dh-pubkey/dhparams.pem;
+  include ../msb-enabled/location-default/msblocations.conf;
+  # Add below settings for making SDC to work
+  underscores_in_headers on;
+}
\ No newline at end of file
diff --git a/kubernetes/msb/components/msb-iag/templates/configmap.yaml b/kubernetes/msb/components/msb-iag/templates/configmap.yaml
index 33c77e5eae..30c0a80209 100644
--- a/kubernetes/msb/components/msb-iag/templates/configmap.yaml
+++ b/kubernetes/msb/components/msb-iag/templates/configmap.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,3 +21,11 @@ metadata:
   namespace: {{ include "common.namespace" . }}
 data:
 {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-nginx
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/nginx/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/msb/components/msb-iag/templates/deployment.yaml b/kubernetes/msb/components/msb-iag/templates/deployment.yaml
index 00dc6b69b3..7bae325b1e 100644
--- a/kubernetes/msb/components/msb-iag/templates/deployment.yaml
+++ b/kubernetes/msb/components/msb-iag/templates/deployment.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -38,6 +39,7 @@ spec:
     spec:
       serviceAccountName: msb
       initContainers:
+      {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
       - command:
         - /app/ready.py
         args:
@@ -83,19 +85,15 @@ spec:
           - name: ROUTE_LABELS
             value: {{ .Values.config.routeLabels }}
           volumeMounts:
+          {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
-          - name: {{ include "common.fullname" . }}-cert
-            mountPath: /usr/local/openresty/nginx/ssl/cert/cert.crt
-            readOnly: true
-            subPath: "cert.crt"
-          - name: {{ include "common.fullname" . }}-cert
-            mountPath: /usr/local/openresty/nginx/html/cert/ca.crt
-            readOnly: true
-            subPath: "ca.crt"
           - mountPath: /usr/local/apiroute-works/logs
             name: {{ include "common.fullname" . }}-logs
+          - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
+            name: {{ include "common.fullname" . }}-nginx-conf
+            subPath: msbhttps.conf
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -122,12 +120,13 @@ spec:
             name: {{ include "common.fullname" . }}-log-conf
             subPath: logback.xml
       volumes:
-        - name: {{ include "common.fullname" . }}-cert
-          secret:
-            secretName: {{ include "common.release" . }}-msb-https-cert
+        {{ include "common.certInitializer.volumes" . | indent 8 | trim }}
         - name: {{ include "common.fullname" . }}-log-conf
           configMap:
             name: {{ include "common.fullname" . }}-log
+        - name: {{ include "common.fullname" . }}-nginx-conf
+          configMap:
+            name: {{ include "common.fullname" . }}-nginx
         - name: {{ include "common.fullname" . }}-filebeat-conf
           configMap:
             name: {{ include "common.release" . }}-msb-filebeat-configmap
diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml
index b91ddcae1b..51e78e1de3 100644
--- a/kubernetes/msb/components/msb-iag/values.yaml
+++ b/kubernetes/msb/components/msb-iag/values.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,6 +18,45 @@
 global:
   nodePortPrefix: 302
 
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  nameOverride: msb-iag-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: msb-iag
+  fqi: msb-iag@msb-iag.onap.org
+  fqi_namespace: org.onap.msb-iag
+  public_fqdn: msb-iag.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: |
+    echo "*** retrieving passwords for certificates"
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass \
+      {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c')
+    if [ -z "$cadi_keystore_password_p12" ]
+    then
+      echo "  /!\ certificates retrieval failed"
+      exit 1
+    else
+      mkdir -p {{ .Values.credsPath }}/certs
+      echo "*** retrieve certificate from pkcs12"
+      openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
+        -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \
+        -passin pass:$cadi_keystore_password_p12 \
+        -passout pass:$cadi_keystore_password_p12
+      echo "*** copy key to relevant place"
+      cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key
+      echo "*** change ownership and read/write attributes"
+      chown -R 1000 {{ .Values.credsPath }}/certs
+      chmod 600 {{ .Values.credsPath }}/certs/cert.crt
+      chmod 600 {{ .Values.credsPath }}/certs/cert.key
+    fi
+
 #################################################################
 # Application configuration defaults.
 #################################################################
diff --git a/kubernetes/msb/requirements.yaml b/kubernetes/msb/requirements.yaml
index c52bec4944..b335bfaf2b 100644
--- a/kubernetes/msb/requirements.yaml
+++ b/kubernetes/msb/requirements.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2020 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
diff --git a/kubernetes/msb/resources/config/certificates/ca.crt b/kubernetes/msb/resources/config/certificates/ca.crt
deleted file mode 100644
index 62da777a58..0000000000
--- a/kubernetes/msb/resources/config/certificates/ca.crt
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDkjCCAnoCCQCHtNgoWafiHzANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC
-Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK
-DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg
-Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMTU2MjBa
-Fw0yNzAzMTUwMTU2MjBaMIGKMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVh
-bmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAKBgNVBAoMA3p0ZTEOMAwGA1UECwwFemVu
-YXAxODA2BgNVBAMML1pURSBPcGVuUGFsZXR0ZSBSb290IENlcnRpZmljYXRlIEF1
-dGhvcml0eSAyMDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23LK
-Eq56pVzsRbYJ6NMdk82QfLjnp+f7KzdQ46SfwldG3gmipasPwDXV9jT9FvUlX8s/
-mRphOyuZ7vDzL2QjlS/FBATTWrJ2VCJmBVlzVu4STZ6YrxpQrSAalGkiYd9uT2Yt
-2quNUPCsZSlJ8qJCYs098bJ2XTsK0JBby94j3nTdvNWhhErrheWdG/CHje32sKog
-6BxN4GzMeZ2fUd0vKsqBs89M0pApdjpRMqEGHg+Lri4iiE9kKa/Y8S3V6ggJZjbp
-7xs7N0miy/paeosjfFe5U6mhumUSZPFy8ueAgGxqBkwvLJwCY3HYcrsFGaXTu+c3
-p2q1Adygif1h43HrvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb/cgmsCxvQmvu
-5e4gpn5WEMo0k7F6IAghd8139i9vmtQ88reYZvfiVsp/5ZjNnNj75lLbjjexDkPA
-bdnAiJfRKOrMaPqY6Bem4v8lPu1B/kj1umn4BXOCC1kpcH/2JCmvI8uh49SSlT9J
-wUSKWw8Qhy9XKN692y02QZke9Xp2HoFvMUlntglmQUIRO5eBYLQCSWpfv/iyMs6w
-ar7Tk1p2rURpRh02P7WFQ5j5fxXEOrkMT7FX80EB3AddSthstj2iDlUcqfG3jXH/
-FA5r1q45kMUaMYxV9WIE67Vt0RaxrUJYWDR2kDSSox7LR5GpjWiSlPAfcLCeVuA3
-3lR7lW/J
------END CERTIFICATE-----
diff --git a/kubernetes/msb/resources/config/certificates/cert.crt b/kubernetes/msb/resources/config/certificates/cert.crt
deleted file mode 100644
index e718c8d166..0000000000
--- a/kubernetes/msb/resources/config/certificates/cert.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID0TCCArmgAwIBAgIJAOQWcdss4QvKMA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD
-VQQGEwJDTjERMA8GA1UECAwIc2ljaHVhbmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAK
-BgNVBAoMA3p0ZTEOMAwGA1UECwwFemVuYXAxODA2BgNVBAMML1pURSBPcGVuUGFs
-ZXR0ZSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE3MB4XDTIwMDUxMzAy
-MjIyN1oXDTIyMDUxMzAyMjIyN1owgYwxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdT
-aWNodWFuMRAwDgYDVQQHDAdDaGVuZ2R1MQ0wCwYDVQQKDARPTkFQMQwwCgYDVQQL
-DANNU0IxEDAOBgNVBAMMB21zYi1pYWcxKjAoBgkqhkiG9w0BCQEWG29uYXAtZGlz
-Y3Vzc0BsaXN0cy5vbmFwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAMa1YlTIL8APcmASbxrD7Q9BhWL9Hwi+FKO4HsIrSiJj/A/FLVe3kV2axA7b
-5wdv44P0qQnh3pc0djlnZ47Fgli3lhEZ33+j5vrXHCjEFKiZZVeO+y/p+OcZVMNi
-L+MPJNTNgMkPoaljs/U6fn6fFyAgMMIqqigxHJaNvz7IH+UpqbWWzZo7+JqClBi8
-t5ZIDk18/3cPQWXIne+3MoYULdEayAS8/4wYoJANH1knmSG+J07f9uCXniiz4zFF
-ngMGHm4kuKXJCAl5E6S5fPzsLKqtwbbn9kJNyWoNFDuc7zW5dPfqPVckHHQ8Dx0q
-2111UgrzrBZMW1RKmcwB+1YXip8CAwEAAaM2MDQwMgYDVR0RBCswKYIHbXNiLWlh
-Z4IHbXNiLWVhZ4IVKi5zaW1wbGVkZW1vLm9uYXAub3JnMA0GCSqGSIb3DQEBCwUA
-A4IBAQC9KKJ5x+EBHfdODbMIAufYinlbNRQ4xdG7tlRk0cRXnZoWi6yObQXmZuHV
-56M2ZIylKNab2Z0VBluQqoLJvByAHQJO1r+qsAMG/LXBRC1x3y5344vtEPbikpMs
-GHtxHomAu/JtSAlSL1Wvj7co3OUgVH/yNbccysVtqxxrfPrBhLfH/yDrFehmQ00T
-P8mmJG3qeOUII0pgUjBkGL52+YMN0qy0SgryBx86fR9Y1bQLdWNfsM1CUXE2q9xs
-FmU5Ry1pemTo68THSJs4wOnjLZ4kWTseTcEmQ6X2lfah8Ch0ffd3tttguNXnT1Xc
-axgwv2Cypja3bPbq9t8kfJhbDrYO
------END CERTIFICATE-----
diff --git a/kubernetes/msb/templates/serviceaccout.yaml b/kubernetes/msb/templates/serviceaccount.yaml
similarity index 95%
rename from kubernetes/msb/templates/serviceaccout.yaml
rename to kubernetes/msb/templates/serviceaccount.yaml
index 3248a0f12c..50cbebf984 100644
--- a/kubernetes/msb/templates/serviceaccout.yaml
+++ b/kubernetes/msb/templates/serviceaccount.yaml
@@ -16,8 +16,8 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: msb 
-  namespace: {{ include "common.namespace" . }} 
+  name: msb
+  namespace: {{ include "common.namespace" . }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
diff --git a/kubernetes/msb/values.yaml b/kubernetes/msb/values.yaml
index 739fcea9d2..5d3ffe0d6c 100644
--- a/kubernetes/msb/values.yaml
+++ b/kubernetes/msb/values.yaml
@@ -23,4 +23,3 @@ global:
 config:
   logstashServiceName: log-ls
   logstashPort: 5044
-
diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml
index 53260cb21c..bc1f19a6e9 100644
--- a/kubernetes/nbi/values.yaml
+++ b/kubernetes/nbi/values.yaml
@@ -66,7 +66,7 @@ subChartsOnly:
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/externalapi/nbi:7.0.2
+image: onap/externalapi/nbi:8.0.0-latest
 pullPolicy: IfNotPresent
 sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=
 aai_authorization: Basic QUFJOkFBSQ==
diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
index 0d773b50c0..d2e9c62edf 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
+++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
@@ -49,6 +49,7 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome
 #
 # JPA Properties
 #
+eclipselink.target-database=MySQL
 javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
 javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory
 javax.persistence.jdbc.user=${SQL_USER}
diff --git a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
index 39cd0294c8..20c396fa42 100644
--- a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
@@ -108,11 +108,15 @@ spec:
             value: rack1
           - name: CASSANDRA_ENABLE_RPC
             value: "true"
-          {{- if eq "small" .Values.flavor }}
+          {{- $flavor := include "common.flavor" . }}
+          {{- $heap := pluck $flavor .Values.heap | first }}
+          {{- if (hasKey $heap "max") }}
           - name: MAX_HEAP_SIZE
-            value: {{ .Values.resources.small.heap.max }}
+            value: {{ $heap.max }}
+          {{- end }}
+          {{- if (hasKey $heap "new") }}
           - name: HEAP_NEWSIZE
-            value: {{ .Values.resources.small.heap.new }}
+            value: {{ $heap.new }}
           {{- end }}
         volumeMounts:
         - mountPath: /etc/localtime
diff --git a/kubernetes/portal/components/portal-cassandra/values.yaml b/kubernetes/portal/components/portal-cassandra/values.yaml
index c185155f09..b06761a870 100644
--- a/kubernetes/portal/components/portal-cassandra/values.yaml
+++ b/kubernetes/portal/components/portal-cassandra/values.yaml
@@ -112,14 +112,6 @@ flavor: small
 # Segregation for Different environment (Small and Large)
 resources:
   small:
-    # Heap size is tightly correlated to RAM limits.
-    # If limit > 8G, Cassandra should define itself the best value.
-    # If not, you must set up it in a coherent way with limits set
-    # Refer to https://docs.datastax.com/en/cassandra-oss/3.0/cassandra/operations/opsTuneJVM.html#Determiningtheheapsize
-    # for more informations.
-    heap:
-      max: 3G
-      new: 100M
     limits:
       cpu: 500m
       memory: 3.75Gi
@@ -134,3 +126,15 @@ resources:
       cpu: 2
       memory: 6Gi
   unlimited: {}
+
+heap:
+  # Heap size is tightly correlated to RAM limits.
+  # If limit > 8G, Cassandra should define itself the best value.
+  # If not, you must set up it in a coherent way with limits set
+  # Refer to https://docs.datastax.com/en/cassandra-oss/3.0/cassandra/operations/opsTuneJVM.html#Determiningtheheapsize
+  # for more informations.
+  small:
+    max: 3G
+    new: 100M
+  large: {}
+  unlimited: {}
\ No newline at end of file
diff --git a/kubernetes/sdnc/resources/config/conf/org.opendaylight.daexim.cfg b/kubernetes/sdnc/resources/config/conf/org.opendaylight.daexim.cfg
new file mode 100644
index 0000000000..20b794d21f
--- /dev/null
+++ b/kubernetes/sdnc/resources/config/conf/org.opendaylight.daexim.cfg
@@ -0,0 +1,4 @@
+# Daexim directory location
+# absolute path or path relative to Karaf home directory
+# property substitution (interpolation) currently only supported for "${karaf.home}", no others (hard-coded) -- M.
+daexim.dir={{ .Values.persistence.daeximPath }}
\ No newline at end of file
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 51c50e4fec..7441dacd23 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -114,7 +114,6 @@ spec:
         args:
         - -c
         - |
-           mkdir {{ .Values.persistence.mdsalPath }}/daexim
            mkdir {{ .Values.persistence.mdsalPath }}/journal
            mkdir {{ .Values.persistence.mdsalPath }}/snapshots
            chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }}
@@ -264,6 +263,9 @@ spec:
           - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-state-provider.properties
             name: properties
             subPath: mountpoint-state-provider.properties
+          - mountPath: {{ .Values.config.odl.etcDir }}/org.opendaylight.daexim.cfg
+            name: properties
+            subPath: org.opendaylight.daexim.cfg
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index efc13e92e6..5a4d204c58 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -460,7 +460,7 @@ persistence:
   mountPath: /dockerdata-nfs
   mountSubPath: sdnc/mdsal
   mdsalPath: /opt/opendaylight/mdsal
-  daeximPath: /opt/opendaylight/daexim
+  daeximPath: /opt/opendaylight/mdsal/daexim
   journalPath: /opt/opendaylight/journal
   snapshotsPath: /opt/opendaylight/snapshots
 
diff --git a/kubernetes/vid/requirements.yaml b/kubernetes/vid/requirements.yaml
index c6554cada2..34ad968757 100644
--- a/kubernetes/vid/requirements.yaml
+++ b/kubernetes/vid/requirements.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -19,6 +20,9 @@ dependencies:
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
     repository: '@local'
+  - name: certInitializer
+    version: ~7.x-0
+    repository: '@local'
   - name: mariadb-galera
     version: ~7.x-0
     repository: '@local'
@@ -30,4 +34,3 @@ dependencies:
   - name: repositoryGenerator
     version: ~7.x-0
     repository: '@local'
-
diff --git a/kubernetes/vid/resources/certs/org.onap.vid.jks b/kubernetes/vid/resources/certs/org.onap.vid.jks
deleted file mode 100644
index a05f12d857..0000000000
Binary files a/kubernetes/vid/resources/certs/org.onap.vid.jks and /dev/null differ
diff --git a/kubernetes/vid/resources/certs/org.onap.vid.trust.jks b/kubernetes/vid/resources/certs/org.onap.vid.trust.jks
deleted file mode 100644
index 4caf7be652..0000000000
Binary files a/kubernetes/vid/resources/certs/org.onap.vid.trust.jks and /dev/null differ
diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml
index 2e74daa730..8872863e42 100644
--- a/kubernetes/vid/templates/deployment.yaml
+++ b/kubernetes/vid/templates/deployment.yaml
@@ -1,6 +1,7 @@
 {{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Copyright © 2020 Samsung Electronics
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -36,7 +37,7 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers:
+      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
       - command:
         - /app/ready.py
         args:
@@ -55,6 +56,15 @@ spec:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          {{- if .Values.global.aafEnabled }}
+          command:
+          - sh
+          args:
+          - -c
+          - |
+            export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+            /tmp/vid/localize.sh
+          {{- end }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           # disable liveness probe when breakpoints set in debugger
@@ -100,8 +110,6 @@ spec:
               value: "{{ .Values.config.roleaccesscentralized }}"
             - name: VID_CONTACT_US_LINK
               value: "{{ .Values.config.vidcontactuslink }}"
-            - name: VID_KEYSTORE_PASSWORD
-              value: {{ .Values.config.vidkeystorepassword | quote }}
             - name: VID_UEB_URL_LIST
               value: message-router.{{ include "common.namespace" . }}
             - name: VID_MYSQL_HOST
@@ -116,9 +124,13 @@ spec:
               {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 14 }}
             - name: VID_MYSQL_MAXCONNECTIONS
               value: "{{ .Values.config.vidmysqlmaxconnections }}"
-          volumeMounts:
-          - mountPath: /opt/app/vid/etc
-            name: vid-certs
+            {{- if .Values.global.aafEnabled }}
+            - name: VID_KEYSTORE_FILENAME
+              value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks"
+            - name: VID_TRUSTSTORE_FILENAME
+              value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks"
+            {{- end }}
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -149,10 +161,7 @@ spec:
             name: vid-logs
           - mountPath: /usr/share/filebeat/data
             name: vid-data-filebeat
-      volumes:
-        - name: vid-certs
-          secret:
-            secretName: {{ include "common.fullname" . }}-certs
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
diff --git a/kubernetes/vid/templates/secrets.yaml b/kubernetes/vid/templates/secrets.yaml
index 72934fffd8..670838c6cf 100644
--- a/kubernetes/vid/templates/secrets.yaml
+++ b/kubernetes/vid/templates/secrets.yaml
@@ -1,6 +1,7 @@
 {{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Copyright © 2020 Samsung Electronics
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,17 +17,3 @@
 */}}
 
 {{ include "common.secretFast" . }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-certs
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml
index 8e8a17ae84..4510dc6908 100644
--- a/kubernetes/vid/values.yaml
+++ b/kubernetes/vid/values.yaml
@@ -1,5 +1,6 @@
 # Copyright © 2017 Amdocs, Bell Canada
 # Copyright © 2020 Samsung Electronics
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -36,6 +37,53 @@ secrets:
     login: '{{ .Values.config.db.userName }}'
     password: '{{ .Values.config.db.userPassword }}'
 
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  nameOverride: vid-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: vid
+  fqi: vid@vid.onap.org
+  public_fqdn: vid.onap.org
+  fqi_namespace: "org.onap.vid"
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: |
+    echo "*** retrieving password for keystore and trustore"
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass \
+    {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
+    if [ -z "$cadi_keystore_password" ]
+    then
+      echo "  /!\ certificates retrieval failed"
+      exit 1
+    else
+      echo "*** changing them into shell safe ones"
+      export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+      export TRUSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+      cd {{ .Values.credsPath }}
+      keytool -storepasswd -new "${KEYSTORE_PASSWD}" \
+        -storepass "${cadi_keystore_password_jks}" \
+        -keystore {{ .Values.fqi_namespace }}.jks
+      keytool -storepasswd -new "${TRUSTORE_PASSWD}" \
+        -storepass "${cadi_truststore_password}" \
+        -keystore {{ .Values.fqi_namespace }}.trust.jks
+      echo "*** set key password as same password as keystore password"
+      keytool -keypasswd -new "${KEYSTORE_PASSWD}" \
+        -keystore {{ .Values.fqi_namespace }}.jks \
+        -keypass "${cadi_keystore_password_jks}" \
+        -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }}
+      echo "*** save the generated passwords"
+      echo "VID_KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop
+      echo "VID_TRUSTSTORE_PASSWORD=${TRUSTORE_PASSWD}" >> mycreds.prop
+      echo "*** change ownership of certificates to targeted user"
+      chown -R 1000 .
+    fi
+
 subChartsOnly:
   enabled: true
 
@@ -49,7 +97,6 @@ config:
     userName: vidadmin
 #    userCredentialsExternalSecret: some secret
 #    userPassword: password
-  vidkeystorepassword: 'F:.\,csU\&ew8\;tdVitnfo\}O\!g'
   asdcclientrestauth: "Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU="
   asdcclientrestport: "8443"
   vidaaiport: "8443"