aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2019-09-17k8s: Validate API server included admission pluginsPawel Wieczorek3-1/+164
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections regarding master node configuration are satisfied (1.1.11 - 1.1.13, 1.1.24, 1.1.27, 1.1.33 and 1.1.36). Issue-ID: SECCOM-235 Change-Id: I920bfd42014b8458126be251648f5bf3dcd84c16 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-17k8s: Validate API server excluded admission pluginsPawel Wieczorek3-0/+53
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.1.10). However, CIS Kubernetes Benchmark v1.3.0 mismatches official documentation: Kubernetes 1.10+ already provides safe defaults from security standpoint [1] (ONAP Casablanca uses 1.11). Deprecated admission control plugin flag has also been validated since it was still available in Kubernetes provided by Rancher [2]. [1] https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use [2] https://github.com/rancher/rancher/issues/15064 Issue-ID: SECCOM-235 Change-Id: I0e8fe9f885861f155cb8265df085fa93dbdff6d2 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-17k8s: Add note on release-specific dependenciesPawel Wieczorek1-0/+2
Issue-ID: SECCOM-235 Change-Id: I35d3e3f413542c69718d17ae25f227275270c8cf Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-16Improve description of scale out use caseMarco Platania4-1/+32
- Describe the ONAP flows - Describe SO workflow - Describe how to obtain a TOSCA template from SDC Issue-ID: INT-1171 Signed-off-by: Marco Platania <platania@research.att.com> Change-Id: I901ae1a85becbb549804f8307991cb592a251d6d
2019-09-16Fix DCAE cleanup processMarco Platania1-1/+1
Issue-ID: INT-479 Signed-off-by: Marco Platania <platania@research.att.com> Change-Id: I360d9887842ac8e86e3a52f7a549367dc63ccb7d
2019-09-13Add sdc keyspaces and longer timeoutBrian Freeman2-3/+4
Issue-ID: INT-1244 Change-Id: I5bc0f4e02ac3d2d8df867f76327e588353c76da8 Signed-off-by: Brian Freeman <bf1936@att.com>
2019-09-13Modified vFW DT Use case descriptionLukasz Rajewski5-20/+102
Description of policy configuration and typos fixed Change-Id: Ib11df95b79987b85c15452d74a5644c152dcbfde Signed-off-by: Lukasz Rajewski <lukasz.rajewski@orange.com> Issue-ID: INT-751
2019-09-13Refactor healthcheck-k8s.pyBartek Grzybowski1-17/+23
Error reporting was improved by returning actual error message from subprocess call to 'kubectl' command. Code readability was improved by defining a dictionary of endpoint names to check and their IPs. Unsecure 'shell=True' property in Popen constructor for kubectl command in SDNC DB was removed and command string itself sanitized. Overall code readability was improved by reusing common commands in a loop. Change-Id: I19f8f71e27196bb55a9be3d58cd0885ceba3af0c Issue-ID: TEST-213 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-09-13Fix mispelled routine name in vcpe scriptsBartek Grzybowski2-2/+2
headbridge -> heatbridge Change-Id: I49cc3af80b74a9d03612625be2a35e039e6d28e1 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: DOC-549
2019-09-13Remove hardcoded SDNC pod name in vcpe scriptsBartek Grzybowski1-5/+5
Sdnc pod name is set as a property in VcpeCommon class and it should be used across the script. Also removed hardcoded public net prefix in get_pod_node_public_ip and use class property where it's assigned. Change-Id: I0308c808a764ff114fc43591aed34d9695207fe5 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: TEST-212
2019-09-13Fixed Bugs in HPA automtion scriptItohan Ukponmwan2-8/+8
Signed-off-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com> Issue-ID: INT-1137 Change-Id: I89fefb02d7d58453d490499716c581cb66895b59
2019-09-12Better specifying parts supposed to be changedMichal Ptacek1-11/+33
Following params are needed minimum required to be changed or cross-checked when vCPE is tried in different lab Change-Id: I911acc682560c9a727d2e14ae1d4a22206d6e6f8 Issue-ID: TEST-208 Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
2019-09-12Add remarks related to Openstack's port security on vCPEBartek Grzybowski1-1/+2
Extended anti-spoofing related notes with some hints on dealing with Neutron's Port Security Extension Driver which in some cases may prevent VNFs to function properly. Change-Id: Icf4f44b8cbcaa70621bf21d5b72ff552be80d4e2 Issue-ID: DOC-549 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-09-12Improve external_net_addr property description in vCPE scriptsBartek Grzybowski1-0/+4
Change-Id: Ie06109bb5c62d4132a5db8c6cfeb9d4c297d05a5 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: TEST-208
2019-09-11Deploy CDS in integration-overrideAbdelmuhaimen Seaudi1-0/+3
Issue-ID: OOM-2085 Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com> Change-Id: I324b58868286971c93a54ae269517e20b954d759
2019-09-11Adding hint regarding dhcp anti-spoofing for vCPEMichal Ptacek1-0/+5
Adding instructions for bypassing DHCP anti-spoofing rules preventing vCPE to work. Change-Id: Ic0f92a40a41e5e20dc43c360e429baba44a46fa1 Issue-ID: DOC-549 Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
2019-09-10Fix the error of hpa when create nsyangyan1-6/+6
Change-Id: I6000c83a3a265a185dad8ac8ff90388df88850dd Issue-ID: INT-1239 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2019-09-10Update healthcheck-k8s script synopsis in vCPE manualBartek Grzybowski2-6/+5
This reflects changes made in regard of input parameters done in Change-Id: Ib6e2875f351f095bd64acd706a6060e169c54e79 Also contains minor fix for 'namespace' and 'environment' vars usage which are unused otherwise. Change-Id: Ie479400dfa0d61c89a256d4aafb2c2d184f9b935 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: INT-1213
2019-09-09Update robot imageBrian Freeman1-0/+2
Issue-ID: INT-1217 Change-Id: I5d7802def53d986a0bed16151afa806cba96becb Signed-off-by: Brian Freeman <bf1936@att.com>
2019-09-09Fix a bug in DFC CSITecaiyanlinux1-1/+4
when mounting a shared volume, the uid:gid is changed automaticlly which could cause potential unstable. Change-Id: If6279489ba0ba3d24fdd6893e02d9babf29d7925 Issue-ID: DCAEGEN2-1702 Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
2019-09-09Updated README files and adaptation of consul/cbs configmaximesson54-582/+582
Change-Id: I81494f56978a3d0ff06ec0d66968f33f08114103 Issue-ID: DCAEGEN2-1719 Signed-off-by: maximesson <maxime.bonneau@est.tech>
2019-09-09Fix the bug of cli command error when onboard nsyangyan2-1/+3
Change-Id: I832a1cbbbf8b882089f941033fdc2acefce7e387 Issue-ID: INT-1239 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2019-09-09Fix bug of cli command error when onboard vnfyangyan2-2/+4
Change-Id: I25ca6c5a2cdf6eaca44cdcdb3f94e55c6bad899a Issue-ID: INT-1239 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2019-09-09Fix invalid string error of vnf onboardyangyan1-1/+1
Change-Id: I1f0077554db7d37ed33c45cbc68d8fb554339539 Issue-ID: INT-1239 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2019-09-06SNDC preload change (http to https, 30202 to 30267)Rene_Robert1-1/+1
Issue-ID: DOC-542 Signed-off-by: Rene_Robert <rene.robert@orange.com> Change-Id: Ice1fc5853d9ad31e79ea8e941a8b053589b80a30
2019-09-04Update latest staging portal docker imagesWelch, Lorraine (lb2391)1-1/+9
update to 2.6.0-STAGING-latest for now to test Issue-ID: PORTAL-685 Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com> Change-Id: I5a49caa40c05569a1a5fea2f3378c2a9fd2c064f Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
2019-09-04Update SDNC/CCSDK staging versionsTimoney, Dan (dt5972)1-11/+11
Update staging versions of CDS and dgbuilder to 0.6-STAGING-latest and of SDNC to 1.7-STAGING-latest Change-Id: I4a2a5f3ecdc2ed6085aa31c9e16fe1352e52dbe1 Issue-ID: SDNC-874 Signed-off-by: Timoney, Dan (dt5972) <dtimoney@att.com>
2019-08-30Integrating DfC to use TLS sidecar containerecaiyanlinux16-113/+116
Change-Id: I111bc5596346db70923645dcfe79af3e639c978c Issue-ID: DCAEGEN2-1702 Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
2019-08-29Add tls-init-container to simulatorecaiyanlinux29-173/+236
1.replace dr-sim/dr-redir-sim cert/key 2.update mr-sim, make it support https 3.update ftpes cert/key Change-Id: I7bbde98f352d1e7d7c8775acf3d8af89a6ef7bdc Issue-ID: DCAEGEN2-1702 Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
2019-08-29Bump infra components version upMarco Platania3-6/+6
Issue-ID: INT-1231 Signed-off-by: Marco Platania <platania@research.att.com> Change-Id: I3b883ed67e7c34ddf6d92f7069c859a4496ae31f
2019-08-27Add comment about how to get cluster-ipsonggongjun1-0/+1
Issue-ID: INT-1227 Signed-off-by: songgongjun <gongjun.song@intel.com> Change-Id: I40a261079330ca00b9eb15d431fb3b7ae4c319cb
2019-08-23Add SO STAGINGBrian Freeman1-0/+21
Issue-ID: INT-1217 Change-Id: Id19619f999dbe00e8501cdc029a0bf5788efd28f Signed-off-by: Brian Freeman <bf1936@att.com>
2019-08-22Add staging image overrideBrian Freeman1-0/+68
Issue-ID: INT-1217 Change-Id: I3b4f83552856d8551bba4787899d8901845fc4e6 Signed-off-by: Brian Freeman <bf1936@att.com>
2019-08-21Ingest onap-lab-ci jjb'sBrian Freeman28-0/+2212
Issue-ID: INT-1215 Change-Id: I448fb7a147daa26d760df6c83fef75aa69f05879 Signed-off-by: Brian Freeman <bf1936@att.com>
2019-08-21Fix doc nit in Robot sectionumry83641-1/+1
Issue-ID: DOC-534 Change-Id: Ibd4856a1b75d75fe786c7aa1d5337fa7972387a0 Signed-off-by: umry8364 <morgan.richomme@orange.com>
2019-08-20Making environment name configurable in vcpe healthcheckMichal Ptacek1-11/+26
Improving handling of arguments in healthcheck-k8s.py, making environment name configurable. Issue-ID: INT-1213 Change-Id: Ib6e2875f351f095bd64acd706a6060e169c54e79 Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
2019-08-19Add a section on Robot in the documry83646-0/+238
Issue-ID: DOC-534 Change-Id: I62be1a4b8eac385015dac519023db4fb7e6bd4dd Signed-off-by: umry8364 <morgan.richomme@orange.com>
2019-08-16Make cleanup script more genericMarco Platania2-15/+46
- Fix usage instructions - Correct wrong input sequence Issue-ID: INT-1073 Signed-off-by: Marco Platania <platania@research.att.com> Change-Id: Ic01eb302d92d893d17eb71a9341be514cb12dc3f
2019-08-15Add preload description to scale out docMarco Platania4-62/+854
Issue-ID: INT-1171 Signed-off-by: Marco Platania <platania@research.att.com> Change-Id: Ia6f7d8276b720bdf0ff1f71d5f1ba66535283751
2019-08-15add -n onap and job to cleanupBrian Freeman1-4/+4
Issue-ID: INT-1204 Change-Id: I907bb48c2eee62d9448c99a49e4446771113ceff Signed-off-by: Brian Freeman <bf1936@att.com>
2019-08-15Simulator integration for CSIT of generalized DfCTamasBakai8-19/+43
Issue-ID: DCAEGEN2-1719 Change-Id: I963cfaef30bc4e85d76fecddd310f091e8c00bd0 Signed-off-by: TamasBakai <tamas.bakai@est.tech>
2019-08-14Revert zfs and ceph volumeBrian Freeman2-4/+13
Issue-ID: SDC-2502 Change-Id: Ief0bfdc02b05dca33a99d6a041ba905fb3cfd780 Signed-off-by: Brian Freeman <bf1936@att.com>
2019-08-14Add onboarding package for pnf simwsliwka8-3/+265
Issue-ID: INT-1134 Signed-off-by: wsliwka <wojciech.sliwka@nokia.com> Change-Id: I4a23e51b5e46f04d0299b1bb997f572ec828e616
2019-08-14Updating vfw_edgeX documentation.Akhila Kishore1-13/+57
Changes to the document has been made on wiki. Relecting those here to have a uniform documentation available to all. Issue-ID: MULTICLOUD-709 Signed-off-by: Akhila Kishore <akhila.kishore@intel.com> Change-Id: I103bf97a54ca42f83baf05d3cf4db2189ab0b5b3
2019-08-07k8s: Add Makefile targets for testingPawel Wieczorek2-3/+19
Issue-ID: SECCOM-235 Change-Id: I6ac5f3c160f1cd1d8faac90576ab943d4ed213a5 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-08-07k8s: Add Makefile targets for external dependenciesPawel Wieczorek2-4/+20
Building "check" binary now requires several external dependencies. To minimize setup effort, convenience make targets were provided. Issue-ID: SECCOM-235 Change-Id: Iec74c0652a5ed3a90d4504216b00ef20bdb7e81f Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-08-07k8s: Add support for RKE-deployed clustersPawel Wieczorek3-1/+232
RKE is used as a Kubernetes cluster deployment method from ONAP Dublin release. RKE cluster definition is used to get access to necessary information. Issue-ID: SECCOM-235 Change-Id: I588598011ea746b5f7ba327a48f1cea605e56d31 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-08-07k8s: Add test cases for Dublin API serverPawel Wieczorek1-0/+56
Issue-ID: SECCOM-235 Change-Id: Ie6d43b9db767f191f883a2912916bc8abf9d3ad6 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-08-07k8s: Unify order of API server test casesPawel Wieczorek1-1/+1
So far CIS-compliant configuration has been validated first unless configuration used in ONAP release did not pass given benchmark. Issue-ID: SECCOM-235 Change-Id: Ibdb523ab7ab6b8285757719721f75aca57beeb82 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-08-07Pnfsimulator-docker push configurationTomasz Golabek2-8/+4
New configuration for pnfsimulator and netconfsimulator added for docker builds. Version of maven docker plugin downgraded to 1.0.0 Single tag added to images Change-Id: Ia0e38b2c65e943614c7463d7889a7ca0b1aa0517 Issue-ID: INT-1134 Signed-off-by: Tomasz Golabek <tomasz.golabek@nokia.com>