Age | Commit message (Collapse) | Author | Files | Lines |
|
Running Casablanca and Dublin virtual environments at the same time led
to networking issues - the same IP had been assigned to cluster nodes.
Issue-ID: SECCOM-235
Change-Id: I2a59d023115326f5b132782a32190fd8f7dc1f48
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.3.7).
Issue-ID: SECCOM-235
Change-Id: Id3f4bcb9a506dae3c7c0a884ad6c704dfae2a6d8
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: Ieceb6337f935e6a5a6b94248ccf072229116510a
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I61df142e99a7f1da335471acab88e5a47d72df15
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I7da645737440172d3cf11f33069daa2697f83056
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: Ic5997b67d0512bea51c3b4a4c71805987fa6f011
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Common command and service name extraction is intended to limit
execution to small set of allowed processes.
This patch also drops unnecessary use of "Kubernetes" name because this
whole subproject concerns its clusters.
Issue-ID: SECCOM-235
Change-Id: I8babfeb4f24cf3baa4d236ca622c21170ab6205e
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Previous way of choosing it led to impractical calls, e.g.
$ ./check -rke # (works fine)
$ ./check -ranchercli # "Not supported."
$ ./check -ranchercli -rke=false # (works fine)
Disabling default cluster access method is no longer necessary.
Issue-ID: SECCOM-235
Change-Id: I2b4d5bff10c5470e567351abeac0431bed3b7938
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I7d4efd08b8c0258f2f9c33772bf1b1b02cedebfa
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: Ia5d75628b1c5211f378c239f84e9689d45697a04
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.38).
Issue-ID: SECCOM-235
Change-Id: Ic1f175d577c79013ddb49e02b8de69137535c964
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.32).
It also fixes wrong documentation comment for similar validator
(1.1.19).
Issue-ID: SECCOM-235
Change-Id: I00cb8a458871b091b16fe60fc0087b7972aa3b6b
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.30).
It also covers its duplicate (1.1.39).
Issue-ID: SECCOM-235
Change-Id: I0f3031c080cf225e7c2c03e65dd0bfc780326307
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Change-Id: Id2b7ec151e1a006a5a85b8544e478fd9cf282715
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: TEST-220
|
|
Added a library routine to set up CL policy
in an idempotent fashion.
Description of CL pushing related manual step
was removed from documentation.
Change-Id: I1fad5d71481252ce803dd58c6ccbbcfa0a4d246f
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: INT-1267
|
|
Change-Id: Ie669261bde3723d892706d3d767c08b325afc3e0
Issue-ID: INT-1239
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
|
|
Change-Id: I27b43d63042bdb46f1ff362335a26bf6726674a0
Issue-ID: INT-1239
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
|
|
Issue-ID: INT-1265
Change-Id: I4ea7bf282b7d8aad58645784317dea9edf373cff
Signed-off-by: Brian Freeman <bf1936@att.com>
|
|
Signed-off-by: Yang Xu <xuyang11@gmail.com>
Issue-ID: INT-1269
Change-Id: I9f76cdd3b53f9519017da851a59b8c7000334797
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections
regarding master node configuration are satisfied (1.1.22, 1.1.25 -
1.1.26 and 1.1.28).
Issue-ID: SECCOM-235
Change-Id: Ic61a796653dc868d20fe69c3ed508e7fa8ba52db
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections
regarding master node configuration are satisfied (1.1.21, 1.1.29
and 1.1.31).
Issue-ID: SECCOM-235
Change-Id: Ia2f55f6962885a7aa878c970a406189902cfab10
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections
regarding master node configuration are satisfied (1.1.16 - 1.1.18).
Issue-ID: SECCOM-235
Change-Id: I27b63e37fc3203cf3574b9e1cdc43333041f2a36
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.15).
Issue-ID: SECCOM-235
Change-Id: Ia1d27ed7a9e439bb0abf4bd8941bdd4573a50bd5
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I25ebd2930afec6eb259f0a678fffbf7727eb315b
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.19).
Issue-ID: SECCOM-235
Change-Id: I00c9600fd0d351afb7141a5fa16f348eab67b12d
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.14).
Issue-ID: SECCOM-235
Change-Id: I63c2f8a5b94bfd6c9963805aae85595e6b6ad6d7
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: INT-1266
Change-Id: I822becff87484b79d3e7c744038b55943c1dddcb
Signed-off-by: Brian Freeman <bf1936@att.com>
|
|
Issue-ID: INT-1265
Change-Id: I64971740c8ae9aee60a06ca1d0e5ff02ccbc9a88
Signed-off-by: Brian Freeman <bf1936@att.com>
|
|
Change-Id: I9697360d2ee5b8e95dacdb74a9a1a025a1a45e3c
Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
Issue-ID: DCAEGEN2-1702
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections
regarding master node configuration are satisfied (1.1.11 - 1.1.13,
1.1.24, 1.1.27, 1.1.33 and 1.1.36).
Issue-ID: SECCOM-235
Change-Id: I920bfd42014b8458126be251648f5bf3dcd84c16
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.10).
However, CIS Kubernetes Benchmark v1.3.0 mismatches official
documentation: Kubernetes 1.10+ already provides safe defaults from
security standpoint [1] (ONAP Casablanca uses 1.11).
Deprecated admission control plugin flag has also been validated since
it was still available in Kubernetes provided by Rancher [2].
[1] https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
[2] https://github.com/rancher/rancher/issues/15064
Issue-ID: SECCOM-235
Change-Id: I0e8fe9f885861f155cb8265df085fa93dbdff6d2
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I35d3e3f413542c69718d17ae25f227275270c8cf
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
- Describe the ONAP flows
- Describe SO workflow
- Describe how to obtain a TOSCA template from SDC
Issue-ID: INT-1171
Signed-off-by: Marco Platania <platania@research.att.com>
Change-Id: I901ae1a85becbb549804f8307991cb592a251d6d
|
|
Issue-ID: INT-479
Signed-off-by: Marco Platania <platania@research.att.com>
Change-Id: I360d9887842ac8e86e3a52f7a549367dc63ccb7d
|
|
Issue-ID: INT-1244
Change-Id: I5bc0f4e02ac3d2d8df867f76327e588353c76da8
Signed-off-by: Brian Freeman <bf1936@att.com>
|
|
Description of policy configuration and typos fixed
Change-Id: Ib11df95b79987b85c15452d74a5644c152dcbfde
Signed-off-by: Lukasz Rajewski <lukasz.rajewski@orange.com>
Issue-ID: INT-751
|
|
Error reporting was improved by returning actual
error message from subprocess call to 'kubectl' command.
Code readability was improved by defining a dictionary
of endpoint names to check and their IPs.
Unsecure 'shell=True' property in Popen constructor for
kubectl command in SDNC DB was removed and command string
itself sanitized.
Overall code readability was improved by reusing common
commands in a loop.
Change-Id: I19f8f71e27196bb55a9be3d58cd0885ceba3af0c
Issue-ID: TEST-213
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
headbridge -> heatbridge
Change-Id: I49cc3af80b74a9d03612625be2a35e039e6d28e1
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: DOC-549
|
|
Sdnc pod name is set as a property in VcpeCommon
class and it should be used across the script.
Also removed hardcoded public net prefix in
get_pod_node_public_ip and use class property
where it's assigned.
Change-Id: I0308c808a764ff114fc43591aed34d9695207fe5
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: TEST-212
|
|
Signed-off-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com>
Issue-ID: INT-1137
Change-Id: I89fefb02d7d58453d490499716c581cb66895b59
|
|
Following params are needed minimum required to be changed or
cross-checked when vCPE is tried in different lab
Change-Id: I911acc682560c9a727d2e14ae1d4a22206d6e6f8
Issue-ID: TEST-208
Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
|
|
Extended anti-spoofing related notes with some hints on
dealing with Neutron's Port Security Extension Driver
which in some cases may prevent VNFs to function properly.
Change-Id: Icf4f44b8cbcaa70621bf21d5b72ff552be80d4e2
Issue-ID: DOC-549
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Change-Id: Ie06109bb5c62d4132a5db8c6cfeb9d4c297d05a5
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: TEST-208
|
|
Issue-ID: OOM-2085
Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>
Change-Id: I324b58868286971c93a54ae269517e20b954d759
|
|
Adding instructions for bypassing DHCP anti-spoofing rules
preventing vCPE to work.
Change-Id: Ic0f92a40a41e5e20dc43c360e429baba44a46fa1
Issue-ID: DOC-549
Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
|
|
Change-Id: I6000c83a3a265a185dad8ac8ff90388df88850dd
Issue-ID: INT-1239
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
|
|
This reflects changes made in regard of input parameters
done in Change-Id: Ib6e2875f351f095bd64acd706a6060e169c54e79
Also contains minor fix for 'namespace' and 'environment' vars
usage which are unused otherwise.
Change-Id: Ie479400dfa0d61c89a256d4aafb2c2d184f9b935
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: INT-1213
|
|
Issue-ID: INT-1217
Change-Id: I5d7802def53d986a0bed16151afa806cba96becb
Signed-off-by: Brian Freeman <bf1936@att.com>
|
|
when mounting a shared volume, the uid:gid is changed automaticlly
which could cause potential unstable.
Change-Id: If6279489ba0ba3d24fdd6893e02d9babf29d7925
Issue-ID: DCAEGEN2-1702
Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
|
|
Change-Id: I81494f56978a3d0ff06ec0d66968f33f08114103
Issue-ID: DCAEGEN2-1719
Signed-off-by: maximesson <maxime.bonneau@est.tech>
|