aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2019-09-19k8s: Validate API server certificates and keysPawel Wieczorek3-0/+79
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections regarding master node configuration are satisfied (1.1.22, 1.1.25 - 1.1.26 and 1.1.28). Issue-ID: SECCOM-235 Change-Id: Ic61a796653dc868d20fe69c3ed508e7fa8ba52db Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-19k8s: Validate API server Certificate AuthoritiesPawel Wieczorek3-0/+55
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections regarding master node configuration are satisfied (1.1.21, 1.1.29 and 1.1.31). Issue-ID: SECCOM-235 Change-Id: Ia2f55f6962885a7aa878c970a406189902cfab10 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-19k8s: Validate API server auditing flagsPawel Wieczorek3-0/+82
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections regarding master node configuration are satisfied (1.1.16 - 1.1.18). Issue-ID: SECCOM-235 Change-Id: I27b63e37fc3203cf3574b9e1cdc43333041f2a36 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-19k8s: Validate API server auditing is enabledPawel Wieczorek3-0/+33
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.1.15). Issue-ID: SECCOM-235 Change-Id: Ia1d27ed7a9e439bb0abf4bd8941bdd4573a50bd5 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-19k8s: Group tests by flag typePawel Wieczorek1-53/+59
Issue-ID: SECCOM-235 Change-Id: I25ebd2930afec6eb259f0a678fffbf7727eb315b Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-19k8s: Validate API server not excluded authorization modePawel Wieczorek3-0/+20
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.1.19). Issue-ID: SECCOM-235 Change-Id: I00c9600fd0d351afb7141a5fa16f348eab67b12d Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-19k8s: Validate API server not excluded admission pluginsPawel Wieczorek3-0/+20
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.1.14). Issue-ID: SECCOM-235 Change-Id: I63c2f8a5b94bfd6c9963805aae85595e6b6ad6d7 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-18Fix rev level in licenseBrian Freeman1-1/+1
Issue-ID: INT-1266 Change-Id: I822becff87484b79d3e7c744038b55943c1dddcb Signed-off-by: Brian Freeman <bf1936@att.com>
2019-09-18Updates for ssl sdcBrian Freeman2-8/+8
Issue-ID: INT-1265 Change-Id: I64971740c8ae9aee60a06ca1d0e5ff02ccbc9a88 Signed-off-by: Brian Freeman <bf1936@att.com>
2019-09-17Add mr-sim log to consoleecaiyanlinux1-1/+1
Change-Id: I9697360d2ee5b8e95dacdb74a9a1a025a1a45e3c Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech> Issue-ID: DCAEGEN2-1702
2019-09-17k8s: Validate API server included admission pluginsPawel Wieczorek3-1/+164
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections regarding master node configuration are satisfied (1.1.11 - 1.1.13, 1.1.24, 1.1.27, 1.1.33 and 1.1.36). Issue-ID: SECCOM-235 Change-Id: I920bfd42014b8458126be251648f5bf3dcd84c16 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-17k8s: Validate API server excluded admission pluginsPawel Wieczorek3-0/+53
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.1.10). However, CIS Kubernetes Benchmark v1.3.0 mismatches official documentation: Kubernetes 1.10+ already provides safe defaults from security standpoint [1] (ONAP Casablanca uses 1.11). Deprecated admission control plugin flag has also been validated since it was still available in Kubernetes provided by Rancher [2]. [1] https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use [2] https://github.com/rancher/rancher/issues/15064 Issue-ID: SECCOM-235 Change-Id: I0e8fe9f885861f155cb8265df085fa93dbdff6d2 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-17k8s: Add note on release-specific dependenciesPawel Wieczorek1-0/+2
Issue-ID: SECCOM-235 Change-Id: I35d3e3f413542c69718d17ae25f227275270c8cf Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-16Improve description of scale out use caseMarco Platania4-1/+32
- Describe the ONAP flows - Describe SO workflow - Describe how to obtain a TOSCA template from SDC Issue-ID: INT-1171 Signed-off-by: Marco Platania <platania@research.att.com> Change-Id: I901ae1a85becbb549804f8307991cb592a251d6d
2019-09-16Fix DCAE cleanup processMarco Platania1-1/+1
Issue-ID: INT-479 Signed-off-by: Marco Platania <platania@research.att.com> Change-Id: I360d9887842ac8e86e3a52f7a549367dc63ccb7d
2019-09-13Add sdc keyspaces and longer timeoutBrian Freeman2-3/+4
Issue-ID: INT-1244 Change-Id: I5bc0f4e02ac3d2d8df867f76327e588353c76da8 Signed-off-by: Brian Freeman <bf1936@att.com>
2019-09-13Modified vFW DT Use case descriptionLukasz Rajewski5-20/+102
Description of policy configuration and typos fixed Change-Id: Ib11df95b79987b85c15452d74a5644c152dcbfde Signed-off-by: Lukasz Rajewski <lukasz.rajewski@orange.com> Issue-ID: INT-751
2019-09-13Refactor healthcheck-k8s.pyBartek Grzybowski1-17/+23
Error reporting was improved by returning actual error message from subprocess call to 'kubectl' command. Code readability was improved by defining a dictionary of endpoint names to check and their IPs. Unsecure 'shell=True' property in Popen constructor for kubectl command in SDNC DB was removed and command string itself sanitized. Overall code readability was improved by reusing common commands in a loop. Change-Id: I19f8f71e27196bb55a9be3d58cd0885ceba3af0c Issue-ID: TEST-213 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-09-13Fix mispelled routine name in vcpe scriptsBartek Grzybowski2-2/+2
headbridge -> heatbridge Change-Id: I49cc3af80b74a9d03612625be2a35e039e6d28e1 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: DOC-549
2019-09-13Remove hardcoded SDNC pod name in vcpe scriptsBartek Grzybowski1-5/+5
Sdnc pod name is set as a property in VcpeCommon class and it should be used across the script. Also removed hardcoded public net prefix in get_pod_node_public_ip and use class property where it's assigned. Change-Id: I0308c808a764ff114fc43591aed34d9695207fe5 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: TEST-212
2019-09-13Fixed Bugs in HPA automtion scriptItohan Ukponmwan2-8/+8
Signed-off-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com> Issue-ID: INT-1137 Change-Id: I89fefb02d7d58453d490499716c581cb66895b59
2019-09-12Better specifying parts supposed to be changedMichal Ptacek1-11/+33
Following params are needed minimum required to be changed or cross-checked when vCPE is tried in different lab Change-Id: I911acc682560c9a727d2e14ae1d4a22206d6e6f8 Issue-ID: TEST-208 Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
2019-09-12Add remarks related to Openstack's port security on vCPEBartek Grzybowski1-1/+2
Extended anti-spoofing related notes with some hints on dealing with Neutron's Port Security Extension Driver which in some cases may prevent VNFs to function properly. Change-Id: Icf4f44b8cbcaa70621bf21d5b72ff552be80d4e2 Issue-ID: DOC-549 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-09-12Improve external_net_addr property description in vCPE scriptsBartek Grzybowski1-0/+4
Change-Id: Ie06109bb5c62d4132a5db8c6cfeb9d4c297d05a5 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: TEST-208
2019-09-11Deploy CDS in integration-overrideAbdelmuhaimen Seaudi1-0/+3
Issue-ID: OOM-2085 Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com> Change-Id: I324b58868286971c93a54ae269517e20b954d759
2019-09-11Adding hint regarding dhcp anti-spoofing for vCPEMichal Ptacek1-0/+5
Adding instructions for bypassing DHCP anti-spoofing rules preventing vCPE to work. Change-Id: Ic0f92a40a41e5e20dc43c360e429baba44a46fa1 Issue-ID: DOC-549 Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
2019-09-10Fix the error of hpa when create nsyangyan1-6/+6
Change-Id: I6000c83a3a265a185dad8ac8ff90388df88850dd Issue-ID: INT-1239 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2019-09-10Update healthcheck-k8s script synopsis in vCPE manualBartek Grzybowski2-6/+5
This reflects changes made in regard of input parameters done in Change-Id: Ib6e2875f351f095bd64acd706a6060e169c54e79 Also contains minor fix for 'namespace' and 'environment' vars usage which are unused otherwise. Change-Id: Ie479400dfa0d61c89a256d4aafb2c2d184f9b935 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: INT-1213
2019-09-09Update robot imageBrian Freeman1-0/+2
Issue-ID: INT-1217 Change-Id: I5d7802def53d986a0bed16151afa806cba96becb Signed-off-by: Brian Freeman <bf1936@att.com>
2019-09-09Fix a bug in DFC CSITecaiyanlinux1-1/+4
when mounting a shared volume, the uid:gid is changed automaticlly which could cause potential unstable. Change-Id: If6279489ba0ba3d24fdd6893e02d9babf29d7925 Issue-ID: DCAEGEN2-1702 Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
2019-09-09Updated README files and adaptation of consul/cbs configmaximesson54-582/+582
Change-Id: I81494f56978a3d0ff06ec0d66968f33f08114103 Issue-ID: DCAEGEN2-1719 Signed-off-by: maximesson <maxime.bonneau@est.tech>
2019-09-09Fix the bug of cli command error when onboard nsyangyan2-1/+3
Change-Id: I832a1cbbbf8b882089f941033fdc2acefce7e387 Issue-ID: INT-1239 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2019-09-09Fix bug of cli command error when onboard vnfyangyan2-2/+4
Change-Id: I25ca6c5a2cdf6eaca44cdcdb3f94e55c6bad899a Issue-ID: INT-1239 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2019-09-09Fix invalid string error of vnf onboardyangyan1-1/+1
Change-Id: I1f0077554db7d37ed33c45cbc68d8fb554339539 Issue-ID: INT-1239 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2019-09-06SNDC preload change (http to https, 30202 to 30267)Rene_Robert1-1/+1
Issue-ID: DOC-542 Signed-off-by: Rene_Robert <rene.robert@orange.com> Change-Id: Ice1fc5853d9ad31e79ea8e941a8b053589b80a30
2019-09-04Update latest staging portal docker imagesWelch, Lorraine (lb2391)1-1/+9
update to 2.6.0-STAGING-latest for now to test Issue-ID: PORTAL-685 Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com> Change-Id: I5a49caa40c05569a1a5fea2f3378c2a9fd2c064f Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
2019-09-04Update SDNC/CCSDK staging versionsTimoney, Dan (dt5972)1-11/+11
Update staging versions of CDS and dgbuilder to 0.6-STAGING-latest and of SDNC to 1.7-STAGING-latest Change-Id: I4a2a5f3ecdc2ed6085aa31c9e16fe1352e52dbe1 Issue-ID: SDNC-874 Signed-off-by: Timoney, Dan (dt5972) <dtimoney@att.com>
2019-08-30Integrating DfC to use TLS sidecar containerecaiyanlinux16-113/+116
Change-Id: I111bc5596346db70923645dcfe79af3e639c978c Issue-ID: DCAEGEN2-1702 Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
2019-08-29Add tls-init-container to simulatorecaiyanlinux29-173/+236
1.replace dr-sim/dr-redir-sim cert/key 2.update mr-sim, make it support https 3.update ftpes cert/key Change-Id: I7bbde98f352d1e7d7c8775acf3d8af89a6ef7bdc Issue-ID: DCAEGEN2-1702 Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
2019-08-29Bump infra components version upMarco Platania3-6/+6
Issue-ID: INT-1231 Signed-off-by: Marco Platania <platania@research.att.com> Change-Id: I3b883ed67e7c34ddf6d92f7069c859a4496ae31f
2019-08-27Add comment about how to get cluster-ipsonggongjun1-0/+1
Issue-ID: INT-1227 Signed-off-by: songgongjun <gongjun.song@intel.com> Change-Id: I40a261079330ca00b9eb15d431fb3b7ae4c319cb
2019-08-23Add SO STAGINGBrian Freeman1-0/+21
Issue-ID: INT-1217 Change-Id: Id19619f999dbe00e8501cdc029a0bf5788efd28f Signed-off-by: Brian Freeman <bf1936@att.com>
2019-08-22Add staging image overrideBrian Freeman1-0/+68
Issue-ID: INT-1217 Change-Id: I3b4f83552856d8551bba4787899d8901845fc4e6 Signed-off-by: Brian Freeman <bf1936@att.com>
2019-08-21Ingest onap-lab-ci jjb'sBrian Freeman28-0/+2212
Issue-ID: INT-1215 Change-Id: I448fb7a147daa26d760df6c83fef75aa69f05879 Signed-off-by: Brian Freeman <bf1936@att.com>
2019-08-21Fix doc nit in Robot sectionumry83641-1/+1
Issue-ID: DOC-534 Change-Id: Ibd4856a1b75d75fe786c7aa1d5337fa7972387a0 Signed-off-by: umry8364 <morgan.richomme@orange.com>
2019-08-20Making environment name configurable in vcpe healthcheckMichal Ptacek1-11/+26
Improving handling of arguments in healthcheck-k8s.py, making environment name configurable. Issue-ID: INT-1213 Change-Id: Ib6e2875f351f095bd64acd706a6060e169c54e79 Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
2019-08-19Add a section on Robot in the documry83646-0/+238
Issue-ID: DOC-534 Change-Id: I62be1a4b8eac385015dac519023db4fb7e6bd4dd Signed-off-by: umry8364 <morgan.richomme@orange.com>
2019-08-16Make cleanup script more genericMarco Platania2-15/+46
- Fix usage instructions - Correct wrong input sequence Issue-ID: INT-1073 Signed-off-by: Marco Platania <platania@research.att.com> Change-Id: Ic01eb302d92d893d17eb71a9341be514cb12dc3f
2019-08-15Add preload description to scale out docMarco Platania4-62/+854
Issue-ID: INT-1171 Signed-off-by: Marco Platania <platania@research.att.com> Change-Id: Ia6f7d8276b720bdf0ff1f71d5f1ba66535283751
2019-08-15add -n onap and job to cleanupBrian Freeman1-4/+4
Issue-ID: INT-1204 Change-Id: I907bb48c2eee62d9448c99a49e4446771113ceff Signed-off-by: Brian Freeman <bf1936@att.com>