Age | Commit message (Collapse) | Author | Files | Lines |
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections
regarding master node configuration are satisfied (1.1.22, 1.1.25 -
1.1.26 and 1.1.28).
Issue-ID: SECCOM-235
Change-Id: Ic61a796653dc868d20fe69c3ed508e7fa8ba52db
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections
regarding master node configuration are satisfied (1.1.21, 1.1.29
and 1.1.31).
Issue-ID: SECCOM-235
Change-Id: Ia2f55f6962885a7aa878c970a406189902cfab10
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections
regarding master node configuration are satisfied (1.1.16 - 1.1.18).
Issue-ID: SECCOM-235
Change-Id: I27b63e37fc3203cf3574b9e1cdc43333041f2a36
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.15).
Issue-ID: SECCOM-235
Change-Id: Ia1d27ed7a9e439bb0abf4bd8941bdd4573a50bd5
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I25ebd2930afec6eb259f0a678fffbf7727eb315b
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.19).
Issue-ID: SECCOM-235
Change-Id: I00c9600fd0d351afb7141a5fa16f348eab67b12d
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.14).
Issue-ID: SECCOM-235
Change-Id: I63c2f8a5b94bfd6c9963805aae85595e6b6ad6d7
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: INT-1265
Change-Id: I64971740c8ae9aee60a06ca1d0e5ff02ccbc9a88
Signed-off-by: Brian Freeman <bf1936@att.com>
|
|
Change-Id: I9697360d2ee5b8e95dacdb74a9a1a025a1a45e3c
Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
Issue-ID: DCAEGEN2-1702
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections
regarding master node configuration are satisfied (1.1.11 - 1.1.13,
1.1.24, 1.1.27, 1.1.33 and 1.1.36).
Issue-ID: SECCOM-235
Change-Id: I920bfd42014b8458126be251648f5bf3dcd84c16
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.10).
However, CIS Kubernetes Benchmark v1.3.0 mismatches official
documentation: Kubernetes 1.10+ already provides safe defaults from
security standpoint [1] (ONAP Casablanca uses 1.11).
Deprecated admission control plugin flag has also been validated since
it was still available in Kubernetes provided by Rancher [2].
[1] https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
[2] https://github.com/rancher/rancher/issues/15064
Issue-ID: SECCOM-235
Change-Id: I0e8fe9f885861f155cb8265df085fa93dbdff6d2
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I35d3e3f413542c69718d17ae25f227275270c8cf
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Error reporting was improved by returning actual
error message from subprocess call to 'kubectl' command.
Code readability was improved by defining a dictionary
of endpoint names to check and their IPs.
Unsecure 'shell=True' property in Popen constructor for
kubectl command in SDNC DB was removed and command string
itself sanitized.
Overall code readability was improved by reusing common
commands in a loop.
Change-Id: I19f8f71e27196bb55a9be3d58cd0885ceba3af0c
Issue-ID: TEST-213
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
headbridge -> heatbridge
Change-Id: I49cc3af80b74a9d03612625be2a35e039e6d28e1
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: DOC-549
|
|
Sdnc pod name is set as a property in VcpeCommon
class and it should be used across the script.
Also removed hardcoded public net prefix in
get_pod_node_public_ip and use class property
where it's assigned.
Change-Id: I0308c808a764ff114fc43591aed34d9695207fe5
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: TEST-212
|
|
Signed-off-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com>
Issue-ID: INT-1137
Change-Id: I89fefb02d7d58453d490499716c581cb66895b59
|
|
Following params are needed minimum required to be changed or
cross-checked when vCPE is tried in different lab
Change-Id: I911acc682560c9a727d2e14ae1d4a22206d6e6f8
Issue-ID: TEST-208
Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
|
|
Change-Id: Ie06109bb5c62d4132a5db8c6cfeb9d4c297d05a5
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: TEST-208
|
|
Change-Id: I6000c83a3a265a185dad8ac8ff90388df88850dd
Issue-ID: INT-1239
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
|
|
This reflects changes made in regard of input parameters
done in Change-Id: Ib6e2875f351f095bd64acd706a6060e169c54e79
Also contains minor fix for 'namespace' and 'environment' vars
usage which are unused otherwise.
Change-Id: Ie479400dfa0d61c89a256d4aafb2c2d184f9b935
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: INT-1213
|
|
when mounting a shared volume, the uid:gid is changed automaticlly
which could cause potential unstable.
Change-Id: If6279489ba0ba3d24fdd6893e02d9babf29d7925
Issue-ID: DCAEGEN2-1702
Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
|
|
Change-Id: I81494f56978a3d0ff06ec0d66968f33f08114103
Issue-ID: DCAEGEN2-1719
Signed-off-by: maximesson <maxime.bonneau@est.tech>
|
|
Change-Id: I832a1cbbbf8b882089f941033fdc2acefce7e387
Issue-ID: INT-1239
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
|
|
Change-Id: I25ca6c5a2cdf6eaca44cdcdb3f94e55c6bad899a
Issue-ID: INT-1239
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
|
|
Change-Id: I1f0077554db7d37ed33c45cbc68d8fb554339539
Issue-ID: INT-1239
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
|
|
Issue-ID: DOC-542
Signed-off-by: Rene_Robert <rene.robert@orange.com>
Change-Id: Ice1fc5853d9ad31e79ea8e941a8b053589b80a30
|
|
Change-Id: I111bc5596346db70923645dcfe79af3e639c978c
Issue-ID: DCAEGEN2-1702
Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
|
|
1.replace dr-sim/dr-redir-sim cert/key
2.update mr-sim, make it support https
3.update ftpes cert/key
Change-Id: I7bbde98f352d1e7d7c8775acf3d8af89a6ef7bdc
Issue-ID: DCAEGEN2-1702
Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
|
|
Issue-ID: INT-1227
Signed-off-by: songgongjun <gongjun.song@intel.com>
Change-Id: I40a261079330ca00b9eb15d431fb3b7ae4c319cb
|
|
Improving handling of arguments in healthcheck-k8s.py,
making environment name configurable.
Issue-ID: INT-1213
Change-Id: Ib6e2875f351f095bd64acd706a6060e169c54e79
Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
|
|
Issue-ID: DCAEGEN2-1719
Change-Id: I963cfaef30bc4e85d76fecddd310f091e8c00bd0
Signed-off-by: TamasBakai <tamas.bakai@est.tech>
|
|
Issue-ID: INT-1134
Signed-off-by: wsliwka <wojciech.sliwka@nokia.com>
Change-Id: I4a23e51b5e46f04d0299b1bb997f572ec828e616
|
|
Issue-ID: SECCOM-235
Change-Id: I6ac5f3c160f1cd1d8faac90576ab943d4ed213a5
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Building "check" binary now requires several external dependencies. To
minimize setup effort, convenience make targets were provided.
Issue-ID: SECCOM-235
Change-Id: Iec74c0652a5ed3a90d4504216b00ef20bdb7e81f
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
RKE is used as a Kubernetes cluster deployment method from ONAP Dublin
release. RKE cluster definition is used to get access to necessary
information.
Issue-ID: SECCOM-235
Change-Id: I588598011ea746b5f7ba327a48f1cea605e56d31
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: Ie6d43b9db767f191f883a2912916bc8abf9d3ad6
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
So far CIS-compliant configuration has been validated first unless
configuration used in ONAP release did not pass given benchmark.
Issue-ID: SECCOM-235
Change-Id: Ibdb523ab7ab6b8285757719721f75aca57beeb82
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
New configuration for pnfsimulator and netconfsimulator added for docker builds.
Version of maven docker plugin downgraded to 1.0.0
Single tag added to images
Change-Id: Ia0e38b2c65e943614c7463d7889a7ca0b1aa0517
Issue-ID: INT-1134
Signed-off-by: Tomasz Golabek <tomasz.golabek@nokia.com>
|
|
This patch uses previously added alias for kubectl context switching in
case it is needed as a template for other contexts as well.
Issue-ID: SECCOM-235
Change-Id: Ie92641ee3763a027cd74dd21bf4364a2d796eb1d
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch sets debconf frontend to noninteractive by including
additional field in the first stanza of configuration file. Its
placement has been chosen arbitrarily - both 'Config' and 'Templates'
fields "are required in this first stanza" [1].
It also makes symlinking script more generic.
[1] man 5 debconf.conf (provided by "debconf-doc" in Ubuntu)
Issue-ID: SECCOM-235
Change-Id: If9dcc712d1ff7f527d3bc59f4c1709cffe4cbda5
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Setting up kubectl depends on presence of K8s cluster post-deployment
artifacts, hence it's disabled by default. Relevant information added to
post-up message.
This patch also removes unneeded curly braces from
"tools/dublin/get_rke.sh" script.
Issue-ID: SECCOM-235
Change-Id: I917ebbda588639f0941e16c65759430a7a1e64ff
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I9913d9a8f525b4b9582bf821008dd567258a719c
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I8f9d4362da50a8b3f2aa1baf3633d818da2ed3a5
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
updated Postman collection for Dublin
Signed-off-by: Rene_Robert <rene.robert@orange.com>
Change-Id: I94b9180e86b96f75780854211da67d85acc90d48
|
|
This patch adds sample cluster.yml which is based on Dublin cluster
configuration file [1]. Main difference is in avoiding repetition by
using anchors and alias nodes.
Actual cluster creation provisioner is disabled by default because
'control' and 'worker' nodes might not be ready yet.
[1] https://docs.onap.org/en/dublin/_downloads/27934fe702048777f312d77dc30cd05a/cluster.yml
Issue-ID: SECCOM-235
Change-Id: Ibba0e754ba87e334cdaa61de83e48107f91083d9
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I85efb88476cb1d6bfaee44b6bcd6275477e77ba5
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This not only makes testing easier, but also allows better control over
VM provisioning after its creation.
Issue-ID: SECCOM-235
Change-Id: I29ab3ed46976267e1043c2f61f56578f2c5d7a57
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: Iaeb4b3e621f09ea14b9576126223e4df4b8682f3
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch:
* removes remaining string interpolation (for future script reuse),
* makes DNS replacement provisioner always run.
This way VM definition is more concise and resilient.
Issue-ID: SECCOM-235
Change-Id: I382dae5e256b46577c4c8af3aa45ab4d64d1b2b9
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: If286ba074ee74c43705197a30c50322d5162e6fc
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|