Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: Icc9b004e99c330bb24ec864d85039366ce9dd55c
Issue-ID: INT-1364
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
|
|
Change-Id: I9d15f923f39dbdb93b3aea9888cc8cd780e09172
Issue-ID: INT-1364
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
|
|
Change-Id: I89f51d25c55c12d3c394e86852f6bf58dc333956
Issue-ID: INT-1364
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
|
|
Change-Id: I83798b06f37f7f1cc88e18e1ddd17141105b9fe7
Issue-ID: INT-1364
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
|
|
Change-Id: I89978b74fb278948f0deb459ed726f83392b48cd
Issue-ID: INT-1364
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
|
|
Conditional exits on failures should return
with non zero exit code for better behavior
in testing pipelines.
Change-Id: Ied2e699a2cd38cc741e6d9d9a5c88082f09fa549
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: TEST-226
|
|
This ensures that subsequent 'vcpe.py init'
invocations do not complain about duplicate
entry in sdnctl databse (entries are not
reinserted, INSERT statement is just noop in
this case).
Change-Id: I8def8eab1e04026e8ee2206aa11fe2644b35d609
Issue-ID: TEST-222
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
List of host names to iterate over in search for
a vm ip in get_oom_onap_vm_ip() should be identical
to the globally defined host names.
Change-Id: I60e1a2d77d683b81ae480499ce357dd812e8694f
Issue-ID: TEST-225
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Issue-ID: INT-1340
Signed-off-by: Rene_Robert <rene.robert@orange.com>
Change-Id: Idcb5ef7669805f0d8c4266ee45310078d33260c2
|
|
Change-Id: I454d21fe90511d20e1e25a62bb2943ccd59e52c6
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: INT-1325
|
|
Vcpe scripts should be run from Rancher node
where it has direct access to k8s cluster ips
and service endpoints so that calls for oom_mode
to be set to 'False'.
Change-Id: I8edc0f363d7d32f28b070b0de87a3e2eab8223ff
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: INT-1339
|
|
This patch automates SDNC ip pool generation in
sdnctl database in the scope of vcpe.py 'init'
stage.
Change-Id: I6322ff2dadb069991be0eddbb0cf415baa7984f6
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: TEST-222
|
|
Signed-off-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com>
Issue-ID: INT-1137
Change-Id: Ib681f797bb9ed631cfe36507425bcbd1fc2b5561
|
|
repository
Issue-ID: INT-1321
Change-Id: I150324b147f01e6455dccc19c0be748dcf67286a
Signed-off-by: AndyWalshe <andy.walshe@est.tech>
|
|
Onap namespace and environment name can be distinct
on a per deployment basis and this allows to set
them accordingly.
Change-Id: Id1b6fdc4f3b4c159117536187197cb308527f8d2
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: INT-1323
|
|
Curl package will be automatically installed be the
healthcheck-k8s.py script.
Change-Id: I7fc5579524c7519f6153b02d0de0000dc0138992
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: INT-1313
|
|
Issue-ID: INT-1265
Change-Id: I7c36dc479b73a8b663cae4472ed29182d0f6672b
Signed-off-by: Brian Freeman <bf1936@att.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections
regarding master node configuration are satisfied (1.3.2 - 1.3.3
and 1.3.6).
Issue-ID: SECCOM-235
Change-Id: I9c2921faf40ad9445e983f2b9bd0610e556cfe15
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Fix several changes due to cli change
Issue-ID: INT-1289
Signed-off-by: Ruoyu Ying <ruoyu.ying@intel.com>
Change-Id: Ib07d9be8ace77270046c8aa02f162a9ad7994370
|
|
Script is now more generic and allows proper setup
of vcpe scripts runtime environment on Ubuntu 16.04/18.04
and on Centos/Rhel 7.6.
Change-Id: I7b7d944f5a6a7a9dc45921082f908a1f8aa185a1
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: TEST-203
|
|
Checker collects information on cluster by Docker queries:
$ docker ps ARGS... # Casablanca
$ docker inspect ARGS... # Dublin
Arrays of values are then filtered from those. They include:
* opening bracket ('['),
* closing bracket (']'),
* new line.
Additional characters affect check results if last flag (including
"]\n") requires specific value.
Issue-ID: SECCOM-235
Change-Id: I6838342b7e2ecdc44a47ffe02286266003e0b4d3
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Running Casablanca and Dublin virtual environments at the same time led
to networking issues - the same IP had been assigned to cluster nodes.
Issue-ID: SECCOM-235
Change-Id: I2a59d023115326f5b132782a32190fd8f7dc1f48
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.3.7).
Issue-ID: SECCOM-235
Change-Id: Id3f4bcb9a506dae3c7c0a884ad6c704dfae2a6d8
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: Ieceb6337f935e6a5a6b94248ccf072229116510a
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I61df142e99a7f1da335471acab88e5a47d72df15
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I7da645737440172d3cf11f33069daa2697f83056
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: Ic5997b67d0512bea51c3b4a4c71805987fa6f011
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Common command and service name extraction is intended to limit
execution to small set of allowed processes.
This patch also drops unnecessary use of "Kubernetes" name because this
whole subproject concerns its clusters.
Issue-ID: SECCOM-235
Change-Id: I8babfeb4f24cf3baa4d236ca622c21170ab6205e
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Previous way of choosing it led to impractical calls, e.g.
$ ./check -rke # (works fine)
$ ./check -ranchercli # "Not supported."
$ ./check -ranchercli -rke=false # (works fine)
Disabling default cluster access method is no longer necessary.
Issue-ID: SECCOM-235
Change-Id: I2b4d5bff10c5470e567351abeac0431bed3b7938
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I7d4efd08b8c0258f2f9c33772bf1b1b02cedebfa
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: Ia5d75628b1c5211f378c239f84e9689d45697a04
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.38).
Issue-ID: SECCOM-235
Change-Id: Ic1f175d577c79013ddb49e02b8de69137535c964
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.32).
It also fixes wrong documentation comment for similar validator
(1.1.19).
Issue-ID: SECCOM-235
Change-Id: I00cb8a458871b091b16fe60fc0087b7972aa3b6b
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.30).
It also covers its duplicate (1.1.39).
Issue-ID: SECCOM-235
Change-Id: I0f3031c080cf225e7c2c03e65dd0bfc780326307
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Change-Id: Id2b7ec151e1a006a5a85b8544e478fd9cf282715
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: TEST-220
|
|
Added a library routine to set up CL policy
in an idempotent fashion.
Description of CL pushing related manual step
was removed from documentation.
Change-Id: I1fad5d71481252ce803dd58c6ccbbcfa0a4d246f
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Issue-ID: INT-1267
|
|
Change-Id: Ie669261bde3723d892706d3d767c08b325afc3e0
Issue-ID: INT-1239
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
|
|
Change-Id: I27b43d63042bdb46f1ff362335a26bf6726674a0
Issue-ID: INT-1239
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
|
|
Issue-ID: INT-1265
Change-Id: I4ea7bf282b7d8aad58645784317dea9edf373cff
Signed-off-by: Brian Freeman <bf1936@att.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections
regarding master node configuration are satisfied (1.1.22, 1.1.25 -
1.1.26 and 1.1.28).
Issue-ID: SECCOM-235
Change-Id: Ic61a796653dc868d20fe69c3ed508e7fa8ba52db
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections
regarding master node configuration are satisfied (1.1.21, 1.1.29
and 1.1.31).
Issue-ID: SECCOM-235
Change-Id: Ia2f55f6962885a7aa878c970a406189902cfab10
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections
regarding master node configuration are satisfied (1.1.16 - 1.1.18).
Issue-ID: SECCOM-235
Change-Id: I27b63e37fc3203cf3574b9e1cdc43333041f2a36
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.15).
Issue-ID: SECCOM-235
Change-Id: Ia1d27ed7a9e439bb0abf4bd8941bdd4573a50bd5
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I25ebd2930afec6eb259f0a678fffbf7727eb315b
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.19).
Issue-ID: SECCOM-235
Change-Id: I00c9600fd0d351afb7141a5fa16f348eab67b12d
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.14).
Issue-ID: SECCOM-235
Change-Id: I63c2f8a5b94bfd6c9963805aae85595e6b6ad6d7
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: INT-1265
Change-Id: I64971740c8ae9aee60a06ca1d0e5ff02ccbc9a88
Signed-off-by: Brian Freeman <bf1936@att.com>
|
|
Change-Id: I9697360d2ee5b8e95dacdb74a9a1a025a1a45e3c
Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
Issue-ID: DCAEGEN2-1702
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections
regarding master node configuration are satisfied (1.1.11 - 1.1.13,
1.1.24, 1.1.27, 1.1.33 and 1.1.36).
Issue-ID: SECCOM-235
Change-Id: I920bfd42014b8458126be251648f5bf3dcd84c16
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.1.10).
However, CIS Kubernetes Benchmark v1.3.0 mismatches official
documentation: Kubernetes 1.10+ already provides safe defaults from
security standpoint [1] (ONAP Casablanca uses 1.11).
Deprecated admission control plugin flag has also been validated since
it was still available in Kubernetes provided by Rancher [2].
[1] https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
[2] https://github.com/rancher/rancher/issues/15064
Issue-ID: SECCOM-235
Change-Id: I0e8fe9f885861f155cb8265df085fa93dbdff6d2
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|