Age | Commit message (Collapse) | Author | Files | Lines |
|
Kubernetes cluster deployment procedure changed with Dublin release
(Rancher to RKE). In order to prepare for further adjustments,
incompatible content will be moved to separate directories.
Once Casablanca becomes obsolete (by the time of El Alto), files
specific to that release will be removed completely.
Issue-ID: SECCOM-235
Change-Id: Iaa0fc2f6ad330ec09dcfdf8a2d27b8a4dc433a0f
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: DCAEGEN2-1660
Change-Id: Ib742755f6a924ee9c5babe8e411311e7fe0e6802
Signed-off-by: TamasBakai <tamas.bakai@est.tech>
|
|
Previously "clean" target failed if there were no build artifacts. Now
their absence is ignored.
Issue-ID: SECCOM-235
Change-Id: I47beb2754a893e8b7453611116b4da2e516cca90
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch also adds convenience target to the Makefile and updates
documentation on relevant dependencies.
Issue-ID: SECCOM-235
Change-Id: I57e00af3cd4c60af3128e3094607cc61bc1e5dbe
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
According to kube-apiserver documentation [1] and CIS guideline 1.1.4
option "--kubelet-https=" might be absent in API server configuration.
It has secure configuration (being set to "true") by default.
[1] https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/
Issue-ID: SECCOM-235
Change-Id: I604cdcace03f65185aab6a0b34d48cfec94277ab
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Apparently Linux AMD64 machines are not the only ones used for ONAP
development (author meant no harm).
Issue-ID: SECCOM-235
Change-Id: Ia78a02fb82dc5752d6b8fd2cef8e6ef583fd3ca6
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Having Rancher CLI proves itself useful on development machines as well.
Issue-ID: SECCOM-235
Change-Id: I0de3109e1236cf6dc9cbc825342593041dcfdf2c
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I46e2f8d61c3a82613b665fb6d9b57431bb2a1868
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch adds simplified ONAP deployment environment (Kubernetes
cluster managed by Rancher). Its purpose is to provide cluster defaults
for inspection without the need to access actual ONAP application
deployment.
Default node customization scripts were extracted
("tools/get_customization_scripts.sh" run within "tools/imported/"
directory) from official documentation [1] and imported here in order
not to introduce runtime online dependencies.
This environment should probably be migrated in future to more
appropriate place like devtool [2] (or at least use the same Vagrant
boxes).
[1] https://docs.onap.org/en/casablanca/submodules/oom.git/docs/oom_setup_kubernetes_rancher.html
[2] https://git.onap.org/integration/devtool
Issue-ID: SECCOM-235
Change-Id: I57f9f3caac0e8b391e9ed480f6bebba98e006882
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections
regarding master node configuration are satisfied (1.1.6 and 1.1.7).
Issue-ID: SECCOM-235
Change-Id: I5f215a6642b177e85d7e1c70860ba0c7e558ec4e
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections
regarding master node configuration are satisfied (1.1.1 - 1.1.5, 1.1.8,
1.1.9, 1.1.20 and 1.1.23).
Issue-ID: SECCOM-235
Change-Id: Ib964b5111b616a891c3963ef9695af660810e8ba
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-235
Change-Id: I370636220151a5755f467055418f866afe11d5d9
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Signed-off-by: Yang Xu <yang.xu@futurewei.com>
Issue-ID: INT-847
Change-Id: I1158442cd73c6e0d943e9cc111cb12dae1381d36
|
|
This patch introduces Rancher queries using its CLI client. It depends
on having utility binary located in PATH and providing configuration
file prior first use.
Issue-ID: SECCOM-235
Change-Id: Idb011e27b4801c5700b4482656463849736298da
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Also rename various Integration tenants
Issue-ID: INT-1117
Signed-off-by: Gary Wu <gary.wu@futurewei.com>
Change-Id: I7422088bdcb9ae8fbbf76bab0517f466d1279df3
|
|
This patch introduces CLI utility for checking if Kubernetes cluster
follows security recommendations. Provided Makefile simplifies setup
process by setting appropriate environment variables for the build.
Further information can be found in README. Provided symlink allows
proper document rendering on VCS hosting site.
Issue-ID: SECCOM-235
Change-Id: I4a1337c9834322ee4fd742a9ccb979b9bc505f75
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Signed-off-by: Yang Xu <yang.xu@futurewei.com>
Issue-ID: INT-847
Change-Id: Ib5b0a547f1c228de4cee02f3526401028c10bff0
|
|
Change-Id: Ia8d369c978f3d1da0e98af91415cc50cd36b03a2
Issue-ID: INT-1101
Signed-off-by: AndyWalshe <andy.walshe@est.tech>
|
|
Issue-ID: INT-905 INT-904 INT-794
Signed-off-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com>
Change-Id: I45e5e09940378c8223ae36b8af3fc5e1b8b836bc
|
|
Issue-ID: INT-795
Change-Id: If06ef6faa69c942385e4fa1c15eb8f25c3d19f40
Signed-off-by: Haibin Huang <haibin.huang@intel.com>
|
|
Issue-ID: INT-905 INT-904 INT-794
Signed-off-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com>
Change-Id: I931289fffa5b9821259eff6f015adf3dd414aef8
|
|
-Added more files required to run this script
-Added a README file
-Added sample hpa polices
Issue-ID: INT-905 INT-904 INT-794
Signed-off-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com>
Change-Id: I5c77924863a9517ecaf7caaeb860c3c113a7b9d2
|
|
When nmap or other commands are not installed on the system
script fail silently without any information
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Change-Id: I599b987e223f88617aefa2c0de6cdcbbf3ff50b7
Issue-ID: SECCOM-231
|
|
Change-Id: I38fcd336e7eca90264590d4174c8cf65e89c60a1
Issue-ID: INT-795
Signed-off-by: Haibin Huang <haibin.huang@intel.com>
|
|
Change-Id: I127063df8261859b1a0f11a57e49ce3d337afcf5
Issue-ID: INT-795
Signed-off-by: Haibin Huang <haibin.huang@intel.com>
|
|
Attention, maybe you can't use it because we call internal SDC API
SDC PTL said that they will change internal SDC API without any
notice.
Change-Id: Ic1a34bb6f9d3a879f8d5580c803431059ca43c26
Issue-ID: INT-795
Signed-off-by: Haibin Huang <haibin.huang@intel.com>
|
|
Change-Id: I778bfd0b12afd929066a7dc5ccd8bcc5c1e0dafe
Issue-ID: INT-795
Signed-off-by: Haibin Huang <haibin.huang@intel.com>
|
|
Change-Id: I942c5740b30c7ca9fdd9af2c8cfa7f38af258cbf
Issue-ID: INT-795
Signed-off-by: Haibin Huang <haibin.huang@intel.com>
|
|
As it turned out thanks to Yan Yang some ONAP services tend to
return a propr JDWP handshake as a part of their error message.
Let's filter out those services by checking number of lines returned
by the server. We expect that proper JDWP handshake won't be longer
than a single line.
Issue-ID: SECCOM-231
Change-Id: I4b8950ebdf5fe118ec5f2dd5f4de583211784fb2
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Change-Id: I73ab75ee9321c8b360745a963f28b0a869a279ea
Issue-ID: INT-795
Signed-off-by: Haibin Huang <haibin.huang@intel.com>
|
|
|
|
Change-Id: Ib777f42de09687ee4c72c12da893c0f75633998f
Issue-ID: INT-905 INT-904 INT-794
Signed-off-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com>
|
|
Some of web services do not send any data when challenged with JDWP
challenge. This makes the script waiting forever for response.
To fix that let's introduce 10s timeout (experimental value) and
replace empty string with a new line to avoid bash warnings.
Issue-ID: SECCOM-231
Change-Id: I35546c001c5c54f298e8a4e346c2cf5d41e230ac
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Change-Id: Ibeb04ddf9939b98ff4dec99a10973d4553e215d5
Issue-ID: INT-905 INT-904 INT-794
Signed-off-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com>
|
|
Change-Id: I1168a5f10cce9b7d17324504a57d90dd9ee7790d
Issue-ID: DCAEGEN2-1434
Signed-off-by: RehanRaza <muhammad.rehan.raza@est.tech>
|
|
simulator_should_send_fileready_message test was failing in maven, but
working well in eclipse. Duration and Interval are now equal, and
exactly 1 trigger should occur regardless of the execution environment.
Change-Id: I9f283364d4717c6e4aa45b88ee7e9da393fa11c4
Issue-ID: DCAEGEN2-1434
Signed-off-by: TamasBakai <tamas.bakai@est.tech>
|
|
Python script to automate deployment of
vFW and VDNS use cases using SO
Change-Id: Ie232a47d03659daa7b4b869bff842a6c7c4848b3
Issue-ID: INT-905 INT-904 INT-794
Signed-off-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com>
|
|
Change-Id: I5353d2a3053245d0df24d89ba5290370c85fdf16
Issue-ID: INT-1052
Signed-off-by: Yang Xu <yang.xu3@huawei.com>
|
|
|
|
Change-Id: I1c361215ba086afe7444a5c457ba08aedf9fddcd
Issue-ID: INT-847
Signed-off-by: Yang Xu <yang.xu3@huawei.com>
|
|
Change-Id: I87c5c4eac8aa3b427e70882237b0434c6ca282af
Issue-ID: INT-1054
Signed-off-by: AndyWalshe <andy.walshe@est.tech>
|
|
|
|
Update endpoints of nbi postman collection ( remove /nbi/api/v3 )
Update url with http in environment integration file ( for all endpoint variables, fix ko on nbi.api.simpledemo.onap.org:30274/nbi/api/v3/status for instance )
Update nbi url in environment integration file ( add /nbi/api/v4 )
Change-Id: I42d1585ed4f458f74cf34927f2f853404e7f92e1
Issue-ID: EXTAPI-235
Signed-off-by: MatthieuGeerebaert <matthieu.geerebaert@orange.com>
|
|
Clean up import
Change-Id: I1a1be9b0528858fc30106978153e0af132675f93
Issue-ID: INT-847
Signed-off-by: Yang Xu <yang.xu3@huawei.com>
|
|
Test cases and suites for DFC automated test
Issue-ID: DCAEGEN2-1434
Change-Id: Ibe2200f7dad358520d78217bad4ca6d3b514a3c3
Signed-off-by: BjornMagnussonXA <bjorn.magnusson@est.tech>
|
|
With the introduction of RKE instead of rancher format of pod
description has slightly changed (annotations). Let's addjust
our security tests to work correctly with recent ONAP release.
Issue-ID: SECCOM-231
Change-Id: I49cdfcae9ce41a2b4bd4969958eddfaffe75b437
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
It is more obvious to use first node in cluster instead of
last one. Additionally in some cases nodes listed in the end
may not expose all open ports (like it is in integration lab).
Issue-ID: SECCOM-231
Change-Id: I200998b2e7b3a6de9b5f464e59e3b7dbbc0a656c
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Change-Id: I4fedf9a812e19033e7f9a1bff55eae264bc5122f
Issue-ID: INT-1041
Signed-off-by: Enbo Wang <wangenbo@huawei.com>
|
|
inside signature
This can be used for integration test of Pre-Onboarding and Onboarding
of a PNF package.
Issue-ID: INT-1017
Change-Id: I01f6ebdf4498bd3aac028d8ce6fa510287999d65
Signed-off-by: Szabolcs Hutvagner <szabolcs.hutvagner@ericsson.com>
|
|
|