summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2020-02-07[NBI] Don't hardcode mariadb-galera passwordKrzysztof Opasiak3-9/+34
Let's use common secret template to generate user credentials for NBI DB and depend on mariadb-galera to generate secure enough root password. BTW. Don't be surprised for now mariadb-galera has a hardcoded root password but as soon as we move all charts that use it to common secret template it will be auto generated. Issue-ID: OOM-2291 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I5d16f6c26aa63a46db98ba3dab3a76267b4049f1
2020-02-07[COMMON] Remove pgpoolKrzysztof Opasiak13-1056/+0
It seems that pgpool is never thus there is no need to spend time moving it to common secret template Issue-ID: OOM-2250 Change-Id: I237f9e01cec80bd47ff47c7eb4db282471cfad07 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-07[COMMON] Use common secret template in postgresKrzysztof Opasiak4-29/+88
Use common secret template for storing DB credentials Issue-ID: OOM-2250 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ic640bba21a368cf3dd7d3a712abd13907b86a217
2020-02-07Merge "[COMMON] Share deployment configuration in Postgres"Sylvain Desbureaux3-246/+146
2020-02-07Merge "[OOF] fix secret names for mariadb-galera"Sylvain Desbureaux2-9/+9
2020-02-07Merge "update DMaaP MR docker image version to 1.1.17"Sylvain Desbureaux1-1/+1
2020-02-07Update git submodulesKrzysztof Opasiak1-0/+0
* Update kubernetes/robot from branch 'master' to df719f4a3e63cff0d5d832945f0b8ba18230635c - [ONAP-wide] Replace .Release.Name with common.release ONAP is too big to be deployed using helm install so we need to use a custom helm plugin helm deploy. This script deloys onap component by component instead of deploying evrything at once. Unfortunately this script also modifies the helm release by appending component name to it. As a result of this behavior our objects are called for example: onap-mariadb-galera-mariadb-galera-0 instead of just being called onap-mariadb-galera-0. This patch simplifies this naming convention by replacing all direct usages of .Release.Name with common.release macro which strips the component specific part from the release name. Issue-ID: OOM-2275 Change-Id: I3384bf30c663764339b0b41527ca4eb7168f0d49 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-06[COMMON] Share deployment configuration in PostgresKrzysztof Opasiak3-246/+146
When I did diff between deployment-primary and deployment-replica it turned out that this is pretty much the same file apart from primary and replica words. To avoid making the same changes in both files, let's just introduce a template that can be included with parameter. Issue-ID: OOM-2246 Change-Id: Ia13b993b9f23008d6be6b3d0e8b745446048de4e Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-06[OOF] fix secret names for mariadb-galeraKrzysztof Opasiak2-9/+9
It looks like AAF issues masked my real mistakes of letting some of oof services failing because of bad secret names. Let's fix that quickly by just setting them to the corrent names temporarly as later oof will be ported to use common secret template anyway. Issue-ID: OOM-2053 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I9de1804dbd5399df25a3ef98354f41d39d073bf7
2020-02-06Merge "[COMMON] Create templates for services and PV"Borislav Glozman14-347/+723
2020-02-05Removing pass_enc_key from DMaaP prov propsefiacor2-1/+14
# Also adding AAF ready check for dr-node Change-Id: I7e6fc29a7f5607cc168f9fd61642a40a9185c55b Signed-off-by: efiacor <fiachra.corcoran@est.tech> Issue-ID: DMAAP-1367
2020-02-05Merge "Enable multicloud openstack https endpoints"Morgan Richomme10-11/+36
2020-02-04Merge "Fix problem with wrong volume mount names"Sylvain Desbureaux1-2/+2
2020-02-04Enable multicloud openstack https endpointsBin Yang10-11/+36
Make use of msb iag with https as well Issue-ID: MULTICLOUD-978 Signed-off-by: Bin Yang <bin.yang@windriver.com> Change-Id: I79c988e2ac13f1c11be8ca5ac9ccd44c21418cb4
2020-02-04[COMMON] Create templates for services and PVSylvain Desbureaux14-347/+723
Proposition of common templates to make service declaration and PV declaration consistent accross OOM. Propositions of templates for sub parties of resource definitions such as metadatas, selector and containerPorts. I've also made an example with cassandra. Change-Id: I8b8aa8eb61dafba75e89add1979114a0eefce243 Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-02-03Update git submodulesKrzysztof Opasiak1-0/+0
* Update kubernetes/aai from branch 'master' to 1c9c9bba658057f6147276fba4f84e7db9117e70 - [ONAP-wide] Replace .Release.Name with common.release ONAP is too big to be deployed using helm install so we need to use a custom helm plugin helm deploy. This script deloys onap component by component instead of deploying evrything at once. Unfortunately this script also modifies the helm release by appending component name to it. As a result of this behavior our objects are called for example: onap-mariadb-galera-mariadb-galera-0 instead of just being called onap-mariadb-galera-0. This patch simplifies this naming convention by replacing all direct usages of .Release.Name with common.release macro which strips the component specific part from the release name. Issue-ID: OOM-2275 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I450057f5b4a10842f09665ecccc58e4ed727cd89
2020-02-03Merge "Revert "Make cassandra service mesh compliant""Morgan Richomme1-8/+0
2020-02-03Merge "Expose multicloud endpoints in https"Borislav Glozman3-4/+12
2020-02-03Revert "Make cassandra service mesh compliant"Sylvain Desbureaux1-8/+0
This reverts commit 239bb3e18494584587ee1a6eb482f022b9e32d44. Reason for revert: mandatory template functions not merged yet Issue-ID: OOM-2252 Change-Id: I80444a7103e12aea4568f03ded08e348bba927fb Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-02-03Expose multicloud endpoints in httpsBin Yang3-4/+12
Make use of msb iag with https as well Change-Id: I46320cb7a3012320091b8b802ed8531285b78b45 Issue-ID: MULTICLOUD-978 Signed-off-by: Bin Yang <bin.yang@windriver.com>
2020-02-02Merge "Update PRH version to 1.5.0"Borislav Glozman1-1/+1
2020-02-02Merge "Add override flag to the ingress template"Borislav Glozman1-3/+20
2020-02-02Merge "redis config optimization"Borislav Glozman1-4/+2
2020-02-02Merge "Update ves collector image"Borislav Glozman1-1/+1
2020-02-02Merge "[Modeling] Use common secret template for mariadb root password"Borislav Glozman3-16/+37
2020-02-02[COMMON] Make cassandra service mesh compliantSylvain Desbureaux1-0/+8
When service mesh is enabled, cassandra needs to listen to `127.0.0.1` instead of POD_IP but must broadcast using POD_IP. Change-Id: If96acd56a092a893f524a69ee83406c9cb70b3e7 Issue-ID: OOM-2252 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-02-02Merge "[Modeling] Move mariadb-galera to etsicatalog"Borislav Glozman6-39/+74
2020-02-02Merge "[APPC] Don't hardcode mariadb root password"Borislav Glozman6-26/+16
2020-02-02Merge "[COMMON] Don't create dummy mysql DB by default in a shared instance"Borislav Glozman1-2/+2
2020-02-02Merge "[COMMON] Allow to lint chart without master password"Borislav Glozman1-0/+3
2020-02-02Merge "[COMMON] Make network-name-gen use common secrets template"Borislav Glozman3-19/+15
2020-02-02Merge "[COMMON] Provide convenience templates for mariadb secrets"Borislav Glozman5-8/+45
2020-02-02Merge "[COMMON] Expose common.secret.genName template"Borislav Glozman1-9/+10
2020-02-02Merge "[COMMON] Allow to generate fullname based on passed chart name"Borislav Glozman1-1/+11
2020-02-02Merge "[COMMON] Allow to search secret by uid even if name is Overridden"Borislav Glozman1-3/+6
2020-02-02Merge "[COMMON] Use common secret template in mariadb-init"Borislav Glozman5-44/+54
2020-02-02Merge "Add ONAP core deployment type override"Borislav Glozman1-0/+134
2020-02-02Merge "release 1.7.0 APPC in Frankfurt"Borislav Glozman2-2/+2
2020-02-02[Modeling] Use common secret template for mariadb root passwordKrzysztof Opasiak3-16/+37
Remove hardcoded root password from the modeling chart. Because of huge number of issues in modeling docker image (see onap-discuss for details) I don't want to touch it. That's why I just made an awful hack to concatenate DB username and password before the entrypoint script. Please keep in mind that this eliminates only hardcoded root password but there is plenty of other credentials that are boiled into container image (DB, SDC, VCF-REDIS(!) etc). Issue-ID: OOM-2286 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Id85a03ec7f55885b606179d10e8b6528c6cb6947
2020-02-01[Modeling] Move mariadb-galera to etsicatalogKrzysztof Opasiak6-39/+74
etsicatalog is the only component inside modeling which use this DB thus there is no point to keep it outside of this component. Passwords and other bad stuff is left intentionally as this is just a first patch for this transition. Issue-ID: OOM-2286 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I4f592b736a86c7acf9ee43b0f6e136e5f1506847
2020-02-01[APPC] Don't hardcode mariadb root passwordKrzysztof Opasiak6-26/+16
You should never ever assume that secretpassword is a production ready password for your mariadb-galera instance. Instead let's just share a secret with our instance of mariadb-galera. Issue-ID: OOM-2275 Change-Id: I25486ad81a2ec428dbbd379ab3529c84f55acc4b Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Don't create dummy mysql DB by default in a shared instanceKrzysztof Opasiak1-2/+2
When deploying a shared mariadb-galera instance using common chart a dummy database is created based on the default values n the chart. This is obviously unnecessary and creates an obviousl security issue. That's why let's make sure that when we deploy a shared mariadb instance no dummy databases are created. Issue-ID: OOM-2053 Change-Id: I1130cb8eb555b15a2d8b365102d69e32259233eb Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Allow to lint chart without master passwordKrzysztof Opasiak1-0/+3
When you type make in kubernetes directory all charts are linted. If one of them try to generate password whole linting process ends with an error because masterPassword has not been provided and there is no default value for it. To avoid this issue but still don't provide any default value whcih would be obviously insecure in this context, let's just test current release name. If it matches "testRelease" we treat whis as a special case and use predefined master key. Security implication: You should never, ever name your productional deployment "testRelease" nor use it as a master password. Issue-ID: OOM-2052 Change-Id: I7a2132e81f6910dfea562e8930c7eacd7aa7a00b Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Make network-name-gen use common secrets templateKrzysztof Opasiak3-19/+15
For now we use it only for DB secret but in a future also other secrets should be replaced. Issue-ID: OOM-2249 Change-Id: Ie6515806c39c6a2cd94be378b5210156b78f4afb Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Provide convenience templates for mariadb secretsKrzysztof Opasiak5-8/+45
Usage of plain strings is very fragile especially when you try to change them. That's why instead of depending on strings let's just define a few convenience templates to be used in projects that use mariadb-galera chart. Issue-ID: OOM-2249 Change-Id: Ib867d34090b06a15ea3898a9524f5e3d04a656c0 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Expose common.secret.genName templateKrzysztof Opasiak1-9/+10
This template used to be for internal use only but it turned out to be very useful in number of places so let's just expose it. Issue-ID: OOM-2249 Change-Id: I57cd31681fb5edb4ac95b0b7b2446a364ce826d2 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Allow to generate fullname based on passed chart nameKrzysztof Opasiak1-1/+11
By default common.fullname uses .Chart.Name or .Values.nameOverride to generate a "full name" used in many places. In some cases it may be convenient to be able to generate this full name for a specific, well known chart name. Issue-ID: OOM-2249 Change-Id: I68034c1c5df81ae9533f5f4bc6fab58f2416623a Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Allow to search secret by uid even if name is OverriddenKrzysztof Opasiak1-3/+6
In some cases it is useful to bypass default policy for secret name generation and provide a custom name for a secret. In this case current search implementation got confused and couln't find a secret based on uid. This patch fixes the issue by comaring not only name but also uid. Issue-ID: OOM-2246 Change-Id: Iaea7a23fee09aa388968aad792ba7f7e1fbf2f21 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Use common secret template in mariadb-initKrzysztof Opasiak5-44/+54
Use common secret template for all passwords that are used inside this chart. Issue-ID: OOM-2248 Change-Id: Ia94b87a4d0316a3d334fd492521be5a255c14b4e Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-02-01[ONAP-wide] Replace .Release.Name with common.releaseKrzysztof Opasiak604-1401/+1399
ONAP is too big to be deployed using helm install so we need to use a custom helm plugin helm deploy. This script deloys onap component by component instead of deploying evrything at once. Unfortunately this script also modifies the helm release by appending component name to it. As a result of this behavior our objects are called for example: onap-mariadb-galera-mariadb-galera-0 instead of just being called onap-mariadb-galera-0. This patch simplifies this naming convention by replacing all direct usages of .Release.Name with common.release macro which strips the component specific part from the release name. Issue-ID: OOM-2275 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ia8cead50d305adb00eef666d0a1ace74479b5183