summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2020-03-06Merge "[COMMON] Handle TLS/Non-TLS for Service"Krzysztof Opasiak6-26/+782
2020-03-06Merge "Removed external access on unsecure port for ↵Sylvain Desbureaux1-2/+1
cds-blueprints-processor-http"
2020-03-06[COMMON] Handle TLS/Non-TLS for ServiceSylvain Desbureaux6-26/+782
Current service and headlessService templates doesn't handle the fact that out of cluster ports must be TLS encrypted only. With a new (backward compatible) DSL, this is now possible. In values.yaml, all ports in service part with port AND plain_port will have the ability to be HTTP or HTTPS depending on the context. Per default, they'll be HTTPS. TLS choice will be done according this table: | tlsOverride | global.tlsEnabled | global.serviceMesh.enabled | global.serviceMesh.tls | result | |-------------|-------------------|----------------------------|------------------------|--------| | not present | not present | not present | any | true | | not present | not present | false | any | true | | not present | not present | true | false | true | | not present | not present | true | true | false | | not present | true | any | any | true | | not present | false | any | any | false | | true | any | any | any | true | | false | any | any | any | false | Service template will create one or two service templates according to this table: | serviceType | both_tls_and_plain | result | |---------------|--------------------|--------------| | ClusterIP | any | one Service | | Not ClusterIP | not present | one Service | | Not ClusterIP | false | one Service | | Not ClusterIP | true | two Services | If two services are created, one is ClusterIP with both crypted and plain ports and the other one is NodePort (or LoadBalancer) with crypted port only. Issue-ID: OOM-1936 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If766dd73132022d1a6e578fd36113c461bb91ea5
2020-03-05Merge "Disabling http ports on DMaaP"Krzysztof Opasiak2-3/+1
2020-03-05Removed external access on unsecure port for cds-blueprints-processor-httpgummar1-2/+1
Issue-ID: CCSDK-2147 Signed-off-by: gummar <raj.gumma@est.tech> Change-Id: I7701616ec9732225cf2be07d67dad7af0953bccb
2020-03-05Merge "[SDNC] Use common secret template in sdnc"Krzysztof Opasiak15-196/+322
2020-03-05Merge "HTTPS/AAF auto cert gen for Portal SDK"Krzysztof Opasiak6-10/+298
2020-03-05Merge "[UUI] UUI Server is a core eater"Krzysztof Opasiak1-6/+6
2020-03-05Update git submodulesVenkata Harish Kajur1-0/+0
* Update kubernetes/aai from branch 'master' to 4f4d14ab45a2225953961136220041189d566015 - Merge "Update logback.xml" - Update logback.xml Issue-ID: AAI-2824 Signed-off-by: Jimmy Forsyth <jf2512@att.com> Change-Id: I9034b283a2cd47770a30db9e1eecf3ef5ad58d47
2020-03-05Merge "readd so filebeat sidecar ELK endpoint"Sylvain Desbureaux11-0/+187
2020-03-05Merge "[SO] Use common secret template in so-bpmn-infra"Sylvain Desbureaux3-17/+47
2020-03-05Merge "Add parameter http scheme for multicloud adapter"Sylvain Desbureaux1-1/+2
2020-03-05[UUI] UUI Server is a core eaterSylvain Desbureaux1-6/+6
And thus needs bigger limits/requests Issue-ID: USECASEUI-403 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ide23f95af16f9ed9615bcb26e67e40cd1145670f
2020-03-05Update git submodulesHarish Venkata Kajur1-0/+0
* Update kubernetes/aai from branch 'master' to c9fad710ea31ae6695c3914429266621d37ce8b8 - Fix the graphadmin logback issue Issue-ID: AAI-2751 Change-Id: Icce232aab798c2c1d2a072a5cbf040403879a48b Signed-off-by: Harish Venkata Kajur <vk250x@att.com>
2020-03-05HTTPS/AAF auto cert gen for Portal SDKChrisC6-10/+298
integrate portal-sdk with AAF agent init container. add pv to store init-container certs generated at startup. add aafEnabled flag to switch on/off aaf integration. modify tomcat startup to load p12 and enable HTTPS based on flag. Issue-ID: PORTAL-261 Signed-off-by: ChrisC <christophe.closset@intl.att.com> Change-Id: Ia2b05b8661bf9e0c03a60467212e80d1c9d02bac
2020-03-05Merge "Use Frankfurt release of dmaap-bc"Sylvain Desbureaux1-1/+1
2020-03-04Use Frankfurt release of dmaap-bcDominic Lunanuova1-1/+1
Issue-ID: DMAAP-1363 Signed-off-by: Dominic Lunanuova <dgl@research.att.com> Change-Id: I198b19a24f2b413f489376eb101efa75a4513ba0
2020-03-04Merge "VID: Update to version 6.0.3 (Frankfurt RC2)"Krzysztof Opasiak1-1/+1
2020-03-04Disabling http ports on DMaaPefiacor2-3/+1
Change-Id: I8cf5a6ac58d38c6e5c818259baf7d69615eb9803 Signed-off-by: efiacor <fiachra.corcoran@est.tech> Issue-ID: DMAAP-1400
2020-03-04[SDNC] Use common secret template in sdncKrzysztof Opasiak15-196/+322
Some passwords are still hardcoded but with this commit all components should be using passwords provided via secrets not directly as strings. A follow-up patch will remove hardcoded passwords where feasible. Issue-ID: OOM-2309 Change-Id: I047974506430cbb277200d0103bcc57a6fd8a83b Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-03-04Merge "Update HV-VES version to 1.4.0"Sylvain Desbureaux2-2/+3
2020-03-04Merge "[AAF] Give more CPU limit for AAF-GUI"Krzysztof Opasiak1-1/+1
2020-03-04VID: Update to version 6.0.3 (Frankfurt RC2)Ittay Stern1-1/+1
Issue-ID: VID-761 Change-Id: Ie3127f62a9b059020b047ae09bf13bdf77923833 Signed-off-by: Ittay Stern <ittay.stern@att.com>
2020-03-04Add parameter http scheme for multicloud adapterEric Multanen1-1/+2
Add support to build endpoint from SO to multicloud via msb using http or https scheme. Change-Id: I474fdd7c885e437c1c8136bffe3e40e41c86dab5 Issue-ID: SO-1450 Signed-off-by: Eric Multanen <eric.w.multanen@intel.com>
2020-03-04[AAF] Give more CPU limit for AAF-GUISylvain Desbureaux1-1/+1
It should make the POD to start again Issue-ID: AAF-1106 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I934a904ba7310e49bf2cfd3f372c402af3878efa
2020-03-04Update HV-VES version to 1.4.0pwielebs2-2/+3
The issue related to HV-VES occurs due to a lack of certificates. There are provided by TLS_INT_CONTAINER. Therefore use-tls must be set on true. Issue-ID: OOM-2281 Signed-off-by: Piotr Wielebski <piotr.wielebski@nokia.com> Change-Id: Ib5c82d5955c0a7b32a4fc5c9797734f930ae7885
2020-03-04[AAF] more memory for SMSSylvain Desbureaux1-2/+2
SMS requests/limits were set too low and thus it prevents start when on small flavors Issue-ID: AAF-1105 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib591c972ceaa4186dd16ca5cebd86b58c0288718
2020-03-04Merge "Replaced URLs from the configuration file with test values"Sylvain Desbureaux1-3/+1
2020-03-04Merge "ES non-root"Sylvain Desbureaux3-3/+3
2020-03-03ES non-rootosgn422w3-3/+3
ElasticSearch run as non-root user Issue-ID: CLAMP-668 Change-Id: I786e2ff8babf4b78fa6dfdf63ff9cd486099fbac Signed-off-by: osgn422w <gervais-martial.ngueko@intl.att.com>
2020-03-03Merge "[Consul] Remove nodeport on UI"Krzysztof Opasiak1-1/+1
2020-03-02Merge "[DOC] Remove references to old versions"Krzysztof Opasiak3-16/+17
2020-03-02[SO] Use common secret template in so-bpmn-infraKrzysztof Opasiak3-17/+47
Use common secrete template in so-bpmn-infra component. For now passwords are stil hardcoded but this will be removed in further commits. Issue-ID: OOM-2328 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I828d6a5713cf023d72ab22ea758e78e91d1944b9
2020-03-02[DOC] Remove references to old versionsSylvain Desbureaux3-16/+17
Also add requirements for Frankfurt release Issue-ID: OOM-1960 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Idaa4925515737221c90c4bf9141406fa1d428f15
2020-03-02Merge "[SDNC] Allow to use templates in external secret names"Krzysztof Opasiak4-7/+7
2020-03-02Merge "[SDNC] Use common secret template in sdnc-portal"Sylvain Desbureaux7-48/+141
2020-03-02Merge "[DMAAP] Don't hardcode mariadb-galera password"Morgan Richomme4-10/+41
2020-03-02[Consul] Remove nodeport on UISylvain Desbureaux1-1/+1
consul ui is on http mode. As nobody really looks at it, let's remove the nodeport and set it as ClusterIP. Issue-ID: OJSI-168 Issue-ID: OJSI-202 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If114dac59c4fc919a0ab879ef7c5c2478f6a16d2
2020-03-02Merge "[SDNC] Add missing inclusion of common secret template"Krzysztof Opasiak1-0/+15
2020-02-29Merge "Added blueprint"Krzysztof Opasiak2-3/+39
2020-02-29Merge "tcagen2 prep + rls version updates"Krzysztof Opasiak4-3/+44
2020-02-29Merge "dcae sec updates for dashboard and inventory"Krzysztof Opasiak7-6/+117
2020-02-28Update git submodulesVenkata Harish Kajur1-0/+0
* Update kubernetes/aai from branch 'master' to ac0ea8aa12226ac95683838e92d22928eb221630 - Merge "Fix MSB config section" - Fix MSB config section Issue-ID: AAI-2809 Signed-off-by: Jimmy Forsyth <jf2512@att.com> Change-Id: I53bb71ce9d8989ee3d481bcf7f2db606455df1d3
2020-02-28tcagen2 prep + rls version updatesVijay Venkatesh Kumar4-3/+44
common mongo chart and input template for tca-gen2 VEScollector rls version for 7.1.1 support Heartbeat rls version for non root support Change-Id: Iea9c640411841553d79cee2b21447b87e2cd2a90 Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com> Issue-ID: DCAEGEN2-1891 Issue-ID: DCAEGEN2-1907 Issue-ID: DCAEGEN2-2071 Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
2020-02-28Added blueprintPawel2-3/+39
Added blueprint (for ves secure) and update blueprint (for ves insecure) Issue-ID: DCAEGEN2-1777 Signed-off-by: Pawel <pawel.kasperkiewicz@nokia.com> Change-Id: Iaf78187b8196944ecafcef19b1efec855a4d8922
2020-02-28[DMAAP] Don't hardcode mariadb-galera passwordKrzysztof Opasiak4-10/+41
Let's use common secret template to generate user credentials for DMAAP data router DB DB and depend on mariadb-galera to generate secure enough root password. Issue-ID: OOM-2287 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I82d22a2db2dc9fba655f99f837be689f4a32a871
2020-02-28Adding aaf-service to readiness check on dmaap-dr-provefiacor1-0/+2
Change-Id: I48313446853d9175ec41f288350bedbf6190c30c Signed-off-by: efiacor <fiachra.corcoran@est.tech> Issue-ID: DMAAP-1388
2020-02-27Change MsbAddress PortHePeng2-2/+2
Issue-ID: AAI-2734 Change-Id: I04b77796e51afa94832454e4316d415724230124 Signed-off-by: HePeng <he.peng6@zte.com.cn> [Remove space that breaks everything] Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-27dcae sec updates for dashboard and inventoryVijay Venkatesh Kumar7-6/+117
- Dashboard switched to https + non-root + portal sdk 2.6.0 - InventoryAPI keystore pwd read from file and filebeat support Change-Id: I40d2f6a8414f0a8fc8ed7b60ed0118e69cdbb2fd Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com> Issue-ID: DCAEGEN2-1592 Issue-ID: OJSI-159 Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
2020-02-27Merge "Temporarily remove the dependency on Cassandra"Brian Freeman2-0/+158