| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Use common secret template for storing DB credentials
Issue-ID: OOM-2250
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ic640bba21a368cf3dd7d3a712abd13907b86a217
|
|
|
|
|
|
|
|
* Update kubernetes/robot from branch 'master'
to df719f4a3e63cff0d5d832945f0b8ba18230635c
- [ONAP-wide] Replace .Release.Name with common.release
ONAP is too big to be deployed using helm install so we need to
use a custom helm plugin helm deploy. This script deloys onap
component by component instead of deploying evrything at
once. Unfortunately this script also modifies the helm release by
appending component name to it.
As a result of this behavior our objects are called for example:
onap-mariadb-galera-mariadb-galera-0
instead of just being called onap-mariadb-galera-0.
This patch simplifies this naming convention by replacing all direct
usages of .Release.Name with common.release macro which strips the
component specific part from the release name.
Issue-ID: OOM-2275
Change-Id: I3384bf30c663764339b0b41527ca4eb7168f0d49
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Here we have the ability to optionally disable AAF integration.
A global variable global.security.aaf.enabled=true
will turn on AAF security. with global.security.aaf.enabled=false
it will use spring.security to ensure backward compatibilty. updated
based on review comments
Issue-ID: SO-2452
Signed-off-by: Ramesh Parthasarathy(rp6768)<ramesh.parthasarathy@att.com>
Change-Id: Ia83622ad681cfd122ee906ccd1654b10b5e31fe4
|
|
When I did diff between deployment-primary and deployment-replica it
turned out that this is pretty much the same file apart from primary
and replica words.
To avoid making the same changes in both files, let's just introduce a
template that can be included with parameter.
Issue-ID: OOM-2246
Change-Id: Ia13b993b9f23008d6be6b3d0e8b745446048de4e
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
It looks like AAF issues masked my real mistakes of letting
some of oof services failing because of bad secret names.
Let's fix that quickly by just setting them to the corrent names
temporarly as later oof will be ported to use common secret template
anyway.
Issue-ID: OOM-2053
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I9de1804dbd5399df25a3ef98354f41d39d073bf7
|
|
File application.properties needs to be synced from time to time between oom charts and
original CDS code.
Issue-ID: CCSDK-1922
Change-Id: Id2a62ce92e8708b7352ca2d21b248b0887fcb5c8
Signed-off-by: Marek Szwalkiewicz <marek.szwalkiewicz@external.t-mobile.pl>
|
|
|
|
# Also adding AAF ready check for dr-node
Change-Id: I7e6fc29a7f5607cc168f9fd61642a40a9185c55b
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Issue-ID: DMAAP-1367
|
|
Issue-ID: MULTICLOUD-978
Signed-off-by: Bin Yang <bin.yang@windriver.com>
Change-Id: I128421b36def6e974cde12093717cfe9e78b5b5f
|
|
When using a storage class, kafka data is set on top of a partition and
then 'lost+found' ext4 folder, which is automatically created, is seen
as a topic but with bad naming.
So we remove this folder in the init script.
Issue-ID: OOM-1227
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I397e3d1f29fce9f6c77423ffa4375daffbd2a256
|
|
Change-Id: Icd3631e329b7834c716fd9299007e1644d139822
Issue-ID: OOM-2130
Signed-off-by: eHanan <eoin.hanan@est.tech>
|
|
|
|
Change-Id: Ie00783e0e55136aa40a8c3cf266ebc486240e308
Issue-ID: MODELING-307
Signed-off-by: hongyuzhao <zhao.hongyu@zte.com.cn>
|
|
|
|
Make use of msb iag with https as well
Issue-ID: MULTICLOUD-978
Signed-off-by: Bin Yang <bin.yang@windriver.com>
Change-Id: I79c988e2ac13f1c11be8ca5ac9ccd44c21418cb4
|
|
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Issue-ID: PORTAL-806
Change-Id: I9bd2cc1f01a13d198d705affe3cc56be96dd5ce0
|
|
Proposition of common templates to make service declaration and PV
declaration consistent accross OOM.
Propositions of templates for sub parties of resource definitions
such as metadatas, selector and containerPorts.
I've also made an example with cassandra.
Change-Id: I8b8aa8eb61dafba75e89add1979114a0eefce243
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
* Update kubernetes/aai from branch 'master'
to 1c9c9bba658057f6147276fba4f84e7db9117e70
- [ONAP-wide] Replace .Release.Name with common.release
ONAP is too big to be deployed using helm install so we need to
use a custom helm plugin helm deploy. This script deloys onap
component by component instead of deploying evrything at
once. Unfortunately this script also modifies the helm release by
appending component name to it.
As a result of this behavior our objects are called for example:
onap-mariadb-galera-mariadb-galera-0
instead of just being called onap-mariadb-galera-0.
This patch simplifies this naming convention by replacing all direct
usages of .Release.Name with common.release macro which strips the
component specific part from the release name.
Issue-ID: OOM-2275
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I450057f5b4a10842f09665ecccc58e4ed727cd89
|
|
|
|
|
|
This reverts commit 239bb3e18494584587ee1a6eb482f022b9e32d44.
Reason for revert: mandatory template functions not merged yet
Issue-ID: OOM-2252
Change-Id: I80444a7103e12aea4568f03ded08e348bba927fb
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
Make use of msb iag with https as well
Change-Id: I46320cb7a3012320091b8b802ed8531285b78b45
Issue-ID: MULTICLOUD-978
Signed-off-by: Bin Yang <bin.yang@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
When service mesh is enabled, cassandra needs to listen to `127.0.0.1`
instead of POD_IP but must broadcast using POD_IP.
Change-Id: If96acd56a092a893f524a69ee83406c9cb70b3e7
Issue-ID: OOM-2252
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Remove hardcoded root password from the modeling chart.
Because of huge number of issues in modeling docker image
(see onap-discuss for details) I don't want to touch it.
That's why I just made an awful hack to concatenate DB
username and password before the entrypoint script.
Please keep in mind that this eliminates only hardcoded
root password but there is plenty of other credentials that
are boiled into container image (DB, SDC, VCF-REDIS(!) etc).
Issue-ID: OOM-2286
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Id85a03ec7f55885b606179d10e8b6528c6cb6947
|
|
etsicatalog is the only component inside modeling which use this DB
thus there is no point to keep it outside of this component.
Passwords and other bad stuff is left intentionally as this is just a
first patch for this transition.
Issue-ID: OOM-2286
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I4f592b736a86c7acf9ee43b0f6e136e5f1506847
|
|
You should never ever assume that secretpassword is a production
ready password for your mariadb-galera instance. Instead let's
just share a secret with our instance of mariadb-galera.
Issue-ID: OOM-2275
Change-Id: I25486ad81a2ec428dbbd379ab3529c84f55acc4b
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
When deploying a shared mariadb-galera instance using common chart
a dummy database is created based on the default values n the chart.
This is obviously unnecessary and creates an obviousl security issue.
That's why let's make sure that when we deploy a shared mariadb
instance no dummy databases are created.
Issue-ID: OOM-2053
Change-Id: I1130cb8eb555b15a2d8b365102d69e32259233eb
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
When you type make in kubernetes directory all charts are linted.
If one of them try to generate password whole linting process
ends with an error because masterPassword has not been provided
and there is no default value for it.
To avoid this issue but still don't provide any default value
whcih would be obviously insecure in this context, let's just
test current release name. If it matches "testRelease" we treat whis
as a special case and use predefined master key.
Security implication:
You should never, ever name your productional deployment "testRelease"
nor use it as a master password.
Issue-ID: OOM-2052
Change-Id: I7a2132e81f6910dfea562e8930c7eacd7aa7a00b
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
For now we use it only for DB secret but in a future also
other secrets should be replaced.
Issue-ID: OOM-2249
Change-Id: Ie6515806c39c6a2cd94be378b5210156b78f4afb
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Usage of plain strings is very fragile especially when you try
to change them. That's why instead of depending on strings let's
just define a few convenience templates to be used in projects
that use mariadb-galera chart.
Issue-ID: OOM-2249
Change-Id: Ib867d34090b06a15ea3898a9524f5e3d04a656c0
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
Krzysztof Opasiak
Sylvain Desbureaux
Ramesh Parthasarathy
Marek Szwalkiewicz
Borislav Glozman
efiacor
Bin Yang
eHanan
Morgan Richomme
hongyuzhao
Lucjan Bryndza