aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/aaf/components
AgeCommit message (Collapse)AuthorFilesLines
2021-09-08[SO] Add TLS configuration for SO API IngressSylvain Desbureaux1-1/+1
Instead of terminating TLS on SO POD, let's terminate it on its Ingress. This patch uses certInitializer to create the right certificates and put them in a secret. This secret is then referenced on SO Ingress. Issue-ID: SO-3078 Issue-ID: SO-3237 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Icdc8cf6fc84cb3b3c337b4f4e5320980eee06337
2021-05-25[POLICY] Remove invalid SAN entries in AAF certsjhh1-2/+1
Discarded obsolete service names (brmsgw, pap, pdp that refer to the deprecated policy engine) and updated service name for drools. Issue-ID: POLICY-3327 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: Ifeceabb594c2d1b9cbdf90ca45cf0be5d6aed875 Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
2021-05-11[POLICY] Release Policy-clamp 6.1.1sebdet2-1/+2
Update the version to 6.1.1 + required config changes due to Camel & Spring upgrades & Sonar fixes Issue-ID: POLICY-3224 Signed-off-by: sebdet <sebastien.determe@intl.att.com> Change-Id: I7cf2caff461b88326d3ec90c9eea0fd6711f16e5
2021-05-07[AAF][CASSANDRA] Lower disk claimSylvain Desbureaux1-1/+1
Currently, AAF Cassandra is claiming 20Gi of disk. After boot, use is around 140Mi and after 3 monthes, it's 3.8Gi. 5Gi seems a better value. Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ia4f92709824a441a8d2d23c42d0b0b31f0dae778
2021-03-29Merge "[AAF][SMS] Relax Vault limits"Sylvain Desbureaux1-4/+4
2021-03-26[HOLMES] Migrate Holmes from Cloudify to HelmGuangrongFu6-2/+30
Instead of using cloudify, use helm directly in order to deploy the charts. Change-Id: I6c97862898ab34b63a15b942b1396c0d19179e46 Issue-ID: HOLMES-396 Signed-off-by: GuangrongFu <fu.guangrong@zte.com.cn> [Adding AAF part and change nodeports] Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2021-03-26[AAF][SMS] Relax Vault limitsSylvain Desbureaux1-4/+4
AAF SMS Vault has been seen having 'OOM Killed' pods at start. Relaxing the limits sets in order to avoid it. Issue-ID: OOM-2711 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ie22bd1e90017207b326faf8b7c6dda23ffe7950a
2021-03-26[DMAAP][MR] Retrieve certs automaticallySylvain Desbureaux1-1/+1
Instead of hardcoding certificates inside the container, use cert initializer in order to retrieve them automatically at start. Issue-ID: DMAAP-1547 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I7fcb8831539d8d9d5d25bcaae44a3c66672f7b1a
2021-03-24[DOC][COMMON] Prepare Honolulu releaseSylvain Desbureaux32-60/+60
Updating the documentation and bumping version to 8.0.0 Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6f942f1466fed64264c44fb8fc0e1ffc93a98f18
2021-03-22Merge "[VNFSDK] Automatically retrieve certificates"Krzysztof Opasiak6-1/+15
2021-03-20[VNFSDK] Automatically retrieve certificatesSylvain Desbureaux6-1/+15
Instead of using hardcoded certificates, let's use certInitializer in order to retrieve them. Issue-ID: OOM-2696 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6ed12dda660647cd0990c34f51e6c05ed533774a
2021-03-20[OOF] Update containers to latest versionskrishnaa963-1/+21
- OSDF: 3.0.4 - Fixed NST selection response - HAS: 2.1.4 - Fixed SDC interface - Fixed weak cryptography issues - CMSO: 2.3.2 - Fixed weak cryptography issues Chart changes - Remove encrypted password from CMSO and move it to k8s secret Issue-ID: OPTFRA-917 Signed-off-by: Krishna Moorthy <krishna.moorthy6@wipro.com> Change-Id: I1cf272f66f76412d5042fdf3ed3bcf1d461ab254
2021-03-18[AAF][SMS] Relax CPU limits for vaultSylvain Desbureaux1-2/+1
Current limits makes vault to throttle and at the end it's not able to start. This patch relaxes the CPU limit value so it should be better at start. Issue-ID: OOM-2230 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I4dc49dc7f0d03ba4140367d985264b7337b52417
2021-02-28[A1P] Retrieve the certificates automaticallySylvain Desbureaux6-1/+14
Instead of using hardcoded certificates in the container, let's retrieve them automatically. Issue-ID: OOM-2681 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If08469469fecdc8bf86d080980f221e5941a2329
2021-02-27[COMMON][CERTINIT] Fail if cert retrieval failsSylvain Desbureaux1-4/+4
Current script that retrieve certificates can fail but exit code will be 0. We then add a check in the script in order to avoid such issue Issue-ID: OOM-2688 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib41c66a4de46db8752f68ef35a2bfb67ca575246
2021-02-22[AAI][TRAVERSAL] Remove Hardcoded certificatesSylvain Desbureaux6-1/+14
Use Certinitializer in order to retrieve needed certificates. Issue-ID: OOM-2680 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I1ec295d863f8f6c0d11e64173b474e82f63e6b17
2021-02-22[AAI][RESOURCES] Remove Hardcoded certificatesSylvain Desbureaux6-1/+15
Use Certinitializer in order to retrieve needed certificates. Issue-ID: OOM-2655 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ie05936be0f513c76ea4dce31b8a460056b79a4b0
2021-02-19[CLI] Retrieve certificates automaticallySylvain Desbureaux6-10/+23
Instead of having hardocoded certificates, use certManager in order to retrieve them. Issue-ID: OOM-2684 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I20df713b7552b27392407db985fd402c259874e4
2021-02-18[APPC][CDT] Automatically retrieve certificatesSylvain Desbureaux6-1/+14
Instead of using hardcoded certificates in container, use certInitializer in order to retrieve them. Issue-ID: OOM-2682 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I93b7a1a0bddf2540e222ec4406d0cfd12f6f5e5e
2021-02-16[MSB] Use certInitializer for MSBSylvain Desbureaux6-1/+29
MSB is currently using an hardcoded certificate. In order to follow SECOMMON requirements, let's use a freshly generated certificate instead Issue-ID: MSB-521 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I157e44a6e30391c36c0142acfa08604c37b79cc4
2021-02-12[AAF] Give `identities.dat` to working deploymentsSylvain Desbureaux5-117/+18
Today, `identities.dat` is put on cassandra deployment. But this file is actually needed by "working" deployments (at least certman and service) and not by cassandra. This patch removes it from cassandra deployments and add it to the other ones form "authz" family. Issue-ID: OOM-2678 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I2a4b68f73797cd6c369060481e169525829a4217
2021-02-02[AAI] Use CertInitializer for AAI ProxySylvain Desbureaux1-2/+2
Instead of using an harcoded certificate for AAI Haproxy, let's use certInitializer in order to have a fresh one. Issue-ID: OOM-2654 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Id07af4084ae714bc7ba7132b218434229a0ba866
2021-01-15[AAF] Externalizes init data out from aaf-cassSylvain Desbureaux22-14/+1584
Instead of keep initialization data into the docker image, we move them to the chart. This will simplify adding / removing certificates as no image release will be necessary, but only a change in OOM which can be directly tested. This reverts commit aa950d2ea4afa900c69eb622a776c8830a1c4e33. Reason for revert: Changed the initial commit in order to make it really work. Issue-ID: OOM-2586 Change-Id: I1091d8940a8499503c72bd92ded9a54f08091ee3 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-11-30[COMMON][DOC] Bump version GuilinSylvain Desbureaux32-61/+61
Update charts and requirements to 7.0.0. Create release notes for Guilin Update documentation Issue-ID: OOM-2638 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I965ed6b6ebb7d74bfddaff73edd3dd55a657841c
2020-11-27Merge "Revert "[AAF] externalizes init data out from aaf-cass image to chart""Krzysztof Opasiak22-1553/+13
2020-11-27Revert "[AAF] externalizes init data out from aaf-cass image to chart"Sylvain Desbureaux22-1553/+13
This reverts commit a8c57a9bdb75a6778cae512ae83710ad8af361e4. Reason for revert: AAF on master is broken Issue-ID: OOM-2586 Change-Id: I0c1cfb2c7be0a8884ca003523d847c3cf0c3ab20 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-11-26Merge "[AAF] Uses new tpls for repos / images"Krzysztof Opasiak60-167/+428
2020-11-24Merge "[AAF] externalizes init data out from aaf-cass image to chart"Krzysztof Opasiak22-13/+1553
2020-11-24[AAF] Uses new tpls for repos / imagesSylvain Desbureaux60-176/+437
This commit makes aaf chart to use the new generator for repositories and images. As new templates doesn't work well with "sub charts", we move also subcharts to components folder. Issue-ID: OOM-2364 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Idcb67c5c96438efd7cee4b0fa3238d5762339b3e
2020-11-20[GENERIC] move from registry.hub.docker.com to docker.ioSylvain Desbureaux8-16/+16
`registry.hub.docker.com` needs authentication now, in contrary to previous behavior. As OOM deployments is unauthenticated when using docker hib repository, all OOM deployments is broken. `docker.io` seems to be still OK with unauthenticated requests so let's move to this endpoint. Issue-ID: OOM-2636 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Iea81b882d347124af22b0a9c408081706b1c6c6d
2020-11-18[AAF] externalizes init data out from aaf-cass image to chartJohn J. Franey22-13/+1553
The initialization data appear as resources to the chart. The templates were modified to define ConfigMaps and Deployment to mount them to the aaf-cass container when it starts. The existing aaf-cass initialization script in the image will load the database from these files. Issue-ID: OOM-2586 Signed-off-by: John J. Franey <john.franey@att.com> Change-Id: I6be0d4c6739cedfbca5df4ddb527eee2583f74a7 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-10-21[AAF] change comment styleJakub Latusek25-0/+50
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Change-Id: Id9157f3332870a79575b20ff89558ea875626484 Issue-ID: OOM-2562
2020-10-16Update makefiles to use specific helm versionJakub Latusek1-4/+5
Helm is now called by HELM_BIN variable which by default is set to helm and makefiles use helm from path. HELM_BIN can be overwritten so user can have two version of helm in system and choose which one to use. Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: I0917796aafe234e87afa0ac3c4c15720296276d5
2020-09-25Merge "Remove fields not defined in jobs specification"Sylvain Desbureaux4-4/+0
2020-09-25Remove fields not defined in jobs specificationJakub Latusek4-5/+1
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: I11f83a4716b5039e6396a63707f52268db013490
2020-09-25Merge "Set services names in statefulset templates"Sylvain Desbureaux3-2/+7
2020-09-25Merge "Use common.resources in aaf-sshsm-abrmd template"Sylvain Desbureaux1-1/+1
2020-09-25Merge "Correction of the conditional statement"Sylvain Desbureaux1-1/+1
2020-09-24Set services names in statefulset templatesJakub Latusek3-2/+7
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Change-Id: Ied19470d1e8f499ba55a08d3753f8a5b1592ffc6 Issue-ID: OOM-2562
2020-09-24Correction of the conditional statementJakub Latusek1-1/+1
End of if statement end to early and not contains nodeLabel values Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Change-Id: If945f9a15d059118b4d11781df1687db249f67da Issue-ID: OOM-2562
2020-09-24Use common.resources in aaf-sshsm-abrmd templateJakub Latusek1-1/+1
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Change-Id: I88585d84d43fb7678e0837a40fc432641bd60d8e Issue-ID: OOM-2562
2020-09-24Change aaf-sshsm statefulset to deploymentJakub Latusek1-1/+1
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: I14bfe09787b59b366472778a5ca5bdc50c3f83f7
2020-09-18[OOM] Moving cert-service to platformMaciej Malewski14-473/+0
aaf-cert-service has been renamed to oom-cert-service and moved from oom/kubernetes/aaf/components to oom/kubernetes/platform/components. All aaf-cert-service references have been replaced with oom-cert-service. Issue-ID: OOM-2526 Change-Id: I70ef4bf3ee7085a5ef7075bde68eb0ea0a95ebf7 Signed-off-by: Maciej Malewski <maciej.malewski@nokia.com>
2020-09-04[GENERAL] Use readiness container v3.0.1Sylvain Desbureaux16-32/+23
Readiness container v3.x and up are now present in ONAP main repository. They're also not using root user anymore and then script path has changed. Finally, "job_complete" script has been integrated in main "ready" script. As those changes are significant, we must upgrade all the components at once. Depends-On: I5afa83892043f4844afe12e61724a8d368a9f2e0 Issue-ID: OOM-2545 Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com> Change-Id: I0b4eb5dd86390273532d67d0a9696e1cfcadf110
2020-07-23[AAF] Make AAF compatible with Kubernetes v1.17Grzegorz-Lis3-3/+12
Issue-ID: OOM-2446 Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com> Change-Id: Ia0d503b510fbc5681b9b3aa46a6187d3ba623603
2020-07-20[AAF Certservice] Update versions to 1.2.0Piotr Marcinkiewicz1-1/+1
Update Cert Service version to 1.2.0 in order to allow creation not existing subdirectories where certs will be located. Issue-ID: DCAEGEN2-2252 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I83560e21a6894c8869201205000bb7c41956176a
2020-07-09[AAF CertService] Increase certificates validityTomasz Wrobel5-26/+26
Root keys of certificate should have 10 years validity. Issue-ID: AAF-1175 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com> Change-Id: I0ff9ed6ff095baa0797a2af50eca740e9b4a5c6b
2020-07-08[AAF CertService] Override outdated certificatesTomasz Wrobel5-30/+31
Certificates in AAF CertService expired Repleace by new certificates Issue-ID: AAF-1175 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com> Change-Id: Ic04e337adfbec2acb31b830cf4d5193b3a0a0e80
2020-07-02Correct image path resolving for cert servicekjaniak1-1/+1
Change-Id: I9c5bf34516d32bedaf8314044d71d6aad401966c Issue-ID: AAF-1152 Signed-off-by: kjaniak <kornel.janiak@nokia.com>
2020-07-01[AAF Certservice] Update versions to 1.1.0Remigiusz Janeczek1-1/+1
Allow use of OUTPUT_TYPE env in certservice client to define desired certificates format (one of: P12, JKS, PEM) Issue-ID: AAF-1152 Change-Id: I5065b659ae36d71209d643303896516042fabaa0 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>