summaryrefslogtreecommitdiffstats
path: root/kubernetes/aaf
AgeCommit message (Collapse)AuthorFilesLines
2022-02-04[AAF-SMS] Allow to disable CPS partSylvain Desbureaux3-3/+9
AAF SMS is importing secrets in vault. CPS secret can be retrieved only if cps is enabled. this patch allows to disable CPS import in AAF SMS Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib33d2fe05bb6e13fb6322138161a13cdfd2cf522
2021-12-07[GLOBAL] Migrate to helm v3efiacor40-483/+272
Move all Chart.yaml to use apiVersion: 2 Move dependencies from requirements.yaml to Chart.yaml Changes to all makeFiles Changes to helm deploy plugin Signed-off-by: efiacor <fiachra.corcoran@est.tech> Change-Id: I03c5290eee9e40f76eacbf171e774204cf5fb1c0 Issue-ID: OOM-2845
2021-11-12[AAI][SCHEMA] Remove Hardcoded certificatesSylvain Desbureaux7-4/+18
Use Certinitializer in order to retrieve needed certificates. It'll also do the retrieval for graphadmin as both microservices are working together. Issue-ID: OOM-2691 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Iad790cc14361cf15d5a6bf4fcad6fd9f4048a1a7
2021-11-10[AAI][BABEL] Remove Hardcoded certificatesSylvain Desbureaux1-5/+5
Use Certinitializer in order to retrieve needed certificates. Change ModelLoader also as it needs valid certificate to communicate with Babel. Issue-ID: OOM-2693 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I64b8ede24643f942dc99956030c202c50d41ad1e
2021-11-06[UUI] Automatically retrieve certificatesSylvain Desbureaux7-1/+16
Instead of using hardcoded certificates, let's use certInitializer in order to retrieve them. Issue-ID: OOM-2695 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I673b3c7b8087c150b1e4c1d522b92ec08260ec09
2021-10-15[COMMON] Bump ONAP versionSylvain Desbureaux34-86/+105
Use version 9.0.0 for Istanbul Also update the doc. Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I03e11799bf487226784c98b04116f005c89d1e70
2021-10-15Merge "[OOF] Update OOF image versions"Sylvain Desbureaux3-0/+23
2021-10-11[OOF] Update OOF image versionskrishnaa963-0/+23
- Add configuration for CPS - Update OSDF version to 3.0.6 - Update HAS version to 2.2.1. Issue-ID: OPTFRA-987 Signed-off-by: krishnaa96 <krishna.moorthy6@wipro.com> Change-Id: I5b2110f131ab50ba7d2617079d2c7f793b3341ae
2021-09-08[SO] Add TLS configuration for SO API IngressSylvain Desbureaux1-1/+1
Instead of terminating TLS on SO POD, let's terminate it on its Ingress. This patch uses certInitializer to create the right certificates and put them in a secret. This secret is then referenced on SO Ingress. Issue-ID: SO-3078 Issue-ID: SO-3237 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Icdc8cf6fc84cb3b3c337b4f4e5320980eee06337
2021-07-02[AAF] Allow to choose which subcomponents to runSylvain Desbureaux2-0/+19
AAF has 4 sub components underneath: - AAF Authz (for generating, signing the certificates) - AAF Hello (example on how to use AAF Authz) - AAF SMS (for storing sensible values in Vault) - AAF SSHMS (for using TPM devices) This commits allows to choose which components will be used by default. As SSHMS is not updated for a while and AAF Hello is an example, we also disable them. Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6e0fde7b2b413762158c58de94b933182203d9f1
2021-05-25[POLICY] Remove invalid SAN entries in AAF certsjhh1-2/+1
Discarded obsolete service names (brmsgw, pap, pdp that refer to the deprecated policy engine) and updated service name for drools. Issue-ID: POLICY-3327 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: Ifeceabb594c2d1b9cbdf90ca45cf0be5d6aed875 Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
2021-05-11[POLICY] Release Policy-clamp 6.1.1sebdet2-1/+2
Update the version to 6.1.1 + required config changes due to Camel & Spring upgrades & Sonar fixes Issue-ID: POLICY-3224 Signed-off-by: sebdet <sebastien.determe@intl.att.com> Change-Id: I7cf2caff461b88326d3ec90c9eea0fd6711f16e5
2021-05-07[AAF][CASSANDRA] Lower disk claimSylvain Desbureaux1-1/+1
Currently, AAF Cassandra is claiming 20Gi of disk. After boot, use is around 140Mi and after 3 monthes, it's 3.8Gi. 5Gi seems a better value. Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ia4f92709824a441a8d2d23c42d0b0b31f0dae778
2021-03-29Merge "[AAF][SMS] Relax Vault limits"Sylvain Desbureaux1-4/+4
2021-03-26[HOLMES] Migrate Holmes from Cloudify to HelmGuangrongFu7-2/+32
Instead of using cloudify, use helm directly in order to deploy the charts. Change-Id: I6c97862898ab34b63a15b942b1396c0d19179e46 Issue-ID: HOLMES-396 Signed-off-by: GuangrongFu <fu.guangrong@zte.com.cn> [Adding AAF part and change nodeports] Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2021-03-26[AAF][SMS] Relax Vault limitsSylvain Desbureaux1-4/+4
AAF SMS Vault has been seen having 'OOM Killed' pods at start. Relaxing the limits sets in order to avoid it. Issue-ID: OOM-2711 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ie22bd1e90017207b326faf8b7c6dda23ffe7950a
2021-03-26[DMAAP][MR] Retrieve certs automaticallySylvain Desbureaux1-1/+1
Instead of hardcoding certificates inside the container, use cert initializer in order to retrieve them automatically at start. Issue-ID: DMAAP-1547 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I7fcb8831539d8d9d5d25bcaae44a3c66672f7b1a
2021-03-24[DOC][COMMON] Prepare Honolulu releaseSylvain Desbureaux34-71/+71
Updating the documentation and bumping version to 8.0.0 Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6f942f1466fed64264c44fb8fc0e1ffc93a98f18
2021-03-22Merge "[VNFSDK] Automatically retrieve certificates"Krzysztof Opasiak7-1/+16
2021-03-20[VNFSDK] Automatically retrieve certificatesSylvain Desbureaux7-1/+16
Instead of using hardcoded certificates, let's use certInitializer in order to retrieve them. Issue-ID: OOM-2696 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6ed12dda660647cd0990c34f51e6c05ed533774a
2021-03-20[OOF] Update containers to latest versionskrishnaa963-1/+21
- OSDF: 3.0.4 - Fixed NST selection response - HAS: 2.1.4 - Fixed SDC interface - Fixed weak cryptography issues - CMSO: 2.3.2 - Fixed weak cryptography issues Chart changes - Remove encrypted password from CMSO and move it to k8s secret Issue-ID: OPTFRA-917 Signed-off-by: Krishna Moorthy <krishna.moorthy6@wipro.com> Change-Id: I1cf272f66f76412d5042fdf3ed3bcf1d461ab254
2021-03-18[AAF][SMS] Relax CPU limits for vaultSylvain Desbureaux1-2/+1
Current limits makes vault to throttle and at the end it's not able to start. This patch relaxes the CPU limit value so it should be better at start. Issue-ID: OOM-2230 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I4dc49dc7f0d03ba4140367d985264b7337b52417
2021-02-28[A1P] Retrieve the certificates automaticallySylvain Desbureaux7-1/+15
Instead of using hardcoded certificates in the container, let's retrieve them automatically. Issue-ID: OOM-2681 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If08469469fecdc8bf86d080980f221e5941a2329
2021-02-27[COMMON][CERTINIT] Fail if cert retrieval failsSylvain Desbureaux1-4/+4
Current script that retrieve certificates can fail but exit code will be 0. We then add a check in the script in order to avoid such issue Issue-ID: OOM-2688 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib41c66a4de46db8752f68ef35a2bfb67ca575246
2021-02-22[AAI][TRAVERSAL] Remove Hardcoded certificatesSylvain Desbureaux7-1/+15
Use Certinitializer in order to retrieve needed certificates. Issue-ID: OOM-2680 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I1ec295d863f8f6c0d11e64173b474e82f63e6b17
2021-02-22[AAI][RESOURCES] Remove Hardcoded certificatesSylvain Desbureaux7-1/+16
Use Certinitializer in order to retrieve needed certificates. Issue-ID: OOM-2655 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ie05936be0f513c76ea4dce31b8a460056b79a4b0
2021-02-19[CLI] Retrieve certificates automaticallySylvain Desbureaux7-10/+24
Instead of having hardocoded certificates, use certManager in order to retrieve them. Issue-ID: OOM-2684 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I20df713b7552b27392407db985fd402c259874e4
2021-02-18[APPC][CDT] Automatically retrieve certificatesSylvain Desbureaux7-1/+15
Instead of using hardcoded certificates in container, use certInitializer in order to retrieve them. Issue-ID: OOM-2682 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I93b7a1a0bddf2540e222ec4406d0cfd12f6f5e5e
2021-02-16[MSB] Use certInitializer for MSBSylvain Desbureaux7-1/+31
MSB is currently using an hardcoded certificate. In order to follow SECOMMON requirements, let's use a freshly generated certificate instead Issue-ID: MSB-521 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I157e44a6e30391c36c0142acfa08604c37b79cc4
2021-02-12[AAF] Give `identities.dat` to working deploymentsSylvain Desbureaux6-36/+32
Today, `identities.dat` is put on cassandra deployment. But this file is actually needed by "working" deployments (at least certman and service) and not by cassandra. This patch removes it from cassandra deployments and add it to the other ones form "authz" family. Issue-ID: OOM-2678 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I2a4b68f73797cd6c369060481e169525829a4217
2021-02-02[AAI] Use CertInitializer for AAI ProxySylvain Desbureaux1-2/+2
Instead of using an harcoded certificate for AAI Haproxy, let's use certInitializer in order to have a fresh one. Issue-ID: OOM-2654 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Id07af4084ae714bc7ba7132b218434229a0ba866
2021-01-15[AAF] Externalizes init data out from aaf-cassSylvain Desbureaux24-14/+1663
Instead of keep initialization data into the docker image, we move them to the chart. This will simplify adding / removing certificates as no image release will be necessary, but only a change in OOM which can be directly tested. This reverts commit aa950d2ea4afa900c69eb622a776c8830a1c4e33. Reason for revert: Changed the initial commit in order to make it really work. Issue-ID: OOM-2586 Change-Id: I1091d8940a8499503c72bd92ded9a54f08091ee3 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2021-01-06[CMPV2] Add a template for Certificate (cert-manager)Jan Malkiewicz1-0/+1
This commit introduces a template for requesting a cert-manager certificate. See: https://cert-manager.io. It consist of the following parts: - a template for creating certificate in commons component - a definition of a certifcate object in sdnc component Issue-ID: OOM-2568 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: If58b8f12eff075d058db5a0fee3b2db5c2c93a17
2020-11-30[COMMON][DOC] Bump version GuilinSylvain Desbureaux34-72/+72
Update charts and requirements to 7.0.0. Create release notes for Guilin Update documentation Issue-ID: OOM-2638 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I965ed6b6ebb7d74bfddaff73edd3dd55a657841c
2020-11-27Merge "Revert "[AAF] externalizes init data out from aaf-cass image to chart""Krzysztof Opasiak24-1632/+13
2020-11-27Revert "[AAF] externalizes init data out from aaf-cass image to chart"Sylvain Desbureaux24-1632/+13
This reverts commit a8c57a9bdb75a6778cae512ae83710ad8af361e4. Reason for revert: AAF on master is broken Issue-ID: OOM-2586 Change-Id: I0c1cfb2c7be0a8884ca003523d847c3cf0c3ab20 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-11-26Merge "[AAF] Uses new tpls for repos / images"Krzysztof Opasiak61-183/+428
2020-11-24Merge "[AAF] externalizes init data out from aaf-cass image to chart"Krzysztof Opasiak24-13/+1632
2020-11-24[AAF] Uses new tpls for repos / imagesSylvain Desbureaux61-192/+437
This commit makes aaf chart to use the new generator for repositories and images. As new templates doesn't work well with "sub charts", we move also subcharts to components folder. Issue-ID: OOM-2364 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Idcb67c5c96438efd7cee4b0fa3238d5762339b3e
2020-11-20[GENERIC] move from registry.hub.docker.com to docker.ioSylvain Desbureaux9-18/+18
`registry.hub.docker.com` needs authentication now, in contrary to previous behavior. As OOM deployments is unauthenticated when using docker hib repository, all OOM deployments is broken. `docker.io` seems to be still OK with unauthenticated requests so let's move to this endpoint. Issue-ID: OOM-2636 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Iea81b882d347124af22b0a9c408081706b1c6c6d
2020-11-18[AAF] externalizes init data out from aaf-cass image to chartJohn J. Franey24-13/+1632
The initialization data appear as resources to the chart. The templates were modified to define ConfigMaps and Deployment to mount them to the aaf-cass container when it starts. The existing aaf-cass initialization script in the image will load the database from these files. Issue-ID: OOM-2586 Signed-off-by: John J. Franey <john.franey@att.com> Change-Id: I6be0d4c6739cedfbca5df4ddb527eee2583f74a7 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-10-22Merge "[Tree-wide] Add helmignore to ignore components"Sylvain Desbureaux1-21/+22
2020-10-21[AAF] change comment styleJakub Latusek25-0/+50
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Change-Id: Id9157f3332870a79575b20ff89558ea875626484 Issue-ID: OOM-2562
2020-10-21[Tree-wide] Add helmignore to ignore componentsKrzysztof Opasiak1-21/+22
components directory takes up a lot of space and is included during helm package Lets remove it using .helmignore This is just a copy of idea showed in: "[OOF] Add helmignore to ignore components" by krishnaa96 <krishna.moorthy6@wipro.com> Issue-ID: OOM-2534 Suggested-by: krishnaa96 <krishna.moorthy6@wipro.com> Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I25c82e79ba2c472b7761a63365573188ab8db56b
2020-10-16Update makefiles to use specific helm versionJakub Latusek2-8/+10
Helm is now called by HELM_BIN variable which by default is set to helm and makefiles use helm from path. HELM_BIN can be overwritten so user can have two version of helm in system and choose which one to use. Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: I0917796aafe234e87afa0ac3c4c15720296276d5
2020-09-25Merge "Remove fields not defined in jobs specification"Sylvain Desbureaux4-4/+0
2020-09-25Remove fields not defined in jobs specificationJakub Latusek4-5/+1
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: I11f83a4716b5039e6396a63707f52268db013490
2020-09-25Merge "Set services names in statefulset templates"Sylvain Desbureaux3-2/+7
2020-09-25Merge "Use common.resources in aaf-sshsm-abrmd template"Sylvain Desbureaux1-1/+1
2020-09-25Merge "Correction of the conditional statement"Sylvain Desbureaux1-1/+1