summaryrefslogtreecommitdiffstats
path: root/kubernetes/aaf
AgeCommit message (Collapse)AuthorFilesLines
2021-03-26[DMAAP][MR] Retrieve certs automaticallySylvain Desbureaux1-1/+1
Instead of hardcoding certificates inside the container, use cert initializer in order to retrieve them automatically at start. Issue-ID: DMAAP-1547 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I7fcb8831539d8d9d5d25bcaae44a3c66672f7b1a
2021-03-24[DOC][COMMON] Prepare Honolulu releaseSylvain Desbureaux34-71/+71
Updating the documentation and bumping version to 8.0.0 Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6f942f1466fed64264c44fb8fc0e1ffc93a98f18
2021-03-22Merge "[VNFSDK] Automatically retrieve certificates"Krzysztof Opasiak7-1/+16
2021-03-20[VNFSDK] Automatically retrieve certificatesSylvain Desbureaux7-1/+16
Instead of using hardcoded certificates, let's use certInitializer in order to retrieve them. Issue-ID: OOM-2696 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6ed12dda660647cd0990c34f51e6c05ed533774a
2021-03-20[OOF] Update containers to latest versionskrishnaa963-1/+21
- OSDF: 3.0.4 - Fixed NST selection response - HAS: 2.1.4 - Fixed SDC interface - Fixed weak cryptography issues - CMSO: 2.3.2 - Fixed weak cryptography issues Chart changes - Remove encrypted password from CMSO and move it to k8s secret Issue-ID: OPTFRA-917 Signed-off-by: Krishna Moorthy <krishna.moorthy6@wipro.com> Change-Id: I1cf272f66f76412d5042fdf3ed3bcf1d461ab254
2021-03-18[AAF][SMS] Relax CPU limits for vaultSylvain Desbureaux1-2/+1
Current limits makes vault to throttle and at the end it's not able to start. This patch relaxes the CPU limit value so it should be better at start. Issue-ID: OOM-2230 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I4dc49dc7f0d03ba4140367d985264b7337b52417
2021-02-28[A1P] Retrieve the certificates automaticallySylvain Desbureaux7-1/+15
Instead of using hardcoded certificates in the container, let's retrieve them automatically. Issue-ID: OOM-2681 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If08469469fecdc8bf86d080980f221e5941a2329
2021-02-27[COMMON][CERTINIT] Fail if cert retrieval failsSylvain Desbureaux1-4/+4
Current script that retrieve certificates can fail but exit code will be 0. We then add a check in the script in order to avoid such issue Issue-ID: OOM-2688 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib41c66a4de46db8752f68ef35a2bfb67ca575246
2021-02-22[AAI][TRAVERSAL] Remove Hardcoded certificatesSylvain Desbureaux7-1/+15
Use Certinitializer in order to retrieve needed certificates. Issue-ID: OOM-2680 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I1ec295d863f8f6c0d11e64173b474e82f63e6b17
2021-02-22[AAI][RESOURCES] Remove Hardcoded certificatesSylvain Desbureaux7-1/+16
Use Certinitializer in order to retrieve needed certificates. Issue-ID: OOM-2655 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ie05936be0f513c76ea4dce31b8a460056b79a4b0
2021-02-19[CLI] Retrieve certificates automaticallySylvain Desbureaux7-10/+24
Instead of having hardocoded certificates, use certManager in order to retrieve them. Issue-ID: OOM-2684 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I20df713b7552b27392407db985fd402c259874e4
2021-02-18[APPC][CDT] Automatically retrieve certificatesSylvain Desbureaux7-1/+15
Instead of using hardcoded certificates in container, use certInitializer in order to retrieve them. Issue-ID: OOM-2682 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I93b7a1a0bddf2540e222ec4406d0cfd12f6f5e5e
2021-02-16[MSB] Use certInitializer for MSBSylvain Desbureaux7-1/+31
MSB is currently using an hardcoded certificate. In order to follow SECOMMON requirements, let's use a freshly generated certificate instead Issue-ID: MSB-521 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I157e44a6e30391c36c0142acfa08604c37b79cc4
2021-02-12[AAF] Give `identities.dat` to working deploymentsSylvain Desbureaux6-36/+32
Today, `identities.dat` is put on cassandra deployment. But this file is actually needed by "working" deployments (at least certman and service) and not by cassandra. This patch removes it from cassandra deployments and add it to the other ones form "authz" family. Issue-ID: OOM-2678 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I2a4b68f73797cd6c369060481e169525829a4217
2021-02-02[AAI] Use CertInitializer for AAI ProxySylvain Desbureaux1-2/+2
Instead of using an harcoded certificate for AAI Haproxy, let's use certInitializer in order to have a fresh one. Issue-ID: OOM-2654 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Id07af4084ae714bc7ba7132b218434229a0ba866
2021-01-15[AAF] Externalizes init data out from aaf-cassSylvain Desbureaux24-14/+1663
Instead of keep initialization data into the docker image, we move them to the chart. This will simplify adding / removing certificates as no image release will be necessary, but only a change in OOM which can be directly tested. This reverts commit aa950d2ea4afa900c69eb622a776c8830a1c4e33. Reason for revert: Changed the initial commit in order to make it really work. Issue-ID: OOM-2586 Change-Id: I1091d8940a8499503c72bd92ded9a54f08091ee3 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2021-01-06[CMPV2] Add a template for Certificate (cert-manager)Jan Malkiewicz1-0/+1
This commit introduces a template for requesting a cert-manager certificate. See: https://cert-manager.io. It consist of the following parts: - a template for creating certificate in commons component - a definition of a certifcate object in sdnc component Issue-ID: OOM-2568 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: If58b8f12eff075d058db5a0fee3b2db5c2c93a17
2020-11-30[COMMON][DOC] Bump version GuilinSylvain Desbureaux34-72/+72
Update charts and requirements to 7.0.0. Create release notes for Guilin Update documentation Issue-ID: OOM-2638 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I965ed6b6ebb7d74bfddaff73edd3dd55a657841c
2020-11-27Merge "Revert "[AAF] externalizes init data out from aaf-cass image to chart""Krzysztof Opasiak24-1632/+13
2020-11-27Revert "[AAF] externalizes init data out from aaf-cass image to chart"Sylvain Desbureaux24-1632/+13
This reverts commit a8c57a9bdb75a6778cae512ae83710ad8af361e4. Reason for revert: AAF on master is broken Issue-ID: OOM-2586 Change-Id: I0c1cfb2c7be0a8884ca003523d847c3cf0c3ab20 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-11-26Merge "[AAF] Uses new tpls for repos / images"Krzysztof Opasiak61-183/+428
2020-11-24Merge "[AAF] externalizes init data out from aaf-cass image to chart"Krzysztof Opasiak24-13/+1632
2020-11-24[AAF] Uses new tpls for repos / imagesSylvain Desbureaux61-192/+437
This commit makes aaf chart to use the new generator for repositories and images. As new templates doesn't work well with "sub charts", we move also subcharts to components folder. Issue-ID: OOM-2364 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Idcb67c5c96438efd7cee4b0fa3238d5762339b3e
2020-11-20[GENERIC] move from registry.hub.docker.com to docker.ioSylvain Desbureaux9-18/+18
`registry.hub.docker.com` needs authentication now, in contrary to previous behavior. As OOM deployments is unauthenticated when using docker hib repository, all OOM deployments is broken. `docker.io` seems to be still OK with unauthenticated requests so let's move to this endpoint. Issue-ID: OOM-2636 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Iea81b882d347124af22b0a9c408081706b1c6c6d
2020-11-18[AAF] externalizes init data out from aaf-cass image to chartJohn J. Franey24-13/+1632
The initialization data appear as resources to the chart. The templates were modified to define ConfigMaps and Deployment to mount them to the aaf-cass container when it starts. The existing aaf-cass initialization script in the image will load the database from these files. Issue-ID: OOM-2586 Signed-off-by: John J. Franey <john.franey@att.com> Change-Id: I6be0d4c6739cedfbca5df4ddb527eee2583f74a7 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-10-22Merge "[Tree-wide] Add helmignore to ignore components"Sylvain Desbureaux1-21/+22
2020-10-21[AAF] change comment styleJakub Latusek25-0/+50
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Change-Id: Id9157f3332870a79575b20ff89558ea875626484 Issue-ID: OOM-2562
2020-10-21[Tree-wide] Add helmignore to ignore componentsKrzysztof Opasiak1-21/+22
components directory takes up a lot of space and is included during helm package Lets remove it using .helmignore This is just a copy of idea showed in: "[OOF] Add helmignore to ignore components" by krishnaa96 <krishna.moorthy6@wipro.com> Issue-ID: OOM-2534 Suggested-by: krishnaa96 <krishna.moorthy6@wipro.com> Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I25c82e79ba2c472b7761a63365573188ab8db56b
2020-10-16Update makefiles to use specific helm versionJakub Latusek2-8/+10
Helm is now called by HELM_BIN variable which by default is set to helm and makefiles use helm from path. HELM_BIN can be overwritten so user can have two version of helm in system and choose which one to use. Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: I0917796aafe234e87afa0ac3c4c15720296276d5
2020-09-25Merge "Remove fields not defined in jobs specification"Sylvain Desbureaux4-4/+0
2020-09-25Remove fields not defined in jobs specificationJakub Latusek4-5/+1
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: I11f83a4716b5039e6396a63707f52268db013490
2020-09-25Merge "Set services names in statefulset templates"Sylvain Desbureaux3-2/+7
2020-09-25Merge "Use common.resources in aaf-sshsm-abrmd template"Sylvain Desbureaux1-1/+1
2020-09-25Merge "Correction of the conditional statement"Sylvain Desbureaux1-1/+1
2020-09-24Set services names in statefulset templatesJakub Latusek3-2/+7
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Change-Id: Ied19470d1e8f499ba55a08d3753f8a5b1592ffc6 Issue-ID: OOM-2562
2020-09-24Correction of the conditional statementJakub Latusek1-1/+1
End of if statement end to early and not contains nodeLabel values Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Change-Id: If945f9a15d059118b4d11781df1687db249f67da Issue-ID: OOM-2562
2020-09-24Use common.resources in aaf-sshsm-abrmd templateJakub Latusek1-1/+1
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Change-Id: I88585d84d43fb7678e0837a40fc432641bd60d8e Issue-ID: OOM-2562
2020-09-24Change aaf-sshsm statefulset to deploymentJakub Latusek1-1/+1
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: I14bfe09787b59b366472778a5ca5bdc50c3f83f7
2020-09-18[OOM] Moving cert-service to platformMaciej Malewski16-480/+2
aaf-cert-service has been renamed to oom-cert-service and moved from oom/kubernetes/aaf/components to oom/kubernetes/platform/components. All aaf-cert-service references have been replaced with oom-cert-service. Issue-ID: OOM-2526 Change-Id: I70ef4bf3ee7085a5ef7075bde68eb0ea0a95ebf7 Signed-off-by: Maciej Malewski <maciej.malewski@nokia.com>
2020-09-04[GENERAL] Use readiness container v3.0.1Sylvain Desbureaux17-34/+24
Readiness container v3.x and up are now present in ONAP main repository. They're also not using root user anymore and then script path has changed. Finally, "job_complete" script has been integrated in main "ready" script. As those changes are significant, we must upgrade all the components at once. Depends-On: I5afa83892043f4844afe12e61724a8d368a9f2e0 Issue-ID: OOM-2545 Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com> Change-Id: I0b4eb5dd86390273532d67d0a9696e1cfcadf110
2020-07-23[AAF] Make AAF compatible with Kubernetes v1.17Grzegorz-Lis3-3/+12
Issue-ID: OOM-2446 Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com> Change-Id: Ia0d503b510fbc5681b9b3aa46a6187d3ba623603
2020-07-20[AAF Certservice] Update versions to 1.2.0Piotr Marcinkiewicz1-1/+1
Update Cert Service version to 1.2.0 in order to allow creation not existing subdirectories where certs will be located. Issue-ID: DCAEGEN2-2252 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I83560e21a6894c8869201205000bb7c41956176a
2020-07-09[AAF CertService] Increase certificates validityTomasz Wrobel5-26/+26
Root keys of certificate should have 10 years validity. Issue-ID: AAF-1175 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com> Change-Id: I0ff9ed6ff095baa0797a2af50eca740e9b4a5c6b
2020-07-08[AAF CertService] Override outdated certificatesTomasz Wrobel5-30/+31
Certificates in AAF CertService expired Repleace by new certificates Issue-ID: AAF-1175 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com> Change-Id: Ic04e337adfbec2acb31b830cf4d5193b3a0a0e80
2020-07-02Correct image path resolving for cert servicekjaniak1-1/+1
Change-Id: I9c5bf34516d32bedaf8314044d71d6aad401966c Issue-ID: AAF-1152 Signed-off-by: kjaniak <kornel.janiak@nokia.com>
2020-07-01[AAF Certservice] Update versions to 1.1.0Remigiusz Janeczek1-1/+1
Allow use of OUTPUT_TYPE env in certservice client to define desired certificates format (one of: P12, JKS, PEM) Issue-ID: AAF-1152 Change-Id: I5065b659ae36d71209d643303896516042fabaa0 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
2020-06-08[AAF SMS] Use certInitializer for certificatesSylvain Desbureaux137-25/+708
AAF SMS was hardcoding its certificates in the container. This patch makes use of certInitializer in order to retrieve "fresh" certificates. In order to use certInitiliazer in a sub component, we had to move charts to component and add the right requirements. Issue-ID: AAF-1159 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6ec55eddffd54dd56b03cea1a6f0b437f8bfa299
2020-06-04Merge "[AAF] Add CMPv2 Cert Service"Sylvain Desbureaux14-0/+442
2020-06-01Using AAF release 2.1.23 dockersChrisC3-5/+5
Uplifting AAF to 2.1.23 Issue-ID: AAF-1127 Signed-off-by: ChrisC <christophe.closset@intl.att.com> Change-Id: Ib7f76feb6d3adc622d4f198a1f954062d84a3ca2
2020-05-28[AAF] Add CMPv2 Cert ServiceEmmettCox14-0/+442
This new micro service allow retrieval of certificates using CMPv2 protocol and relay the requests to CA server (such as EJBCA provided in contrib folder). Issue-ID: AAF-1083 Change-Id: Ib3acba3d071533ad933d043f067147e8406d8fa8 Signed-off-by: EmmettCox <emmett.cox@est.tech> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>