Age | Commit message (Collapse) | Author | Files | Lines |
|
Instead of terminating TLS on SO POD, let's terminate it on its Ingress.
This patch uses certInitializer to create the right certificates and put them in
a secret.
This secret is then referenced on SO Ingress.
Issue-ID: SO-3078
Issue-ID: SO-3237
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Icdc8cf6fc84cb3b3c337b4f4e5320980eee06337
|
|
AAF has 4 sub components underneath:
- AAF Authz (for generating, signing the certificates)
- AAF Hello (example on how to use AAF Authz)
- AAF SMS (for storing sensible values in Vault)
- AAF SSHMS (for using TPM devices)
This commits allows to choose which components will be used by default.
As SSHMS is not updated for a while and AAF Hello is an example, we also
disable them.
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6e0fde7b2b413762158c58de94b933182203d9f1
|
|
Discarded obsolete service names (brmsgw, pap, pdp that refer
to the deprecated policy engine) and updated service name
for drools.
Issue-ID: POLICY-3327
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Change-Id: Ifeceabb594c2d1b9cbdf90ca45cf0be5d6aed875
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
|
|
Update the version to 6.1.1
+ required config changes due to Camel
& Spring upgrades & Sonar fixes
Issue-ID: POLICY-3224
Signed-off-by: sebdet <sebastien.determe@intl.att.com>
Change-Id: I7cf2caff461b88326d3ec90c9eea0fd6711f16e5
|
|
Currently, AAF Cassandra is claiming 20Gi of disk.
After boot, use is around 140Mi and after 3 monthes, it's 3.8Gi.
5Gi seems a better value.
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ia4f92709824a441a8d2d23c42d0b0b31f0dae778
|
|
|
|
Instead of using cloudify, use helm directly in order to deploy the
charts.
Change-Id: I6c97862898ab34b63a15b942b1396c0d19179e46
Issue-ID: HOLMES-396
Signed-off-by: GuangrongFu <fu.guangrong@zte.com.cn>
[Adding AAF part and change nodeports]
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
AAF SMS Vault has been seen having 'OOM Killed' pods at start.
Relaxing the limits sets in order to avoid it.
Issue-ID: OOM-2711
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie22bd1e90017207b326faf8b7c6dda23ffe7950a
|
|
Instead of hardcoding certificates inside the container, use cert
initializer in order to retrieve them automatically at start.
Issue-ID: DMAAP-1547
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I7fcb8831539d8d9d5d25bcaae44a3c66672f7b1a
|
|
Updating the documentation and bumping version to 8.0.0
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6f942f1466fed64264c44fb8fc0e1ffc93a98f18
|
|
|
|
Instead of using hardcoded certificates, let's use certInitializer in
order to retrieve them.
Issue-ID: OOM-2696
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6ed12dda660647cd0990c34f51e6c05ed533774a
|
|
- OSDF: 3.0.4
- Fixed NST selection response
- HAS: 2.1.4
- Fixed SDC interface
- Fixed weak cryptography issues
- CMSO: 2.3.2
- Fixed weak cryptography issues
Chart changes
- Remove encrypted password from
CMSO and move it to k8s secret
Issue-ID: OPTFRA-917
Signed-off-by: Krishna Moorthy <krishna.moorthy6@wipro.com>
Change-Id: I1cf272f66f76412d5042fdf3ed3bcf1d461ab254
|
|
Current limits makes vault to throttle and at the end it's not able to
start.
This patch relaxes the CPU limit value so it should be better at start.
Issue-ID: OOM-2230
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I4dc49dc7f0d03ba4140367d985264b7337b52417
|
|
Instead of using hardcoded certificates in the container, let's retrieve
them automatically.
Issue-ID: OOM-2681
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If08469469fecdc8bf86d080980f221e5941a2329
|
|
Current script that retrieve certificates can fail but exit code will be
0. We then add a check in the script in order to avoid such issue
Issue-ID: OOM-2688
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib41c66a4de46db8752f68ef35a2bfb67ca575246
|
|
Use Certinitializer in order to retrieve needed certificates.
Issue-ID: OOM-2680
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I1ec295d863f8f6c0d11e64173b474e82f63e6b17
|
|
Use Certinitializer in order to retrieve needed certificates.
Issue-ID: OOM-2655
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie05936be0f513c76ea4dce31b8a460056b79a4b0
|
|
Instead of having hardocoded certificates, use certManager in order to
retrieve them.
Issue-ID: OOM-2684
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I20df713b7552b27392407db985fd402c259874e4
|
|
Instead of using hardcoded certificates in container, use
certInitializer in order to retrieve them.
Issue-ID: OOM-2682
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I93b7a1a0bddf2540e222ec4406d0cfd12f6f5e5e
|
|
MSB is currently using an hardcoded certificate. In order to follow
SECOMMON requirements, let's use a freshly generated certificate instead
Issue-ID: MSB-521
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I157e44a6e30391c36c0142acfa08604c37b79cc4
|
|
Today, `identities.dat` is put on cassandra deployment. But this file is
actually needed by "working" deployments (at least certman and service)
and not by cassandra.
This patch removes it from cassandra deployments and add it to the other
ones form "authz" family.
Issue-ID: OOM-2678
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I2a4b68f73797cd6c369060481e169525829a4217
|
|
Instead of using an harcoded certificate for AAI Haproxy, let's use
certInitializer in order to have a fresh one.
Issue-ID: OOM-2654
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Id07af4084ae714bc7ba7132b218434229a0ba866
|
|
Instead of keep initialization data into the docker image, we move them
to the chart.
This will simplify adding / removing certificates as no image release
will be necessary, but only a change in OOM which can be directly
tested.
This reverts commit aa950d2ea4afa900c69eb622a776c8830a1c4e33.
Reason for revert: Changed the initial commit in order to make it really
work.
Issue-ID: OOM-2586
Change-Id: I1091d8940a8499503c72bd92ded9a54f08091ee3
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
This commit introduces a template for requesting a cert-manager certificate.
See: https://cert-manager.io.
It consist of the following parts:
- a template for creating certificate in commons component
- a definition of a certifcate object in sdnc component
Issue-ID: OOM-2568
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: If58b8f12eff075d058db5a0fee3b2db5c2c93a17
|
|
Update charts and requirements to 7.0.0.
Create release notes for Guilin
Update documentation
Issue-ID: OOM-2638
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I965ed6b6ebb7d74bfddaff73edd3dd55a657841c
|
|
|
|
This reverts commit a8c57a9bdb75a6778cae512ae83710ad8af361e4.
Reason for revert: AAF on master is broken
Issue-ID: OOM-2586
Change-Id: I0c1cfb2c7be0a8884ca003523d847c3cf0c3ab20
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
|
|
|
|
This commit makes aaf chart to use the new generator for repositories and
images.
As new templates doesn't work well with "sub charts", we move also
subcharts to components folder.
Issue-ID: OOM-2364
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Idcb67c5c96438efd7cee4b0fa3238d5762339b3e
|
|
`registry.hub.docker.com` needs authentication now, in contrary to
previous behavior.
As OOM deployments is unauthenticated when using docker hib repository,
all OOM deployments is broken.
`docker.io` seems to be still OK with unauthenticated requests so let's
move to this endpoint.
Issue-ID: OOM-2636
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iea81b882d347124af22b0a9c408081706b1c6c6d
|
|
The initialization data appear as resources to the chart.
The templates were modified to define ConfigMaps and
Deployment to mount them to the aaf-cass container
when it starts. The existing aaf-cass initialization
script in the image will load the database from these files.
Issue-ID: OOM-2586
Signed-off-by: John J. Franey <john.franey@att.com>
Change-Id: I6be0d4c6739cedfbca5df4ddb527eee2583f74a7
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
|
|
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Change-Id: Id9157f3332870a79575b20ff89558ea875626484
Issue-ID: OOM-2562
|
|
components directory takes up a lot of
space and is included during helm package
Lets remove it using .helmignore
This is just a copy of idea showed in:
"[OOF] Add helmignore to ignore components"
by krishnaa96 <krishna.moorthy6@wipro.com>
Issue-ID: OOM-2534
Suggested-by: krishnaa96 <krishna.moorthy6@wipro.com>
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I25c82e79ba2c472b7761a63365573188ab8db56b
|
|
Helm is now called by HELM_BIN variable which by default is set to helm
and makefiles use helm from path. HELM_BIN can be overwritten so user
can have two version of helm in system and choose which one to use.
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
Change-Id: I0917796aafe234e87afa0ac3c4c15720296276d5
|
|
|
|
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
Change-Id: I11f83a4716b5039e6396a63707f52268db013490
|
|
|
|
|
|
|
|
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Change-Id: Ied19470d1e8f499ba55a08d3753f8a5b1592ffc6
Issue-ID: OOM-2562
|
|
End of if statement end to early and not contains nodeLabel values
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Change-Id: If945f9a15d059118b4d11781df1687db249f67da
Issue-ID: OOM-2562
|
|
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Change-Id: I88585d84d43fb7678e0837a40fc432641bd60d8e
Issue-ID: OOM-2562
|
|
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
Change-Id: I14bfe09787b59b366472778a5ca5bdc50c3f83f7
|
|
aaf-cert-service has been renamed to oom-cert-service and moved from oom/kubernetes/aaf/components to oom/kubernetes/platform/components.
All aaf-cert-service references have been replaced with oom-cert-service.
Issue-ID: OOM-2526
Change-Id: I70ef4bf3ee7085a5ef7075bde68eb0ea0a95ebf7
Signed-off-by: Maciej Malewski <maciej.malewski@nokia.com>
|
|
Readiness container v3.x and up are now present in ONAP main repository.
They're also not using root user anymore and then script path has
changed.
Finally, "job_complete" script has been integrated in main "ready"
script.
As those changes are significant, we must upgrade all the components at
once.
Depends-On: I5afa83892043f4844afe12e61724a8d368a9f2e0
Issue-ID: OOM-2545
Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com>
Change-Id: I0b4eb5dd86390273532d67d0a9696e1cfcadf110
|
|
Issue-ID: OOM-2446
Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com>
Change-Id: Ia0d503b510fbc5681b9b3aa46a6187d3ba623603
|
|
Update Cert Service version to 1.2.0 in order to allow creation
not existing subdirectories where certs will be located.
Issue-ID: DCAEGEN2-2252
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I83560e21a6894c8869201205000bb7c41956176a
|