aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/aaf
AgeCommit message (Collapse)AuthorFilesLines
2021-09-08[SO] Add TLS configuration for SO API IngressSylvain Desbureaux1-1/+1
Instead of terminating TLS on SO POD, let's terminate it on its Ingress. This patch uses certInitializer to create the right certificates and put them in a secret. This secret is then referenced on SO Ingress. Issue-ID: SO-3078 Issue-ID: SO-3237 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Icdc8cf6fc84cb3b3c337b4f4e5320980eee06337
2021-07-02[AAF] Allow to choose which subcomponents to runSylvain Desbureaux2-0/+19
AAF has 4 sub components underneath: - AAF Authz (for generating, signing the certificates) - AAF Hello (example on how to use AAF Authz) - AAF SMS (for storing sensible values in Vault) - AAF SSHMS (for using TPM devices) This commits allows to choose which components will be used by default. As SSHMS is not updated for a while and AAF Hello is an example, we also disable them. Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6e0fde7b2b413762158c58de94b933182203d9f1
2021-05-25[POLICY] Remove invalid SAN entries in AAF certsjhh1-2/+1
Discarded obsolete service names (brmsgw, pap, pdp that refer to the deprecated policy engine) and updated service name for drools. Issue-ID: POLICY-3327 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: Ifeceabb594c2d1b9cbdf90ca45cf0be5d6aed875 Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
2021-05-11[POLICY] Release Policy-clamp 6.1.1sebdet2-1/+2
Update the version to 6.1.1 + required config changes due to Camel & Spring upgrades & Sonar fixes Issue-ID: POLICY-3224 Signed-off-by: sebdet <sebastien.determe@intl.att.com> Change-Id: I7cf2caff461b88326d3ec90c9eea0fd6711f16e5
2021-05-07[AAF][CASSANDRA] Lower disk claimSylvain Desbureaux1-1/+1
Currently, AAF Cassandra is claiming 20Gi of disk. After boot, use is around 140Mi and after 3 monthes, it's 3.8Gi. 5Gi seems a better value. Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ia4f92709824a441a8d2d23c42d0b0b31f0dae778
2021-03-29Merge "[AAF][SMS] Relax Vault limits"Sylvain Desbureaux1-4/+4
2021-03-26[HOLMES] Migrate Holmes from Cloudify to HelmGuangrongFu7-2/+32
Instead of using cloudify, use helm directly in order to deploy the charts. Change-Id: I6c97862898ab34b63a15b942b1396c0d19179e46 Issue-ID: HOLMES-396 Signed-off-by: GuangrongFu <fu.guangrong@zte.com.cn> [Adding AAF part and change nodeports] Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2021-03-26[AAF][SMS] Relax Vault limitsSylvain Desbureaux1-4/+4
AAF SMS Vault has been seen having 'OOM Killed' pods at start. Relaxing the limits sets in order to avoid it. Issue-ID: OOM-2711 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ie22bd1e90017207b326faf8b7c6dda23ffe7950a
2021-03-26[DMAAP][MR] Retrieve certs automaticallySylvain Desbureaux1-1/+1
Instead of hardcoding certificates inside the container, use cert initializer in order to retrieve them automatically at start. Issue-ID: DMAAP-1547 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I7fcb8831539d8d9d5d25bcaae44a3c66672f7b1a
2021-03-24[DOC][COMMON] Prepare Honolulu releaseSylvain Desbureaux34-71/+71
Updating the documentation and bumping version to 8.0.0 Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6f942f1466fed64264c44fb8fc0e1ffc93a98f18
2021-03-22Merge "[VNFSDK] Automatically retrieve certificates"Krzysztof Opasiak7-1/+16
2021-03-20[VNFSDK] Automatically retrieve certificatesSylvain Desbureaux7-1/+16
Instead of using hardcoded certificates, let's use certInitializer in order to retrieve them. Issue-ID: OOM-2696 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6ed12dda660647cd0990c34f51e6c05ed533774a
2021-03-20[OOF] Update containers to latest versionskrishnaa963-1/+21
- OSDF: 3.0.4 - Fixed NST selection response - HAS: 2.1.4 - Fixed SDC interface - Fixed weak cryptography issues - CMSO: 2.3.2 - Fixed weak cryptography issues Chart changes - Remove encrypted password from CMSO and move it to k8s secret Issue-ID: OPTFRA-917 Signed-off-by: Krishna Moorthy <krishna.moorthy6@wipro.com> Change-Id: I1cf272f66f76412d5042fdf3ed3bcf1d461ab254
2021-03-18[AAF][SMS] Relax CPU limits for vaultSylvain Desbureaux1-2/+1
Current limits makes vault to throttle and at the end it's not able to start. This patch relaxes the CPU limit value so it should be better at start. Issue-ID: OOM-2230 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I4dc49dc7f0d03ba4140367d985264b7337b52417
2021-02-28[A1P] Retrieve the certificates automaticallySylvain Desbureaux7-1/+15
Instead of using hardcoded certificates in the container, let's retrieve them automatically. Issue-ID: OOM-2681 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If08469469fecdc8bf86d080980f221e5941a2329
2021-02-27[COMMON][CERTINIT] Fail if cert retrieval failsSylvain Desbureaux1-4/+4
Current script that retrieve certificates can fail but exit code will be 0. We then add a check in the script in order to avoid such issue Issue-ID: OOM-2688 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib41c66a4de46db8752f68ef35a2bfb67ca575246
2021-02-22[AAI][TRAVERSAL] Remove Hardcoded certificatesSylvain Desbureaux7-1/+15
Use Certinitializer in order to retrieve needed certificates. Issue-ID: OOM-2680 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I1ec295d863f8f6c0d11e64173b474e82f63e6b17
2021-02-22[AAI][RESOURCES] Remove Hardcoded certificatesSylvain Desbureaux7-1/+16
Use Certinitializer in order to retrieve needed certificates. Issue-ID: OOM-2655 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ie05936be0f513c76ea4dce31b8a460056b79a4b0
2021-02-19[CLI] Retrieve certificates automaticallySylvain Desbureaux7-10/+24
Instead of having hardocoded certificates, use certManager in order to retrieve them. Issue-ID: OOM-2684 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I20df713b7552b27392407db985fd402c259874e4
2021-02-18[APPC][CDT] Automatically retrieve certificatesSylvain Desbureaux7-1/+15
Instead of using hardcoded certificates in container, use certInitializer in order to retrieve them. Issue-ID: OOM-2682 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I93b7a1a0bddf2540e222ec4406d0cfd12f6f5e5e
2021-02-16[MSB] Use certInitializer for MSBSylvain Desbureaux7-1/+31
MSB is currently using an hardcoded certificate. In order to follow SECOMMON requirements, let's use a freshly generated certificate instead Issue-ID: MSB-521 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I157e44a6e30391c36c0142acfa08604c37b79cc4
2021-02-12[AAF] Give `identities.dat` to working deploymentsSylvain Desbureaux6-36/+32
Today, `identities.dat` is put on cassandra deployment. But this file is actually needed by "working" deployments (at least certman and service) and not by cassandra. This patch removes it from cassandra deployments and add it to the other ones form "authz" family. Issue-ID: OOM-2678 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I2a4b68f73797cd6c369060481e169525829a4217
2021-02-02[AAI] Use CertInitializer for AAI ProxySylvain Desbureaux1-2/+2
Instead of using an harcoded certificate for AAI Haproxy, let's use certInitializer in order to have a fresh one. Issue-ID: OOM-2654 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Id07af4084ae714bc7ba7132b218434229a0ba866
2021-01-15[AAF] Externalizes init data out from aaf-cassSylvain Desbureaux24-14/+1663
Instead of keep initialization data into the docker image, we move them to the chart. This will simplify adding / removing certificates as no image release will be necessary, but only a change in OOM which can be directly tested. This reverts commit aa950d2ea4afa900c69eb622a776c8830a1c4e33. Reason for revert: Changed the initial commit in order to make it really work. Issue-ID: OOM-2586 Change-Id: I1091d8940a8499503c72bd92ded9a54f08091ee3 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2021-01-06[CMPV2] Add a template for Certificate (cert-manager)Jan Malkiewicz1-0/+1
This commit introduces a template for requesting a cert-manager certificate. See: https://cert-manager.io. It consist of the following parts: - a template for creating certificate in commons component - a definition of a certifcate object in sdnc component Issue-ID: OOM-2568 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: If58b8f12eff075d058db5a0fee3b2db5c2c93a17
2020-11-30[COMMON][DOC] Bump version GuilinSylvain Desbureaux34-72/+72
Update charts and requirements to 7.0.0. Create release notes for Guilin Update documentation Issue-ID: OOM-2638 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I965ed6b6ebb7d74bfddaff73edd3dd55a657841c
2020-11-27Merge "Revert "[AAF] externalizes init data out from aaf-cass image to chart""Krzysztof Opasiak24-1632/+13
2020-11-27Revert "[AAF] externalizes init data out from aaf-cass image to chart"Sylvain Desbureaux24-1632/+13
This reverts commit a8c57a9bdb75a6778cae512ae83710ad8af361e4. Reason for revert: AAF on master is broken Issue-ID: OOM-2586 Change-Id: I0c1cfb2c7be0a8884ca003523d847c3cf0c3ab20 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-11-26Merge "[AAF] Uses new tpls for repos / images"Krzysztof Opasiak61-183/+428
2020-11-24Merge "[AAF] externalizes init data out from aaf-cass image to chart"Krzysztof Opasiak24-13/+1632
2020-11-24[AAF] Uses new tpls for repos / imagesSylvain Desbureaux61-192/+437
This commit makes aaf chart to use the new generator for repositories and images. As new templates doesn't work well with "sub charts", we move also subcharts to components folder. Issue-ID: OOM-2364 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Idcb67c5c96438efd7cee4b0fa3238d5762339b3e
2020-11-20[GENERIC] move from registry.hub.docker.com to docker.ioSylvain Desbureaux9-18/+18
`registry.hub.docker.com` needs authentication now, in contrary to previous behavior. As OOM deployments is unauthenticated when using docker hib repository, all OOM deployments is broken. `docker.io` seems to be still OK with unauthenticated requests so let's move to this endpoint. Issue-ID: OOM-2636 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Iea81b882d347124af22b0a9c408081706b1c6c6d
2020-11-18[AAF] externalizes init data out from aaf-cass image to chartJohn J. Franey24-13/+1632
The initialization data appear as resources to the chart. The templates were modified to define ConfigMaps and Deployment to mount them to the aaf-cass container when it starts. The existing aaf-cass initialization script in the image will load the database from these files. Issue-ID: OOM-2586 Signed-off-by: John J. Franey <john.franey@att.com> Change-Id: I6be0d4c6739cedfbca5df4ddb527eee2583f74a7 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-10-22Merge "[Tree-wide] Add helmignore to ignore components"Sylvain Desbureaux1-21/+22
2020-10-21[AAF] change comment styleJakub Latusek25-0/+50
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Change-Id: Id9157f3332870a79575b20ff89558ea875626484 Issue-ID: OOM-2562
2020-10-21[Tree-wide] Add helmignore to ignore componentsKrzysztof Opasiak1-21/+22
components directory takes up a lot of space and is included during helm package Lets remove it using .helmignore This is just a copy of idea showed in: "[OOF] Add helmignore to ignore components" by krishnaa96 <krishna.moorthy6@wipro.com> Issue-ID: OOM-2534 Suggested-by: krishnaa96 <krishna.moorthy6@wipro.com> Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I25c82e79ba2c472b7761a63365573188ab8db56b
2020-10-16Update makefiles to use specific helm versionJakub Latusek2-8/+10
Helm is now called by HELM_BIN variable which by default is set to helm and makefiles use helm from path. HELM_BIN can be overwritten so user can have two version of helm in system and choose which one to use. Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: I0917796aafe234e87afa0ac3c4c15720296276d5
2020-09-25Merge "Remove fields not defined in jobs specification"Sylvain Desbureaux4-4/+0
2020-09-25Remove fields not defined in jobs specificationJakub Latusek4-5/+1
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: I11f83a4716b5039e6396a63707f52268db013490
2020-09-25Merge "Set services names in statefulset templates"Sylvain Desbureaux3-2/+7
2020-09-25Merge "Use common.resources in aaf-sshsm-abrmd template"Sylvain Desbureaux1-1/+1
2020-09-25Merge "Correction of the conditional statement"Sylvain Desbureaux1-1/+1
2020-09-24Set services names in statefulset templatesJakub Latusek3-2/+7
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Change-Id: Ied19470d1e8f499ba55a08d3753f8a5b1592ffc6 Issue-ID: OOM-2562
2020-09-24Correction of the conditional statementJakub Latusek1-1/+1
End of if statement end to early and not contains nodeLabel values Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Change-Id: If945f9a15d059118b4d11781df1687db249f67da Issue-ID: OOM-2562
2020-09-24Use common.resources in aaf-sshsm-abrmd templateJakub Latusek1-1/+1
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Change-Id: I88585d84d43fb7678e0837a40fc432641bd60d8e Issue-ID: OOM-2562
2020-09-24Change aaf-sshsm statefulset to deploymentJakub Latusek1-1/+1
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: I14bfe09787b59b366472778a5ca5bdc50c3f83f7
2020-09-18[OOM] Moving cert-service to platformMaciej Malewski16-480/+2
aaf-cert-service has been renamed to oom-cert-service and moved from oom/kubernetes/aaf/components to oom/kubernetes/platform/components. All aaf-cert-service references have been replaced with oom-cert-service. Issue-ID: OOM-2526 Change-Id: I70ef4bf3ee7085a5ef7075bde68eb0ea0a95ebf7 Signed-off-by: Maciej Malewski <maciej.malewski@nokia.com>
2020-09-04[GENERAL] Use readiness container v3.0.1Sylvain Desbureaux17-34/+24
Readiness container v3.x and up are now present in ONAP main repository. They're also not using root user anymore and then script path has changed. Finally, "job_complete" script has been integrated in main "ready" script. As those changes are significant, we must upgrade all the components at once. Depends-On: I5afa83892043f4844afe12e61724a8d368a9f2e0 Issue-ID: OOM-2545 Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com> Change-Id: I0b4eb5dd86390273532d67d0a9696e1cfcadf110
2020-07-23[AAF] Make AAF compatible with Kubernetes v1.17Grzegorz-Lis3-3/+12
Issue-ID: OOM-2446 Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com> Change-Id: Ia0d503b510fbc5681b9b3aa46a6187d3ba623603
2020-07-20[AAF Certservice] Update versions to 1.2.0Piotr Marcinkiewicz1-1/+1
Update Cert Service version to 1.2.0 in order to allow creation not existing subdirectories where certs will be located. Issue-ID: DCAEGEN2-2252 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I83560e21a6894c8869201205000bb7c41956176a