Age | Commit message (Collapse) | Author | Files | Lines |
|
Allthough AAF is not needed for SM it might be required on
exceptional cases. In this case the sidecar needs to be disabled
for aaf-service and aaf-locate.
Additionally the order of chart creation need to be fixed and
the job of aaf-sms requires a sidecar killing.
Issue-ID: OOM-2820
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I77a2b3da4c826cf294c791bee0d1159233934253
|
|
AAF SMS is importing secrets in vault. CPS secret can be retrieved only
if cps is enabled.
this patch allows to disable CPS import in AAF SMS
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib33d2fe05bb6e13fb6322138161a13cdfd2cf522
|
|
Move all Chart.yaml to use apiVersion: 2
Move dependencies from requirements.yaml to Chart.yaml
Changes to all makeFiles
Changes to helm deploy plugin
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Change-Id: I03c5290eee9e40f76eacbf171e774204cf5fb1c0
Issue-ID: OOM-2845
|
|
Use Certinitializer in order to retrieve needed certificates.
It'll also do the retrieval for graphadmin as both microservices are
working together.
Issue-ID: OOM-2691
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iad790cc14361cf15d5a6bf4fcad6fd9f4048a1a7
|
|
Use Certinitializer in order to retrieve needed certificates.
Change ModelLoader also as it needs valid certificate to communicate
with Babel.
Issue-ID: OOM-2693
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I64b8ede24643f942dc99956030c202c50d41ad1e
|
|
Instead of using hardcoded certificates, let's use certInitializer in
order to retrieve them.
Issue-ID: OOM-2695
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I673b3c7b8087c150b1e4c1d522b92ec08260ec09
|
|
Use version 9.0.0 for Istanbul
Also update the doc.
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I03e11799bf487226784c98b04116f005c89d1e70
|
|
|
|
- Add configuration for CPS
- Update OSDF version to 3.0.6
- Update HAS version to 2.2.1.
Issue-ID: OPTFRA-987
Signed-off-by: krishnaa96 <krishna.moorthy6@wipro.com>
Change-Id: I5b2110f131ab50ba7d2617079d2c7f793b3341ae
|
|
Instead of terminating TLS on SO POD, let's terminate it on its Ingress.
This patch uses certInitializer to create the right certificates and put them in
a secret.
This secret is then referenced on SO Ingress.
Issue-ID: SO-3078
Issue-ID: SO-3237
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Icdc8cf6fc84cb3b3c337b4f4e5320980eee06337
|
|
AAF has 4 sub components underneath:
- AAF Authz (for generating, signing the certificates)
- AAF Hello (example on how to use AAF Authz)
- AAF SMS (for storing sensible values in Vault)
- AAF SSHMS (for using TPM devices)
This commits allows to choose which components will be used by default.
As SSHMS is not updated for a while and AAF Hello is an example, we also
disable them.
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6e0fde7b2b413762158c58de94b933182203d9f1
|
|
Discarded obsolete service names (brmsgw, pap, pdp that refer
to the deprecated policy engine) and updated service name
for drools.
Issue-ID: POLICY-3327
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Change-Id: Ifeceabb594c2d1b9cbdf90ca45cf0be5d6aed875
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
|
|
Update the version to 6.1.1
+ required config changes due to Camel
& Spring upgrades & Sonar fixes
Issue-ID: POLICY-3224
Signed-off-by: sebdet <sebastien.determe@intl.att.com>
Change-Id: I7cf2caff461b88326d3ec90c9eea0fd6711f16e5
|
|
Currently, AAF Cassandra is claiming 20Gi of disk.
After boot, use is around 140Mi and after 3 monthes, it's 3.8Gi.
5Gi seems a better value.
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ia4f92709824a441a8d2d23c42d0b0b31f0dae778
|
|
|
|
Instead of using cloudify, use helm directly in order to deploy the
charts.
Change-Id: I6c97862898ab34b63a15b942b1396c0d19179e46
Issue-ID: HOLMES-396
Signed-off-by: GuangrongFu <fu.guangrong@zte.com.cn>
[Adding AAF part and change nodeports]
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
AAF SMS Vault has been seen having 'OOM Killed' pods at start.
Relaxing the limits sets in order to avoid it.
Issue-ID: OOM-2711
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie22bd1e90017207b326faf8b7c6dda23ffe7950a
|
|
Instead of hardcoding certificates inside the container, use cert
initializer in order to retrieve them automatically at start.
Issue-ID: DMAAP-1547
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I7fcb8831539d8d9d5d25bcaae44a3c66672f7b1a
|
|
Updating the documentation and bumping version to 8.0.0
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6f942f1466fed64264c44fb8fc0e1ffc93a98f18
|
|
|
|
Instead of using hardcoded certificates, let's use certInitializer in
order to retrieve them.
Issue-ID: OOM-2696
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6ed12dda660647cd0990c34f51e6c05ed533774a
|
|
- OSDF: 3.0.4
- Fixed NST selection response
- HAS: 2.1.4
- Fixed SDC interface
- Fixed weak cryptography issues
- CMSO: 2.3.2
- Fixed weak cryptography issues
Chart changes
- Remove encrypted password from
CMSO and move it to k8s secret
Issue-ID: OPTFRA-917
Signed-off-by: Krishna Moorthy <krishna.moorthy6@wipro.com>
Change-Id: I1cf272f66f76412d5042fdf3ed3bcf1d461ab254
|
|
Current limits makes vault to throttle and at the end it's not able to
start.
This patch relaxes the CPU limit value so it should be better at start.
Issue-ID: OOM-2230
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I4dc49dc7f0d03ba4140367d985264b7337b52417
|
|
Instead of using hardcoded certificates in the container, let's retrieve
them automatically.
Issue-ID: OOM-2681
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If08469469fecdc8bf86d080980f221e5941a2329
|
|
Current script that retrieve certificates can fail but exit code will be
0. We then add a check in the script in order to avoid such issue
Issue-ID: OOM-2688
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib41c66a4de46db8752f68ef35a2bfb67ca575246
|
|
Use Certinitializer in order to retrieve needed certificates.
Issue-ID: OOM-2680
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I1ec295d863f8f6c0d11e64173b474e82f63e6b17
|
|
Use Certinitializer in order to retrieve needed certificates.
Issue-ID: OOM-2655
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie05936be0f513c76ea4dce31b8a460056b79a4b0
|
|
Instead of having hardocoded certificates, use certManager in order to
retrieve them.
Issue-ID: OOM-2684
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I20df713b7552b27392407db985fd402c259874e4
|
|
Instead of using hardcoded certificates in container, use
certInitializer in order to retrieve them.
Issue-ID: OOM-2682
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I93b7a1a0bddf2540e222ec4406d0cfd12f6f5e5e
|
|
MSB is currently using an hardcoded certificate. In order to follow
SECOMMON requirements, let's use a freshly generated certificate instead
Issue-ID: MSB-521
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I157e44a6e30391c36c0142acfa08604c37b79cc4
|
|
Today, `identities.dat` is put on cassandra deployment. But this file is
actually needed by "working" deployments (at least certman and service)
and not by cassandra.
This patch removes it from cassandra deployments and add it to the other
ones form "authz" family.
Issue-ID: OOM-2678
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I2a4b68f73797cd6c369060481e169525829a4217
|
|
Instead of using an harcoded certificate for AAI Haproxy, let's use
certInitializer in order to have a fresh one.
Issue-ID: OOM-2654
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Id07af4084ae714bc7ba7132b218434229a0ba866
|
|
Instead of keep initialization data into the docker image, we move them
to the chart.
This will simplify adding / removing certificates as no image release
will be necessary, but only a change in OOM which can be directly
tested.
This reverts commit aa950d2ea4afa900c69eb622a776c8830a1c4e33.
Reason for revert: Changed the initial commit in order to make it really
work.
Issue-ID: OOM-2586
Change-Id: I1091d8940a8499503c72bd92ded9a54f08091ee3
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
This commit introduces a template for requesting a cert-manager certificate.
See: https://cert-manager.io.
It consist of the following parts:
- a template for creating certificate in commons component
- a definition of a certifcate object in sdnc component
Issue-ID: OOM-2568
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: If58b8f12eff075d058db5a0fee3b2db5c2c93a17
|
|
Update charts and requirements to 7.0.0.
Create release notes for Guilin
Update documentation
Issue-ID: OOM-2638
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I965ed6b6ebb7d74bfddaff73edd3dd55a657841c
|
|
|
|
This reverts commit a8c57a9bdb75a6778cae512ae83710ad8af361e4.
Reason for revert: AAF on master is broken
Issue-ID: OOM-2586
Change-Id: I0c1cfb2c7be0a8884ca003523d847c3cf0c3ab20
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
|
|
|
|
This commit makes aaf chart to use the new generator for repositories and
images.
As new templates doesn't work well with "sub charts", we move also
subcharts to components folder.
Issue-ID: OOM-2364
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Idcb67c5c96438efd7cee4b0fa3238d5762339b3e
|
|
`registry.hub.docker.com` needs authentication now, in contrary to
previous behavior.
As OOM deployments is unauthenticated when using docker hib repository,
all OOM deployments is broken.
`docker.io` seems to be still OK with unauthenticated requests so let's
move to this endpoint.
Issue-ID: OOM-2636
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iea81b882d347124af22b0a9c408081706b1c6c6d
|
|
The initialization data appear as resources to the chart.
The templates were modified to define ConfigMaps and
Deployment to mount them to the aaf-cass container
when it starts. The existing aaf-cass initialization
script in the image will load the database from these files.
Issue-ID: OOM-2586
Signed-off-by: John J. Franey <john.franey@att.com>
Change-Id: I6be0d4c6739cedfbca5df4ddb527eee2583f74a7
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
|
|
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Change-Id: Id9157f3332870a79575b20ff89558ea875626484
Issue-ID: OOM-2562
|
|
components directory takes up a lot of
space and is included during helm package
Lets remove it using .helmignore
This is just a copy of idea showed in:
"[OOF] Add helmignore to ignore components"
by krishnaa96 <krishna.moorthy6@wipro.com>
Issue-ID: OOM-2534
Suggested-by: krishnaa96 <krishna.moorthy6@wipro.com>
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I25c82e79ba2c472b7761a63365573188ab8db56b
|
|
Helm is now called by HELM_BIN variable which by default is set to helm
and makefiles use helm from path. HELM_BIN can be overwritten so user
can have two version of helm in system and choose which one to use.
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
Change-Id: I0917796aafe234e87afa0ac3c4c15720296276d5
|
|
|
|
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
Change-Id: I11f83a4716b5039e6396a63707f52268db013490
|
|
|
|
|