summaryrefslogtreecommitdiffstats
path: root/kubernetes/common/certInitializer
AgeCommit message (Collapse)AuthorFilesLines
2022-03-08Merge "[DMAAP] Add pod security context to MR and others"Sylvain Desbureaux1-0/+2
2022-03-03[DMAAP] Add pod security context to MR and othersrope2521-0/+2
Add security context to pods within DMAAP Change-Id: I86f7bd79e77dec33879f4ee3b599799705d40a24 Issue-ID: OOM-2913 Signed-off-by: rope252 <gareth.roper@est.tech>
2022-01-10[COMMON] Added imagePullSecrets to certInitializer jobAndreas Geissler1-0/+2
Added missing definition to use secret for repository access Issue-ID: OOM-2907 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: If0886b2a59df7786c3655851610e1a6b3aca73ff
2021-12-15Merge "[COMMON] Make our common charts compatible with helm 3.7+"Sylvain Desbureaux1-1/+1
2021-12-14[COMMON] Make our common charts compatible with helm 3.7+Krzysztof Opasiak1-1/+1
Helm 3.7.0 introduced a new .Chart variable named IsRoot. In the same time they refactored the representation of .Chart and it no longer is a dictionary but a structure which confuses mergeOverride. In order to keep our tricks working we need to skip .Chart while doing a deepCopy of our current context. Issue-ID: OOM-1 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I230e2ba460ddf09377d8de6c1366d4fd82f764cd
2021-12-09[COMMON] Make namespace configurablexuegao1-3/+10
Make the namespace parameter configurable for CertInitializer and ReadinessCheck Chart Issue-ID: OOM-2888 Signed-off-by: xuegao <xue.gao@intl.att.com> Change-Id: I5bb4e86be935921af1d852d6d7666fb5c8eaf725
2021-12-07[GLOBAL] Migrate to helm v3efiacor2-27/+14
Move all Chart.yaml to use apiVersion: 2 Move dependencies from requirements.yaml to Chart.yaml Changes to all makeFiles Changes to helm deploy plugin Signed-off-by: efiacor <fiachra.corcoran@est.tech> Change-Id: I03c5290eee9e40f76eacbf171e774204cf5fb1c0 Issue-ID: OOM-2845
2021-10-15[COMMON] Bump ONAP versionSylvain Desbureaux2-4/+6
Use version 9.0.0 for Istanbul Also update the doc. Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I03e11799bf487226784c98b04116f005c89d1e70
2021-09-22Merge "[SO] Add TLS configuration for SO API Ingress"Krzysztof Opasiak1-1/+3
2021-09-08[SO] Add TLS configuration for SO API IngressSylvain Desbureaux1-1/+3
Instead of terminating TLS on SO POD, let's terminate it on its Ingress. This patch uses certInitializer to create the right certificates and put them in a secret. This secret is then referenced on SO Ingress. Issue-ID: SO-3078 Issue-ID: SO-3237 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Icdc8cf6fc84cb3b3c337b4f4e5320980eee06337
2021-09-05[OOM] Update Linux SSL Truststore /etc/sslAbdelmuhaimen Seaudi1-0/+3
Add update for /etc/ssl/cacerts/ca-certificates.crt Issue-ID: CCSDK-3356 Change-Id: I797aea054bb80db805f4791a288e89b102e1d662 Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>
2021-05-06Merge "[COMMON][CERTINIT] Generate cert with certInit"Krzysztof Opasiak7-2/+137
2021-05-06[COMMON][CERTS] Allow to provide custom certs easilySylvain Desbureaux2-1/+26
Instead of mandating to provide custom certificates before creation of helm packages, let's propose to include certificates from a known secret or configmap. The current implementation will first search for secret and if not provided will look for configmap. Issue-ID: OOM-2731 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If2f90adc18efe59c0516db9409964a236bd17a66
2021-05-06[COMMON][CERTINIT] Generate cert with certInitSylvain Desbureaux7-2/+137
Some components are http based but want to be usable from outside world. Instead of dealing with TLS part on the component itself, let's use certInitializer to generate a secret with the certs which will be usable by Ingress Issue-ID: SO-3078 Issue-ID: SO-3237 Issue-ID: CPS-281 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If166716d159586b1eb94c111e9d3d82a54c2fd6e
2021-04-13[COMMON] Fix shell scripts missing shebangsGuillaume Lambert1-2/+2
pointed out by checkbashisms. $ tox -e checkbashisms |grep 'interpreter line' | cut -d' ' -f2 |xargs grep -lv '#!/bin/sh' | xargs sed -i -e '1i#!/bin/sh' -e '1i\\' plus manual fixes Issue-ID: OOM-2643 Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com> Change-Id: Ic41fec6ebadd162cecf889f2b119ac82551bd21d
2021-03-24[DOC][COMMON] Prepare Honolulu releaseSylvain Desbureaux2-4/+4
Updating the documentation and bumping version to 8.0.0 Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6f942f1466fed64264c44fb8fc0e1ffc93a98f18
2021-03-03[COMMON] Get rid of a few bashismsGuillaume Lambert1-2/+1
The built-in command source is a bashism. Profiles script must be dotted and not sourced when possible. Issue-ID: OOM-2688 OOM-2158 Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com> Change-Id: Id7cad0d499129fa3b7ea020e906748243b1b3ace
2021-02-27[COMMON][CERTINIT] Fail if cert retrieval failsSylvain Desbureaux4-4/+33
Current script that retrieve certificates can fail but exit code will be 0. We then add a check in the script in order to avoid such issue Issue-ID: OOM-2688 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib41c66a4de46db8752f68ef35a2bfb67ca575246
2021-01-19[COMMON][CERTS] Use sh to onboard custom certsSylvain Desbureaux1-1/+1
Today, onboarding custom certificates relies on `bash`. But image used for that doesn't have bash. Therefore, we need to use `sh` in order to onboard the certs. Issue-ID: OOM-2666 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ia8087bd9484a013ac76044681059f634a4e45eb8
2020-12-17[COMMON][CertInit] Uses new tpls for repos / imagesSylvain Desbureaux3-4/+5
This commit makes CertInitializer template to use the new generator for repositories and images. Issue-ID: OOM-2364 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I5efa37225bfe05e2c7be7b8d2420ccaeb10afe62
2020-11-30[COMMON][DOC] Bump version GuilinSylvain Desbureaux2-3/+3
Update charts and requirements to 7.0.0. Create release notes for Guilin Update documentation Issue-ID: OOM-2638 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I965ed6b6ebb7d74bfddaff73edd3dd55a657841c
2020-10-26[COMMON] allow multiline config for aaf add configSylvain Desbureaux1-1/+1
Use trim function in order to remove the 4 first spaces that breaks configuration when aaf add config is a multiline (a.k.a uses `|`) YAML entry. Issue-ID: OOM-2611 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib53a8a87f896a66ba613d542cfca833804ef1d7a
2020-10-20[COMMON] Move onap truststore to cert-wrapperKrzysztof Opasiak5-2288/+5
certInitializer is included multiple times in number of different projects. If it contains the truststore then under if it is not used it increases the size of the chart itself so that it our final ONAP chart does not fit into default 20 Mb chartmuseum limit. Let's resolve this by moving the configmap and its content to the cert-wrapper which is included only once per onap instance. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I654d9158e7b776c012653dbef2c8091a393635f0
2020-10-20[COMMON] Make certInitializer share truststore among instancesKrzysztof Opasiak3-1/+6
Truststore is quite heavy. If it is included several times in the component it can easily cross helm chart size limit. To fix this issue let's make sure that the truststore is created only once and then shared among all certInitializer instances. Issue-ID: AAF-1134 Change-Id: I546a88fea3fe869748194682e7dcf3ad566282ab Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-09-12[common] Add application mount path to cert initializerkrishnaa962-1/+2
Add new mount path value in values.yaml to specify app mount path Issue-ID: OPTFRA-803 Signed-off-by: krishnaa96 <krishna.moorthy6@wipro.com> Change-Id: I70771e0ab6ec16f7f4cfadcb8448ecfdfb6e8f4b
2020-08-25[COMMON] Enable importing custom certificates to truststore using ↵Jozsef Csongvai3-3/+144
certInitializer ONAP deployments may require the use of custom certificates. Instead of manually adding certificates to the truststore file, users can now add their .pem certificates under certInitializer/resources and have them imported automatically by an init container. The updated truststore can then be mounted to a component by providing a truststoreMountpath. Issue-ID: OOM-2509 Signed-off-by: Jozsef Csongvai <jozsef.csongvai@bell.ca> Change-Id: I896c729143346738e91fa57f895ba48043b253c1
2020-07-16[COMMON] Use readinessCheck template inside certInitializerKrzysztof Opasiak3-20/+10
Instead of manually creating readiness init container let's use our dedicated template for this. Issue-ID: OOM-2511 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Idb112e864b7899e7a1e76d139c6cc6a94851a090
2020-06-02[common] Make sure that we declare repository in certInitializerKrzysztof Opasiak2-1/+2
Not all components declare repository in the global section which may lead to some error when processing just a single component instead of whole onap. To avoid this let's make sure that cerInitializer sets repository url internally. Issue-ID: OOM-2416 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I4fd2a235b188c7ee09d0173dbaa873141187a077
2020-05-20[COMMON] Templates for readinessSylvain Desbureaux1-2/+1
Create a template in order to have same readiness check everywhere. Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If3297184564a8e763110a79ff89eb07dfbc9e630
2020-05-19[COMMON] Fix certInitializer to use proper global valuesKrzysztof Opasiak1-6/+6
One of reasons why certInitializer is a proper chart that you need to put in your requirements.yaml is to avoid copy-pasting the same global values among different charts. As it turned out in tests we've been not "mangling" global values properly while creating $subchartDot. This patch fixes the issue. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I630154c4eedd7192ebb1881e5899c8df495d988b
2020-05-14[COMMON] Fix certInitializerKrzysztof Opasiak1-5/+5
By mistage aaf-agent-certs volume was created only if aaf_add_config option was set. This is incorrect as it should be created always. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I6172d2cbb781db4a26e09b7c4c324e985978b31e
2020-05-06[COMMON] Override truststore in aaf_agent imageKrzysztof Opasiak4-1/+2235
aaf_agent image currently contains hardcoded truststores in order to be able to connect to certman to retrieve certificate for given component. The goal is to remove hardcoded truststore from aaf_agent immage but first we need to be sure that all its users are able to provide the truststore to the pod as a configmap. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ibe9de6ad7264c05aeca2af858918fc2b4d3a772b
2020-05-06[COMMON] Add new template for obtaining certificateKrzysztof Opasiak6-0/+272
Add new template that can be used to obtain certificate by component. Make also a PoC with NBI. Strongly based on aaf-config template. Issue-ID: AAF-1134 Change-Id: I10cb2a7b36a8dc436be337518cc15431aabbbc5d Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>