Age | Commit message (Collapse) | Author | Files | Lines |
|
It's a collection of small enhancements for common templates.
Issue-ID: OOM-1720
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I426f7aed05ea7e94899b9e4888f4e4c66b69cb53
|
|
Pod/Node affinity may be important to set, especially in the context of
statefulset.
These templates helps in order to make it work.
Issue-ID: OOM-1720
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ic2ce2fc1188c4181bd8042b8410c1b810f50bff7
|
|
Update charts and requirements to 7.0.0.
Create release notes for Guilin
Update documentation
Issue-ID: OOM-2638
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I965ed6b6ebb7d74bfddaff73edd3dd55a657841c
|
|
Current repository templates handles only ONAP "nexus" repository
configuration.
So, all images coming from another repository (currently, OOM is using 4
repository, including nexus one) cannot simply be retrieved from another
one.
This commit add new templates, in a specific chart, in order to change
that.
Now, each for repository can be overidden and all 4 can have a
credentials.
Also, in order to minimize global variables, templates aimed to
retrieve usual utility images (busybox, envsubst, readiness, ...) are
created.
Issue-ID: OOM-2634
Change-Id: I27eb33d830d56ec28f9de68599f5108a262983b3
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
[Reduce code size, add missing busyboxRepository]
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Instead of setting TLS termination at POD level, it may be interesting
to terminate it at Ingress level.
This patch add the ability to do that using "Ingress" templates.
In order to achieve it, you need to configure it this way in
`values.yaml`:
```yaml
ingress:
enabled: false
service:
- baseaddr: 'my-endpoint'
name: 'my-service'
port: 8080
config:
tls:
secret: my-service-ingress-certs
```
Secret (here `my-service-ingress-certs`) must follow Kubernetest
`kubernetes.io/tls` type: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
Issue-ID: SO-3078
Issue-ID: SO-3237
Issue-ID: OOM-2609
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I76c0929d53289a581bc26d0d03cc8b9bd72d0fd1
|
|
|
|
Currently sdc-be 8080(http) port is disabled and no longer used,
but the MSB annotation still points to that port so an issue
occurs when a client tries to communicate with SDC via MSB.
This will change the service port to 8443(https) in the annotation,
and also pass 'enable_ssl' param so that MSB will use https
scheme in proxying communication.
Issue-ID: SDC-3314
Signed-off-by: Satoshi Fujii <fujii-satoshi@jp.fujitsu.com>
Change-Id: I0f11fbe55fb21048571b657249b01065a2c0b443
|
|
.Template.BasePath return <component_name>/templates during linting.
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
Change-Id: I9e44eca46334ac4c4d884f2aa71ad197283363a1
|
|
|
|
Helm3 linting check if object name conform Kubernetes naming requirements
Change-Id: I03ac6f4c33048b59d495390a38f4adf6d3afa489
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
|
|
|
|
Change-Id: I69b66828ba23db07c4885ae058e229a0af3e8df2
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
|
|
Helm3 change release name during linting to test-release
Change-Id: Iabc6fc8cd0c9bb6d707d1432d4b9cadaabbbc97e
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
|
|
Replace all calls to common.secret with a faster version to save some
linting time.
Issue-ID: OOM-2248
Change-Id: I3372c87226d5dd8b7468ebed2d77e7ceceba5777
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
|
|
Readiness container v3.x and up are now present in ONAP main repository.
They're also not using root user anymore and then script path has
changed.
Finally, "job_complete" script has been integrated in main "ready"
script.
As those changes are significant, we must upgrade all the components at
once.
Depends-On: I5afa83892043f4844afe12e61724a8d368a9f2e0
Issue-ID: OOM-2545
Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com>
Change-Id: I0b4eb5dd86390273532d67d0a9696e1cfcadf110
|
|
With the introduction of common secret template many of ONAP passwords
started being automatically generated.
The algorithm that we use for this purpose allows to choose the
complexity of generated password. By default we use "long" which
contains special characters. Unfortunately this turns out to often
cause some issue. To make our deployment more stable and user friendly
lets allow the deployer to choose the desired password complexity.
Issue-ID: OOM-2328
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ib7a412e19f6b44f20c8ac388393936cf5d967d4e
|
|
Issue-ID: OOM-2478
Signed-off-by: Krzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com>
Change-Id: I7ec0b7469c1525fc1d73adaa7a8893d6effc6141
|
|
Create Security contexts templates for pod and containers.
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iab9a75627e1c5427ebe8dfb07c59ef1a17198c5e
|
|
Create a template in order to have same readiness check everywhere.
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If3297184564a8e763110a79ff89eb07dfbc9e630
|
|
|
|
Removal of tomcat and zookeeper as per latest music version..
Replaced with cassandra only and spring boot version of music,
adding support for https and running the music container under
a non-root user
Update oof-has music-api configuration, use https
Switch to music-api-springboot for all the ready.py
Issue-ID: MUSIC-572
Signed-off-by: Tschaen, Brendan <ctschaen@att.com>
Change-Id: Idbfac29cb5e9808787b5994e2575f055c292a146
Signed-off-by: vrvarma <vikas.varma@att.com>
|
|
Use the different "common" templates in order to create consistent and
v1.16+ compatible templates for the different resources of AAF
Issue-ID: AAF-1122
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iefc1391211a69b6584ea127066ce430d4f5eb389
|
|
|
|
Add three templates:
* one for creating the sidecar
* one for creating the configmap
* one for creating the volumes
Issue-ID: OOM-2370
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I34ac35a30b3ab892622431ee7c70277bc7b1f41d
|
|
|
|
Add elasticdb as common chart to oom
Issue-ID: SDNC-1061
Signed-off-by: Alexander Dehn <alexander.dehn@highstreet-technologies.com>
Change-Id: Id8c48113b8d4193d7f13991296f0307a29724c01
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
Use the different "common" templates in order to create consistent and
v1.16+ compatible templates for the different resources of DMaaP DR
Node.
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I399b168882d09bd8f08148758a0f683e15ac141c
|
|
OOM uses two node port prefix.
Templates were not able to use the second one.
This patch allows templates to use the second node port prefix and also
to override on a per chart basis the value of the node port prefix.
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I05f43e3dad93d6f0fbf575657ea41082e7c91053
|
|
|
|
|
|
"index" function is bad in term of performance in Helm.
Reworked the templates in order to avoid it.
as certificates are retrieved at every boot (and as already present
certs are deleted before), we don't need persistent storage
Also set aafImage as a global variable in order to have a consistent use
accross ONAP
Issue-ID: EXTAPI-375
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie3f5ae5c2a37d816afc42d2c67ebe8e40e749c79
|
|
Use 6.0.0 in preparation for Frankfurt release
Issue-ID: OOM-2320
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I8ad82dfdf48b56c38c0e85d640b18cc13c8d9e67
|
|
1. Add the possibility to specify a suffix and a specific persistence
information path.
This is useful when a deployment has several PVC
2. Create a template for Volume Claim Templates in Statefulset
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I0ed47818e8f5a73b54f95cb82615adaa03bf8ce8
|
|
Keep HTTP port reachable from inside the server.
Issue-ID: OJSI-101
Change-Id: I0468697d8f3d0192a5d8e102501db0d14633fa86
Signed-off-by: gummar <raj.gumma@est.tech>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
filePaths comes as a list and we didn't "fully support" passing this
variable as a reference to other variable like we do in all other
cases.
Let's fix that and allow both constructs:
secrets:
- name: construct 1
type: generic
filePaths:
- file1
- file2
- name: construct 2
type: generic
filePaths: '{{ .Values.fpaths }}'
fpaths: |
- file1
- file2
- '{{ include "templateThatGeneratesFileName" . }}
Please note the | after : in fpaths. It means that from yaml point of
view this is is a string. We need to do it this way because we pass
this to tpl function and then we need to collect a proper list from it.
Issue-ID: SO-2730
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I5a6b475366bfea4cd0995a7e530bf88cb8ad639e
|
|
|
|
Generic secrets needs filePaths key in their dictionary which was not
correctly handled by previous implementation of secretFast.
Issue-ID: OOM-2051
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Idc1062db5867bd23d580fbe59c90c0ce410151ce
|
|
Resource Metadata template can now have an optional "annotation" field
in dict, which can be useful for post install job for example.
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib25ce4e09a7a51a35cf878e1c1198370e6dd2b20
|
|
It turned out that our current implementation of common secret
template is really heavy which makes onap linitng extremely long.
To improve the situation let's introduce some results caching instead
of processing templates over and over.
For now we cannot simply replace common secret template because in
mariadb-init we generate list of secrets on the fly so we will need
to revisit this fragment later.
Whole series of patches managed to reduce ONAP linting time to 40
mins.
Issue-ID: OOM-2051
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Id2e743147afa37290df19b73feee67621f13f67c
|
|
_labels.tpl:
- support of additional customized labels in
common.labels,
common.matchLabels,
common.selectors
common.templateMetadata
- support of name suffix in common.resourceMetadata
_name.tpl:
- support of name suffix in
common.name,
common.fullname,
common.fullnameExplicit
_service.tpl
- support of additional customized labels in
common.serviceMetadata, common.*service
- support of sessionAffinity in
common.service
New common template:
_aafconfig
- new common template to enable charts for AAF
includes templates for init container, volumemounts, pvc and pv
Issue-ID: SDNC-1088
Change-Id: Icbaa806608f9e1f36f0e47686668ae3632d3f2b0
Signed-off-by: Alexander Dehn <alexander.dehn@highstreet-technologies.com>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
|
|
Issue-ID: OOM-1227
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ia885d54fbb9a9fe1ea8a0dec311f63b11cc028c6
|
|
SO adds some annotations to one of its secres so let's extend the
common secret template with the ability to add annotations.
Issue-ID: OOM-2328
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I4c33d87724b2296852d62e2ddf9061ff4e235157
|
|
Current service and headlessService templates doesn't handle the fact
that out of cluster ports must be TLS encrypted only.
With a new (backward compatible) DSL, this is now possible.
In values.yaml, all ports in service part with port AND plain_port will
have the ability to be HTTP or HTTPS depending on the context.
Per default, they'll be HTTPS.
TLS choice will be done according this table:
| tlsOverride | global.tlsEnabled | global.serviceMesh.enabled | global.serviceMesh.tls | result |
|-------------|-------------------|----------------------------|------------------------|--------|
| not present | not present | not present | any | true |
| not present | not present | false | any | true |
| not present | not present | true | false | true |
| not present | not present | true | true | false |
| not present | true | any | any | true |
| not present | false | any | any | false |
| true | any | any | any | true |
| false | any | any | any | false |
Service template will create one or two service templates according to this table:
| serviceType | both_tls_and_plain | result |
|---------------|--------------------|--------------|
| ClusterIP | any | one Service |
| Not ClusterIP | not present | one Service |
| Not ClusterIP | false | one Service |
| Not ClusterIP | true | two Services |
If two services are created, one is ClusterIP with both crypted and plain
ports and the other one is NodePort (or LoadBalancer) with crypted port only.
Issue-ID: OOM-1936
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If766dd73132022d1a6e578fd36113c461bb91ea5
|
|
Add the ability to specify whether a nodePortPrefix or
nodePortPrefixExt should be used while defining a port using common
service template.
Now you can specify:
ports:
- name: http
port: 9098
nodePort: "09"
prefix: nodePortPrefixExt
Issue-ID: OOM-1971
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ied78584e5b1c8f479ca180890df67ad4dee3501a
|
|
Use common secret template for storing DB credentials
Issue-ID: OOM-2250
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ic640bba21a368cf3dd7d3a712abd13907b86a217
|
|
Proposition of common templates to make service declaration and PV
declaration consistent accross OOM.
Propositions of templates for sub parties of resource definitions
such as metadatas, selector and containerPorts.
I've also made an example with cassandra.
Change-Id: I8b8aa8eb61dafba75e89add1979114a0eefce243
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
|
|
When you type make in kubernetes directory all charts are linted.
If one of them try to generate password whole linting process
ends with an error because masterPassword has not been provided
and there is no default value for it.
To avoid this issue but still don't provide any default value
whcih would be obviously insecure in this context, let's just
test current release name. If it matches "testRelease" we treat whis
as a special case and use predefined master key.
Security implication:
You should never, ever name your productional deployment "testRelease"
nor use it as a master password.
Issue-ID: OOM-2052
Change-Id: I7a2132e81f6910dfea562e8930c7eacd7aa7a00b
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|