summaryrefslogtreecommitdiffstats
path: root/kubernetes/common
AgeCommit message (Collapse)AuthorFilesLines
2021-11-10Merge "[AAI][BABEL] Remove Hardcoded certificates"Krzysztof Opasiak2-0/+6
2021-11-10Merge "Revert "[COMMON] Changed mongo storage location to enable persistance""Krzysztof Opasiak1-1/+1
2021-11-10[AAI][BABEL] Remove Hardcoded certificatesSylvain Desbureaux2-0/+6
Use Certinitializer in order to retrieve needed certificates. Change ModelLoader also as it needs valid certificate to communicate with Babel. Issue-ID: OOM-2693 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I64b8ede24643f942dc99956030c202c50d41ad1e
2021-11-09Revert "[COMMON] Changed mongo storage location to enable persistance"Sylvain Desbureaux1-1/+1
This reverts commit 0d9469d87c6173b20097499fea54013bd0f8169c. Reason for revert: it seems to not work in a lot of environments Issue-ID: OOM-2864 Change-Id: Ie7847f4522e3ac4ff7ef3e2de0021b7b2382aa33 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2021-11-08Merge "[ETCD] Give full FQDN name for etcd"Krzysztof Opasiak2-1/+2
2021-11-08Merge "[COMMON] Changed mongo storage location to enable persistance"Sylvain Desbureaux1-1/+1
2021-11-05[COMMON] Changed mongo storage location to enable persistanceAndreas Geissler1-1/+1
Changed the volume mounted from /var/lib/mongo to /data/db, which is the default storage location of mongo Issue-ID: OOM-2864 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: Id054b36a9f8abea676e70511812d2aeb151d47e0
2021-11-02[COMMON] Add resources to log sidecar templateMaciej Wereski1-0/+7
Filebeat sidecar containers in many cases has resources set. As a result, in many components resources section is added manually, after usage of log template. This commit solves this situation Issue-ID: OOM-1 Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com> Change-Id: I725a38eb9d4dffcc017c24399436ddfccdb91123
2021-10-31[CCSDK] Workaround for naming service host name verification issueDan Timoney2-1/+4
The naming service query to policy manager is failing host name verification. While this issue is under investigation, it can be worked around by configuring the naming service to disable host name verification. This requires a new version of the network-name-gen microservice (1.2.1), and a change to set a new env variable to disable host name verification (enabled by default if this variable is unset). Issue-ID: CCSDK-3501 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: Ia471cd27ce16b6e79a3ce6708e08c7d5f239feb3
2021-10-31Merge "[SDNC] Bump version for Istanbul RC"Sylvain Desbureaux1-1/+1
2021-10-31[SDNC] Bump version for Istanbul RCDan Timoney1-1/+1
Bump version of SDNC and CCSDK images for Istanbul RC milestone. Issue-ID: SDNC-1615 Issue-ID: CCSDK-3483 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: Id3a3627765e5623aa6cd8bffbfad1679ae6afef6
2021-10-29[COMMON] Log: add ability to set ConfigMap name in volumesMaciej Wereski1-2/+4
In case where subchart uses ConfigMap that was defined in parent chart, wrong chart name will be generated. This change allows to workaround that issue by supplying own prefix instead of generated one. Issue-ID: OOM-1 Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com> Change-Id: Ieed19d46e4205cd5b23b4c74af19c618a6e48466
2021-10-29[ETCD] Give full FQDN name for etcdSylvain Desbureaux2-1/+2
Some Kubernetes deployments needs the full fqdn and not just the first part in order to make etcd statefulset to work. Issue-ID: OPTFRA-981 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Idf384d2c65b13f64885429181c4fa2eba5ac4282
2021-10-15[COMMON] Bump ONAP versionSylvain Desbureaux54-93/+140
Use version 9.0.0 for Istanbul Also update the doc. Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I03e11799bf487226784c98b04116f005c89d1e70
2021-10-15Merge "[COMMON] Fix timescaledb volume permission issue"Sylvain Desbureaux1-0/+16
2021-10-15Merge "[CPS] Use common postgres for CPS"Sylvain Desbureaux9-2/+339
2021-10-13[COMMON] Fix timescaledb volume permission issueRenu Kumari1-0/+16
- Added init-container to change mounted volume permission Issue-ID: CPS-667 Signed-off-by: Renu Kumari <renu.kumari@bell.ca> Change-Id: I3161400cbcf2de88580ea768c97212a2983f5fff
2021-10-12[CPS] Use common postgres for CPSAbdelmuhaimen Seaudi9-2/+339
Add option for CPS to use common postgres Issue-ID: OOM-2839 Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com> Change-Id: Ida133999f26cf50d59103aa30a90c97fba3e66a0
2021-10-12Merge "[COMMON] Add limits to timescale db"Sylvain Desbureaux2-31/+31
2021-10-11Merge "[DCAEGEN2] Update chart with service account"Krzysztof Opasiak1-1/+15
2021-10-10[DCAEGEN2] Update chart with service accountfarida azmy1-1/+15
Add service account to requirements.yaml, values.yaml and deployment/statefulset. Issue-ID: OOM-2726 Signed-off-by: farida azmy <farida.azmy.ext@orange.com> Co-authored-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6bafed3c621f4e7b1a307bc9338334586eb6795e Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>
2021-10-10[COMMON] Add limits to timescale dbRenu Kumari2-31/+31
- Added resources limit similar to postgres in the timescaledb - Using common.podSecurityContext - removed init-container and it is handled by kubernetes if fsGroup is provided Issue-ID: CPS-667 Signed-off-by: Renu Kumari <renu.kumari@bell.ca> Change-Id: I944cc93526d0d89f32840450121c1ff608fdd4c5
2021-10-10[SDNC] Bump versions for IstanbulDan Timoney2-2/+2
Bump image versions for SDNC for Istanbul release Issue-ID: SDNC-1609 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: Iecfb133ce8563ccfabf1a38af9d8c26d99d398f4
2021-10-04Merge "[COMMON] Update root certificates"Krzysztof Opasiak1-2172/+2719
2021-10-04Merge "[COMMON] Add and run pre-commit linters via tox"Sylvain Desbureaux1-3/+3
2021-10-01[COMMON] Update root certificatesSylvain Desbureaux1-2172/+2719
ONAP truststore is outdated so let's use one from Java 17 + add ONAP root CA. Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If8a7dbf4c876ce89cf04080a97a7f67803d66c5f
2021-09-30[COMMON] Run timescale with postgres userBruno Sakoto2-2/+16
Timescale container is ran with postgres user and group which are defined with uid 70 and gid 70. Data volume owner is changed for postgres. See also: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ Issue-ID: CPS-667 Signed-off-by: Bruno Sakoto <bruno.sakoto@bell.ca> Change-Id: Ia87922ba68bb47a7a07aaf61f368143d970278b6
2021-09-26[COMMON] Add and run pre-commit linters via toxguillaume.lambert1-3/+3
- create a .pre-commit-config.yaml configuration file with * gitlint * trailing blanks linter * tabs removal linter - exclude .git folder from it - exclude Makefiles since tabs are mandatory by default in them - create a tox pre-commit profile to run it from tox note gitlint is not runnable at this pre-commit stage - create pre-commit-install and pre-commit-uninstall tox profiles to (un)install hooks locally and (un)perform tests at each "git commit" call (i.e. without calling manually the pre-commit tox profile) - precise pre-commit stages/types in the pre-commit configuration file so that hooks are installed correctly. This avoids messages about skipped tests when they are run at a wrong stage. Issue-ID: OOM-2643 Signed-off-by: guillaume.lambert <guillaume.lambert@orange.com> Change-Id: Ie95bb4f6f90be80b05a1398973caffeff7936881
2021-09-24Merge "[COMMON] Enforce checkbashisms tox profile"Krzysztof Opasiak3-4/+4
2021-09-22[COMMON] Fix genericKV cache generationKrzysztof Opasiak1-1/+10
Make sure that the envs sections gets tpl and cached properly. Issue-ID: OOM-1 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I4064bdf3204a61a30b7296503c99e7931bae8cd2
2021-09-22Merge "[SO] Add TLS configuration for SO API Ingress"Krzysztof Opasiak1-1/+3
2021-09-22[COMMON] Enforce checkbashisms tox profileGuillaume Lambert3-4/+4
- add checkbahims to tox.ini default profiles - remove -f options to unforce bashisms detection in explicit bash scripts and to differentiate treatments between bash and sh - migrate #!/bin/bash shebangs to #!/bin/sh for scripts without bashisms The following scripts have not been migrated since they still use bashisms difficult to migrate (mostly arrays - more details below) ./kubernetes/common/mariadb-init/resources/config/db_init.sh ./kubernetes/portal/components/portal-mariadb/resources/config/ \ mariadb/docker-entrypoint.sh ./kubernetes/helm/plugins/deploy/deploy.sh ./kubernetes/helm/plugins/undeploy/undeploy.sh ./kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh $ find . -not -path '*/\.*' -name *.sh -exec checkbashisms -f {} + 2>&1\ | grep line | cut -d' ' -f 7- | sort | uniq -c | sort -k1,1nr 18 (bash arrays, ${name[0|*|@]}): 2 (declare): 1 ($FUNCNAME): 1 (shopt): 1 (trap with ERR|DEBUG|RETURN): https://mywiki.wooledge.org/Bashism#Arrays https://mywiki.wooledge.org/Bashism#Special_Variables https://mywiki.wooledge.org/Bashism#Builtins https://www.oilshell.org/release/0.5.alpha2/test/spec.wwz/builtin-trap.html Issue-ID: OOM-2643 Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com> Change-Id: Id06ad1d45004321a293bdd26038d8da5f7b6b4ac
2021-09-21Merge "[COMMON] Replace tabs by 4 ws in shell scripts"Sylvain Desbureaux1-44/+44
2021-09-21Merge "[COMMON] Fix db-metrics readiness timeout issue"Sylvain Desbureaux2-6/+31
2021-09-20[COMMON] Replace tabs by 4 ws in shell scriptsguillaume.lambert1-44/+44
with the following command $ find . -not -path '*/\.*' -name *.sh -exec sed -i 's/\t/ /g' {} + then realign manually what deserves it and in particular, unindent some EOF scripting tags so they do not trigger errors. Issue-ID: OOM-2643 Signed-off-by: guillaume.lambert <guillaume.lambert@orange.com> Change-Id: Ibfa463ec8083d5a39de18a54d9c1d8746710fe03
2021-09-16Merge "[OOM] Fix Feed Provisioning for DFC"Sylvain Desbureaux1-1/+1
2021-09-16[COMMON] Fix db-metrics readiness timeout issuea.sreekumar2-6/+31
DB connection from Policy Framework components fail intermittently with Connection refused error. Upon investigation, identified that mariadb-metrics readiness is failing with timeout, and thereby affecting the db connectivity intermittently. So, changing readiness timeout from 1 second to 5 seconds so that there is enough time to get back the /metrics response and readiness can pass. Also making the properties configurable. Similar issue could happen in other components too. Change-Id: I8dfbfeb0fe791c1bce373dd9d7124d26457c4919 Issue-ID: POLICY-3637 Signed-off-by: a.sreekumar <ajith.sreekumar@bell.ca>
2021-09-14Merge "[AAI] Service Mesh compatibility"Sylvain Desbureaux2-0/+22
2021-09-13[AAI] Service Mesh compatibilityosk114612-0/+22
This patch makes AAI to work on service mesh by removing https calls from everywhere. It allows also to use AAI on an environment without need of TLS. Issue-ID: OOM-2670 Signed-off-by: Ondrej Frindrich <ondrej1.frindrich@orange.com> Change-Id: I19adabc7b33c1ada243ec16f77dbf8fde19b1386
2021-09-13[CPS] Charts added for repo cps-cps-temporalputhuparambil.aditya10-0/+398
cps-temporal component added for cps-temporal-db and cps-temporal(application) Issue-ID: CPS-482 Signed-off-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca> Change-Id: I91998e0d2e9f953f8579ee40d1670199155d3396
2021-09-10[OOM] Fix Feed Provisioning for DFCajay_dp0011-1/+1
Cmd :"grep -o '"logURL":"[^"]*' "$file" | cut -d '"' -f4" filters more then one logURL like below from feedConfig response log, If both subs/pubs are present, which corrupts application config. https://dmaap-dr-prov/feedlog/1 https://dmaap-dr-prov/sublog/1 Requirement is to filter only feedlog URL, with changes script should correctly filter URL: https://dmaap-dr-prov/feedlog/1. Issue-ID: DCAEGEN2-2910 Signed-off-by: ajay_dp001 <ajay.deep.singh@est.tech> Change-Id: I2a67aad5c533f1b623737f56feeefb3a05f6373a
2021-09-09Merge "[OOM] Update Linux SSL Truststore /etc/ssl"Sylvain Desbureaux2-0/+16
2021-09-09Merge "[CONTRIB] Introduce certificate update use case in CertService"Sylvain Desbureaux1-1/+1
2021-09-08[SO] Add TLS configuration for SO API IngressSylvain Desbureaux1-1/+3
Instead of terminating TLS on SO POD, let's terminate it on its Ingress. This patch uses certInitializer to create the right certificates and put them in a secret. This secret is then referenced on SO Ingress. Issue-ID: SO-3078 Issue-ID: SO-3237 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Icdc8cf6fc84cb3b3c337b4f4e5320980eee06337
2021-09-07[COMMON] Fix bashisms in import-custom-certguillaume.lambert1-5/+4
Bashisms of type (should be 'b = a') were all fixed previously but a new one was reintroduced during the fixes of other types. Also commit f79b6676cfdc380e004f184a21bb969b2824c06e moved import-custom-cert shebang from bash to sh but substring syntaxes similar to ${f: -4} and only supported by bash were not migrated. Let's fix that alltogether before enforcing the checkbashisms tox profile. Issue-ID: OOM-2643 Issue-ID: POLICY-3232 Signed-off-by: guillaume.lambert <guillaume.lambert@orange.com> Change-Id: Ie9b5ac1c2edd9ddf3574f09c77ca8734f2311d1d
2021-09-06[CONTRIB] Introduce certificate update use case in CertServicePiotr Marcinkiewicz1-1/+1
1. Make changes in order to allow performing KUR/CR in EJBCA: - Add Certificate Update Admin role - Enable EndEntityAuthentication module - Create and set CA with constant UID - Add configuration for provider. 2. Update CertService, which provides with new certificate update endpoint. 3. Update release-notes. Issue-ID: OOM-2753 Issue-ID: OOM-2754 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I9cb0cb4d6d6939ad229a4ea254f2bc35d45a3d52 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
2021-09-06[COMMON] Add prometheus service monitor templateMarat Salakhutdinov2-35/+169
Add prometheus service monitor template to common charts so that components can reuse it to enable scraping of their metrics by prometheus. Issue-ID: OOM-2710 Signed-off-by: Marat Salakhutdinov <marat.salakhutdinov@bell.ca> Change-Id: Ifa8da676dec05192c518ba97208df60e5ec46f55
2021-09-05[OOM] Update Linux SSL Truststore /etc/sslAbdelmuhaimen Seaudi2-0/+16
Add update for /etc/ssl/cacerts/ca-certificates.crt Issue-ID: CCSDK-3356 Change-Id: I797aea054bb80db805f4791a288e89b102e1d662 Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>
2021-09-01Merge "[DCAE] Helm charts for SNMPTrap collector"Sylvain Desbureaux1-1/+15
2021-08-31Merge "[COMMON] Fix ${p^^} bashisms"Krzysztof Opasiak2-4/+4