summaryrefslogtreecommitdiffstats
path: root/kubernetes/common
AgeCommit message (Collapse)AuthorFilesLines
2021-05-26[COMMON] Fix ${!name} bashismsGuillaume Lambert2-4/+15
pointed out by checkbashisms. Note this kind of indirections can only be replaced directly in POSIX by commands using eval. Security risks must be evaluated for each context where eval is called. For a safe use, the context must ensure that only a limited number of possible constrainted values are passed to eval. https://mywiki.wooledge.org/Bashism#Parameter_Expansions https://mywiki.wooledge.org/BashFAQ/006#Indirection Issue-ID: OOM-264 Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com> Change-Id: Id27f3ffd1ddb092a9c038d3a45d9e3278720eb62
2021-05-21Merge "[COMMON] Change import-custom-cert from bash to sh"Sylvain Desbureaux1-2/+2
2021-05-19[COMMON] Change import-custom-cert from bash to sha.sreekumar1-2/+2
As part of removing GPLv3 license, policy components have moved from bash to sh. This change is required in import-custom-certs script so that custom certificates can be imported into components that try to import them. Without this change, the init containers of the components will just fail. Change-Id: I6c5028428d4cd7c8baf3e96cb16a3cd91db57f9e Issue-ID: POLICY-3232 Signed-off-by: a.sreekumar <ajith.sreekumar@bell.ca>
2021-05-19[COMMON] Enhance ONAP common-service template - add IPv4/IPv6 supportUbuntu1-0/+5
Generic change for all common services by adding ipFamilyPolicy field. Dual Stack service exposure will be provided depending on k8s version (v1.20+). Signed-off-by: Magdalena Biernacka <magdalena.1.biernacka@nokia.com> Issue-ID: OOM-2749 Change-Id: Ia7236705010e625c19a22e42ec9a02c9f75a0ec5
2021-05-12[MUSIC][CASSANDRA] Use Startup probesSylvain Desbureaux3-10/+23
Instead of long initial delay on readiness and liveness probes, use startup probes and be more aggressive on readiness and liveness. Also, decrease number of replicas from 3 to 1 Issue-ID: OOM-2742 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ideb0ede251332e182b975ff18ca5a75bcbff2351
2021-05-12Merge "[COMMON][ROLES] Create default roles once"Krzysztof Opasiak9-85/+194
2021-05-11Merge "[COMMON] Update _mariadb.tpl to use the proper db"Krzysztof Opasiak1-1/+1
2021-05-11[COMMON][ROLES] Create default roles onceSylvain Desbureaux9-85/+194
Instead of creating all roles every time with service account chart, let's just create the specific ones for a chart and point to default one for the three default roles. In order to lighten serviceAccount chart, whole logic for default role creation is in `roles-wrapper`. Issue-ID: OOM-2729 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib4d6a2669ca7d747320a4bccb65aac863eb60956
2021-05-11Merge "[DCAEGEN2] Add pem support in CMPv2 for dcaegen2-services"Sylvain Desbureaux1-2/+14
2021-05-11Merge "[COMMON] Add custom certs into AAF truststore"Krzysztof Opasiak1-1/+2
2021-05-10[DCAEGEN2] Add pem support in CMPv2 for dcaegen2-servicesPiotr Marcinkiewicz1-2/+14
- Add mounting certificates in pem format. - Add comment description to certificates in dcae values Issue-ID: DCAEGEN2-2688 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I546292c33e25e36376b98d42e08a3c4ffa95de64
2021-05-10Merge "[DCAEGEN2] Add CMPv2 support to dcaegen2-services"Krzysztof Opasiak1-1/+48
2021-05-10Merge "[COMMON][CASSANDRA] Higher PVC Claim for Cassandra"Krzysztof Opasiak1-1/+1
2021-05-10[DCAEGEN2] Add CMPv2 support to dcaegen2-servicesRemigiusz Janeczek1-1/+48
Add support for CMPv2 certificates in dcaegen2-services-common template Add CMPv2 certificates to HV-VES and VES charts Issue-ID: DCAEGEN2-2688 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I6ade2c24f240872e78df92ca31b30c779f86e38b
2021-05-10Merge "[COMMON][MARIADB] Use Startup probes"Krzysztof Opasiak2-6/+29
2021-05-10Merge "[COMMON][MARIADB] Give higher requests/limits"Krzysztof Opasiak1-6/+6
2021-05-08[COMMON][MARIADB] Use Startup probesSylvain Desbureaux2-6/+29
Instead of long initial delay on readiness and liveness probes, use startup probes and be more aggressive on readiness and liveness. Issue-ID: OOM-2740 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I86015a4a0c4ab313929c5bd103dedced1df88ec3
2021-05-07[COMMON][CASSANDRA] Higher PVC Claim for CassandraSylvain Desbureaux1-1/+1
After 3 monthes, usage of Cassandra disk is 8Gi. Moving PVC Claim to 10Gi in order to satisfy this. Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If8de6fecdbbc49d588e4234a62f91f319531fca4
2021-05-07[COMMON] Update _mariadb.tpl to use the proper dbMahmoud Abdelhamid1-1/+1
Update common.mariadbService definition under _mariadb.tpl to use the proper name of DB in case of local installation Issue-ID: OOM-2736 Signed-off-by: Mahmoud Abdelhamid <mahmoud.abdelhamid@orange.com> Change-Id: I454915d493f692076eadbf6ccd69c2d93f36ffc4
2021-05-06Merge "[COMMON][CERTINIT] Generate cert with certInit"Krzysztof Opasiak7-2/+137
2021-05-06Merge "[COMMON][CASSANDRA] Use Startup probes"Krzysztof Opasiak2-4/+22
2021-05-06Merge "[COMMON][CERTS] Allow to provide custom certs easily"Krzysztof Opasiak3-1/+34
2021-05-06[COMMON][MARIADB] Give higher requests/limitsSylvain Desbureaux1-6/+6
With stability tests, we see that mariadb gets OOM killed and has some CPU throttling. Putting higher limits in order to make it no happen. Scaling also replicas from VFC and APPC db from 3 to 1. Issue-ID: INT-1883 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I2699b34ac5fcaa805c6fc01592c5a5f607b17fae
2021-05-06[COMMON][CERTS] Allow to provide custom certs easilySylvain Desbureaux3-1/+34
Instead of mandating to provide custom certificates before creation of helm packages, let's propose to include certificates from a known secret or configmap. The current implementation will first search for secret and if not provided will look for configmap. Issue-ID: OOM-2731 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If2f90adc18efe59c0516db9409964a236bd17a66
2021-05-06[COMMON][CERTINIT] Generate cert with certInitSylvain Desbureaux7-2/+137
Some components are http based but want to be usable from outside world. Instead of dealing with TLS part on the component itself, let's use certInitializer to generate a secret with the certs which will be usable by Ingress Issue-ID: SO-3078 Issue-ID: SO-3237 Issue-ID: CPS-281 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If166716d159586b1eb94c111e9d3d82a54c2fd6e
2021-05-06[COMMON][CASSANDRA] Use Startup probesSylvain Desbureaux2-4/+22
Instead of long initial delay on readiness and liveness probes, use startup probes and be more aggressive on readiness and liveness. Issue-ID: OOM-2741 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If60f345fd1e11fd1419cee58efb7d53e56dc5c79
2021-05-06[COMMON][MUSIC] Simplify cert retrieval scriptSylvain Desbureaux1-2/+1
As retrieving values is now done via a generic script, let's clean a little bit cert retrieval in order to remove unneeded part. Issue-ID: OOM-2688 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I9da14ac5079b2888352bccb8eae984c8421d900f
2021-04-30[DCAE] Common template update for policy sidecarvv770d2-1/+8
Template enhanced to include policy sidecar support for DCAE components Issue-ID: DCAEGEN2-2689 Change-Id: Ida7eeadbcc2df2af9579fdda939d0427a7963b63 Signed-off-by: vv770d <vv770d@att.com>
2021-04-27Merge "[COMMON] Fix condition equality bashisms"Krzysztof Opasiak3-9/+9
2021-04-27Merge "[PLATFORM] Generate Cert-Service certs with Cert-Manager"Sylvain Desbureaux6-62/+74
2021-04-26[COMMON][MARIADB] Align conf with camunda needsSylvain Desbureaux1-0/+6
Camunda has given a guide in order to configure camunda (https://docs.camunda.org/manual/latest/user-guide/process-engine/database/mariadb-galera-configuration/). Applying it to ONAP camunda configuration. gitlint-ignore: B1, body-max-line-length Issue-ID: INT-1883 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ie0cb1c70e4271496ffd5e51ce1d816785f88689f
2021-04-22[PLATFORM] Generate Cert-Service certs with Cert-ManagerPiotr Marcinkiewicz6-62/+74
Utilize Cert-Manager to secure communication between Cert-Service and its clients, adjust templates and configs. Issue-ID: OOM-2712 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I96426b1a184b4d254575e76d29214d9deda08cce Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
2021-04-19[COMMON] Add custom certs into AAF truststoreSylvain Desbureaux1-1/+2
Instead of creating a truststore nobody is using when using AAF, let's reuse AAF truststore and onboard certs in it. Issue-ID: OOM-2730 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Idb1af0357e286d9536c5d16f592068b61f885b0a
2021-04-19Merge "[COMMON] Fix function declarations bashisms"Sylvain Desbureaux1-2/+2
2021-04-16[COMMON] Fix condition equality bashismsGuillaume Lambert3-9/+9
pointed out by checkbashisms. $ mycmd=$(tox -e checkbashisms | grep "(should be 'b = a')" | sed -e "s@^[^.]*\(.[^ ]*\) line \([0-9]*\) .*@sed -i -e '\2s/==/=/g' \1;@") $ eval $mycmd Issue-ID: OOM-2643 Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com> Change-Id: I9032130bc4717e111de11a73187c2f1052376e45
2021-04-14[COMMON] Fix function declarations bashismsGuillaume Lambert1-2/+2
pointed out by checkbashisms. $ mycmd=$(tox -e checkbashisms | grep "^possible .*'function' is useless " | sed -e "s@^[^.]*\(.[^ ]*\) line \([0-9]*\) .*@sed -i -e '\2s/functio n \\\([^ ()]*\\\) *(\\\?)\\\?/\\\1 ()/\' -e '\2s/(){/() {/' \1;@") $ eval $mycmd Issue-ID: OOM-2643 Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com> Change-Id: Ic41c8ba8288b7a90db9f5775cd601c09ff2ab663
2021-04-14Merge "[COMMON] Use proper format specifiers to printf masterPassword"Sylvain Desbureaux1-3/+3
2021-04-13[COMMON] Use proper format specifiers to printf masterPasswordKrzysztof Opasiak1-3/+3
%s should be used instead of %d to printf strings. Even though with %d everything works perfectly fine (as we just need any string) let's fix this. Issue-ID: OOM-2328 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I338c47b0f2a82c698c44579737f698b1f19ade38
2021-04-13[COMMON] Fix shell scripts missing shebangsGuillaume Lambert1-2/+2
pointed out by checkbashisms. $ tox -e checkbashisms |grep 'interpreter line' | cut -d' ' -f2 |xargs grep -lv '#!/bin/sh' | xargs sed -i -e '1i#!/bin/sh' -e '1i\\' plus manual fixes Issue-ID: OOM-2643 Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com> Change-Id: Ic41fec6ebadd162cecf889f2b119ac82551bd21d
2021-04-01Merge "[DMAAP] Fix scaling logic for message router kafka and zookeeper"Sylvain Desbureaux1-0/+34
2021-03-31[CCSDK-SDNC] Bump versions for HonoluluDan Timoney2-2/+2
Bump versions of CCSDK (including CDS) and SDNC images for SDNC Honolulu release. Fixed issues found in CDS command-executor and py-executor pods. Added missing env variable settings. Issue-ID: CCSDK-3125 Issue-ID: SDNC-1473 Issue-ID: CCSDK-3192 Issue-ID: CCSDK-3197 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: Id3bbe696313c568dc9ffb328715a7fc572330411
2021-03-31[DMAAP] Fix scaling logic for message router kafka and zookeeperMarat Salakhutdinov1-0/+34
Currently if we want to scale message router kafka and zookeeper we need to do manual changes in charts to make it work. With this patch all can be done with override files. Issue-ID: OOM-2613 Signed-off-by: Marat Salakhutdinov <marat.salakhutdinov@bell.ca> Change-Id: I1782dca26f964f33c250520ee2e187619cee0e5e
2021-03-25Merge "[DOC][COMMON] Prepare Honolulu release"Krzysztof Opasiak48-83/+82
2021-03-24[ONAP] Upgrade crunchy imageTomasz Pietruszkiewicz2-1/+5
Set the newest version of crunchy-postgres image. In this image python 2.x was replaced by python 3.x. The crunchy-postgres image is used in few projects in the ONAP, not only in vnfsdk. Change-Id: I1799b6be66312d2418878533775c741b286bec61 Issue-ID: VNFSDK-647 Signed-off-by: Tomasz Pietruszkiewicz <tomasz.pietruszkiewicz@nokia.com>
2021-03-24[DOC][COMMON] Prepare Honolulu releaseSylvain Desbureaux48-83/+82
Updating the documentation and bumping version to 8.0.0 Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6f942f1466fed64264c44fb8fc0e1ffc93a98f18
2021-03-09Merge "[COMMON] Fix postgres data persistence"Krzysztof Opasiak2-0/+5
2021-03-08[COMMON] Fix postgres data persistenceBruno Sakoto2-0/+5
This changes fixes postgres data lost that occurs when postgres pods are restarting. When crunchy data postgres image starts, it runs /opt/cpm/bin/setenv.sh script to set PGDATA folder. This script contains: -- export PGDATA=/pgdata/$HOSTNAME if [[ -v PGDATA_PATH_OVERRIDE ]]; then export PGDATA=/pgdata/$PGDATA_PATH_OVERRIDE fi -- Since postgres is now a deployment (commit 0b243b600), its pod name is different on each startup, hence HOSTNAME and PGDATA are also different each time. This change is leveraging crunchy data PGDATA_PATH_OVERRIDE environment variable to set PGDATA to a fixed path. By default, this path is set to /pgdata/data. Issue-ID: CPS-271 Change-Id: Icc0f05d64230a98bc21d8f2a74c12c6661e05482 Signed-off-by: Bruno Sakoto <bruno.sakoto@bell.ca>
2021-03-08Merge "[COMMON] Get rid of a few bashisms"Sylvain Desbureaux2-3/+2
2021-03-03[CPS] Configuration Persistence Service Chartsputhuparambil.aditya1-0/+3
CPS Helm charts added Issue-ID: CPS-7 Co-authored-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca> Co-authored-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Co-authored-by: Bruno Sakoto <bruno.sakoto@bell.ca> Signed-off-by: Claudio David Gasparini <claudio.gasparini@pantheon.tech> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Signed-off-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca> Signed-off-by: Bruno Sakoto <bruno.sakoto@bell.ca> Change-Id: I027e5e4b3eec78ce889168f8796d55e6f9fd9be6 Signed-off-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca>
2021-03-03[COMMON][READINESS] Fix user and groupSylvain Desbureaux2-0/+6
readiness check can be launched in a lot of various situation. Especially, it can be runned on deployments / statefulsets where the user and group are fixed. But python code underneath can work only when user is set to "onap" as requirements are installed only for this specific user. This patch forces the user and group to the desired one. Issue-ID: OOM-2694 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ie70f8e851c30f530fd7a0d6e34ee5bda9274e874