| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
This changes fixes postgres data lost that occurs when postgres pods
are restarting.
When crunchy data postgres image starts, it runs /opt/cpm/bin/setenv.sh
script to set PGDATA folder. This script contains:
--
export PGDATA=/pgdata/$HOSTNAME
if [[ -v PGDATA_PATH_OVERRIDE ]]; then
export PGDATA=/pgdata/$PGDATA_PATH_OVERRIDE
fi
--
Since postgres is now a deployment (commit 0b243b600), its pod name is
different on each startup, hence HOSTNAME and PGDATA are also
different each time.
This change is leveraging crunchy data PGDATA_PATH_OVERRIDE environment
variable to set PGDATA to a fixed path. By default, this path is set to
/pgdata/data.
Issue-ID: CPS-271
Change-Id: Icc0f05d64230a98bc21d8f2a74c12c6661e05482
Signed-off-by: Bruno Sakoto <bruno.sakoto@bell.ca>
|
|
|
|
CPS Helm charts added
Issue-ID: CPS-7
Co-authored-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca>
Co-authored-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Co-authored-by: Bruno Sakoto <bruno.sakoto@bell.ca>
Signed-off-by: Claudio David Gasparini <claudio.gasparini@pantheon.tech>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Signed-off-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca>
Signed-off-by: Bruno Sakoto <bruno.sakoto@bell.ca>
Change-Id: I027e5e4b3eec78ce889168f8796d55e6f9fd9be6
Signed-off-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca>
|
|
readiness check can be launched in a lot of various situation.
Especially, it can be runned on deployments / statefulsets where the
user and group are fixed.
But python code underneath can work only when user is set to "onap" as
requirements are installed only for this specific user.
This patch forces the user and group to the desired one.
Issue-ID: OOM-2694
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie70f8e851c30f530fd7a0d6e34ee5bda9274e874
|
|
|
|
The built-in command source is a bashism.
Profiles script must be dotted and not sourced when possible.
Issue-ID: OOM-2688 OOM-2158
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: Id7cad0d499129fa3b7ea020e906748243b1b3ace
|
|
|
|
Instead of having the exact same port number for service and container,
let's allow to use an internal port (usually > 1024) and a service port
(usually 80 or 443).
Issue-ID: OOM-2674
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib90073fc8b069fceed7666778ae0c7b8a8ffcdca
|
|
Current script that retrieve certificates can fail but exit code will be
0. We then add a check in the script in order to avoid such issue
Issue-ID: OOM-2688
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib41c66a4de46db8752f68ef35a2bfb67ca575246
|
|
As for main cassandra chart, with Azure and also some internal
deployments, `nodepool status` takes more than 3 seconds and so
cassandra is not coming up or quite randomly.
This patch gives more room to `nodepool status` to answer.
Issue-ID: OOM-2687
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If6a148a432ed3d83a1e89d38f20fe87e89ab0f57
|
|
With Azure and also some internal deployments, `nodepool status` takes
more than 3 seconds (it can go up to 6 seconds) and so cassandra is not
coming up or quite randomly.
This patch gives more room to `nodepool status` to answer.
Issue-ID: OOM-2687
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I98b0adc751e3cd4fa8710f88567cd8896db548eb
|
|
- correct cmpv2Certificate to take outputType from 'certificates'
- add postStart hook for CertManagerIntegration to make cert dir writable
- add setting ODL_CERT_DIR env
Issue-ID: SDNC-1477
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I4531392cc4f113b173d10a27b98b1fe97d6faa4d
|
|
|
|
Fix so that the useNodePortExt flag is honored when
creating a k8s Service with the service template.
Issue-ID: OOM-2679
Signed-off-by: Jack Lucas <jflos@sonoris.net>
Change-Id: I40ff3ab6df28ee1f9c582dff35a5360f632accbd
|
|
In order to make cassandra behaving smoothly on service mesh, we must
make it listen to 127.0.0.1 but broadcasting the real IP address.
This patch does it.
Issue-ID: OOM-2252
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I2c494a987a7d2d72ddce84ac7fab15bcadbc8cf4
|
|
|
|
Make music to use cert manager to generate
and load the certificates
Issue-ID: OOM-2673
Signed-off-by: Krishna Moorthy <krishna.moorthy6@wipro.com>
Change-Id: I3c655107bebb969f317bcbe87cfc6a55a1821533
|
|
- Create certManagerCertificate chart for Certificate template
- Change default values for duration and renewBefore
- Add creation Secret with keystore password
- Use template in SDNC (add volumes and volumesMounts)
Issue-ID: OOM-2568
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: Ib70d91b599fa6813ed0a6d5b96206508f2fdafcf
|
|
|
|
|
|
Enhance CertServiceAPI response (include CMP server error messages)
Fix KeyUsage extension sent to CMPv2 server
Issue-ID: OOM-2658
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
Change-Id: Ic2c68b85fce08d20e423b316a3234e6f00799a42
|
|
|
|
New TLS part of Ingress templating was broken. This commit fixes it.
Issue-ID: OOM-2609
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I0b9b41e052911ef0064696ac7cf6ca8a274ae1dd
|
|
|
|
Current startup script of etcd checks whether all assumed other nodes
are already running, before proceeding. This check, however, also
includes checking localhost, but due to using headless service
statefulset pod DNS discovery, it doesnt succeed immediately.
In some deployments k8s DNS server may be laggy, thus failing startup
script to finish before liveness check. This patch fixes such failures
of 1 pod etcd clusters, and improves startup time for any size ones.
Signed-off-by: Konrad Bańka <k.banka@samsung.com>
Issue-ID: OOM-2668
Change-Id: I2f9263a0f4964b0a495631775d0cbbceef25e85b
|
|
|
|
Create generic template to simplify CertServiceClient use
Issue-ID: OOM-2568
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I4fb9829b27b1dd13a9e7a098f807710cc5648438
|
|
Today, onboarding custom certificates relies on `bash`. But image used
for that doesn't have bash.
Therefore, we need to use `sh` in order to onboard the certs.
Issue-ID: OOM-2666
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ia8087bd9484a013ac76044681059f634a4e45eb8
|
|
Bitnami init script can automatically choose the node address (which is
the IP address of the container).
Unfortunately, this doesn't work when on dual stack as both IP addresses
with a space are given (see
https://github.com/bitnami/charts/issues/4077).
This patch force the IP address so we can get rid of this issue
Issue-ID: OOM-2661
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I5dd2147df1932b1f0fdde7c2b55585cff45bab68
|
|
This commit makes common template to use the new generator for
repositories and images.
Issue-ID: OOM-2364
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I35123faf99ae3bffea68bc39776f320c4168b45f
|
|
|
|
Genereate names of certificate and secret
Issue-ID: OOM-2568
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: I014df059f348e974f6d222b5d6d1c2416bea0440
|
|
|
|
|
|
This commit makes Readiness Check template to use the new generator for
repositories and images.
Issue-ID: OOM-2364
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6d115a071e11f9e992f04ec2a14595a5aed5401b
|
|
Align Cert Service Api to RFC4210.
Fix Cert Service Client CA_NAME validation.
Fix Cert Service External Provider logging.
Issue-ID: OOM-2656
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I644946b139bd4879e44cdf705eadcc4c2c81a0e2
|
|
This commit introduces a template for requesting a cert-manager certificate.
See: https://cert-manager.io.
It consist of the following parts:
- a template for creating certificate in commons component
- a definition of a certifcate object in sdnc component
Issue-ID: OOM-2568
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: If58b8f12eff075d058db5a0fee3b2db5c2c93a17
|
|
Bitnami mariadb-galera image has a special environment variable that
allows to wait few seconds for mariadb to be fully initialized.
This is especially important when a lot of pods are created in parallel,
like in OOM.
Unfortunately, the variable name used wasn't the good one.
This patch rectifies that
Issue-ID: OOM-1720
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I2f41ec734a45197c40d5adfa9e214ba5e335f44d
|
|
This commit makes CertInitializer template to use the new generator for
repositories and images.
Issue-ID: OOM-2364
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I5efa37225bfe05e2c7be7b8d2420ccaeb10afe62
|
|
|
|
|
|
Mariadb DB Galera containers version is outdated and unmaintained. We
need them to move to a new image provider.
As new image provider is not compatible with our old templates, we
also update the templates (by reworking bitnami mariadb-galera chart).
An update of global mariadb image is also done in order to match mariadb
galera version.
Issue-ID: OOM-1720
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib9976227759e90022183d4f37fc655143be4d6ac
|
|
readinessCheck was only supporting "container" readiness and not "job"
readiness.
This patch adds the ability to wait for job readiness also.
for that, we need to use the "extended" version and set type to `job` as
we can see it the example:
```yaml
wait_for:
name: myname
jobs:
- '{{ include "common.release" . }}-the-job'
```
Issue-ID: OOM-2647
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iee5426995de63ec8fe2f8c61ff9384a314c86db4
|
|
|
|
It's a collection of small enhancements for common templates.
Issue-ID: OOM-1720
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I426f7aed05ea7e94899b9e4888f4e4c66b69cb53
|
|
Instead of globally choosing between virtualhosts and path based
ingress, it's better to allow to choose it per component.
Issue-ID: OOM-2641
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I952826d03722693ebae7c95a083b95bf83752d68
|
|
Pod/Node affinity may be important to set, especially in the context of
statefulset.
These templates helps in order to make it work.
Issue-ID: OOM-1720
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ic2ce2fc1188c4181bd8042b8410c1b810f50bff7
|
|
|
|
Update cert service and cert service client to allow IPAddresses,
E-mails and URIs as SANs.
Update ejbca configuration with IPAddresses, E-mail and URIs.
Fix dcae bp inputs to use comma as SANs delimiter (from to allow
use of IPv6)
Issue-ID: OOM-2559
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I71bea7f63540eb5d345bce6867fa25e098353d6d
|
Krzysztof Opasiak
Bruno Sakoto
Sylvain Desbureaux
puthuparambil.aditya
Guillaume Lambert
Piotr Marcinkiewicz
Jack Lucas
krishnaa96
Joanna Jeremicz
Konrad Bańka
Remigiusz Janeczek
Jan Malkiewicz