Age | Commit message (Collapse) | Author | Files | Lines |
|
Changes requested by Yuriy. Updated Policy URL.
Issue-ID: CCSDK-1307
Signed-off-by: bt2983 <bt2983@att.com>
Change-Id: I8880fdc5a3a3611f036b3277991c5880f250f3f7
|
|
|
|
|
|
Update helm charts to use RC1 version of CCSDK dockers
Issue-ID: CCSDK-2358
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: Id247bdf3442084d724b84ed752956d08868c7ddf
|
|
Add new template that can be used to obtain certificate by
component. Make also a PoC with NBI.
Strongly based on aaf-config template.
Issue-ID: AAF-1134
Change-Id: I10cb2a7b36a8dc436be337518cc15431aabbbc5d
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Removal of tomcat and zookeeper as per latest music version..
Replaced with cassandra only and spring boot version of music,
adding support for https and running the music container under
a non-root user
Update oof-has music-api configuration, use https
Switch to music-api-springboot for all the ready.py
Issue-ID: MUSIC-572
Signed-off-by: Tschaen, Brendan <ctschaen@att.com>
Change-Id: Idbfac29cb5e9808787b5994e2575f055c292a146
Signed-off-by: vrvarma <vikas.varma@att.com>
|
|
ingress template is needed to create ingress.
Issue-ID: OOM-2173
Issue-ID: OOM-2188
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ia957cb25f3f76658affabd148aaa4118b2d7ea0c
|
|
Use the different "common" templates in order to create consistent and
v1.16+ compatible templates for the different resources of AAF
Issue-ID: AAF-1122
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iefc1391211a69b6584ea127066ce430d4f5eb389
|
|
Add Ingress for dgbuilder in common and update SDNC and APPC in order to
use proper configuration.
Issue-ID: OOM-2173
Issue-ID: OOM-2188
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib810ce3f4b3ff2ff3297c39be352d246aef6d7f1
|
|
|
|
derivePassword which we use to generate our passwords includes ' in
set of special characters that can be used in passwords.
Current implementation of bitnami configure-mysql.sh simply
concatenates password surrounded with '' rest of SQL query. This
causes issues if password contains ' as it creates invalid SQL statement.
To fix this issue we just patch the script and escape the special '
character in password.
Issue-ID: OOM-2246
Reported-by: Mateusz Pilat <m.pilat@partner.samsung.com>
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I3d2150760755e55558e2045cbb7ca5693c8ab71f
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
While working on password removal we added a new configuration
node (config.db) which should be used for passing db credentials. Now
when all user are switched to use new config options we can remove
backward compatibility layer and start using new options.
Issue-ID: OOM-2247
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I77876fbfc0a4af18fa36f0e8c5813a5e393a7e09
|
|
|
|
Add three templates:
* one for creating the sidecar
* one for creating the configmap
* one for creating the volumes
Issue-ID: OOM-2370
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I34ac35a30b3ab892622431ee7c70277bc7b1f41d
|
|
|
|
|
|
Add elasticdb as common chart to oom
Issue-ID: SDNC-1061
Signed-off-by: Alexander Dehn <alexander.dehn@highstreet-technologies.com>
Change-Id: Id8c48113b8d4193d7f13991296f0307a29724c01
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
Change-Id: I287b830f86da0fe0adc440cf9e645f8d244aefe1
Issue-ID: OOM-2368
Signed-off-by: afenner <andrew.fenner@est.tech>
|
|
Use the different "common" templates in order to create consistent and
v1.16+ compatible templates for the different resources of DMaaP DR
Node.
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I399b168882d09bd8f08148758a0f683e15ac141c
|
|
|
|
OOM uses two node port prefix.
Templates were not able to use the second one.
This patch allows templates to use the second node port prefix and also
to override on a per chart basis the value of the node port prefix.
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I05f43e3dad93d6f0fbf575657ea41082e7c91053
|
|
The time has come! All ONAP charts use now common secret template at
least for the mariadb-galera root password (and most of them also for
user part). This means that it should be now safe to remove hardcoded
mariadb-galera root password and depend on common secret template to
generate it for every deployment.
No more secretpassword!:D
Issue-ID: OOM-2342
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ib9d8bbcc45bfd85a4d762c716c03dba23d901009
|
|
|
|
|
|
"index" function is bad in term of performance in Helm.
Reworked the templates in order to avoid it.
as certificates are retrieved at every boot (and as already present
certs are deleted before), we don't need persistent storage
Also set aafImage as a global variable in order to have a consistent use
accross ONAP
Issue-ID: EXTAPI-375
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie3f5ae5c2a37d816afc42d2c67ebe8e40e749c79
|
|
Update image versions for SDNC and CCSDK to use Frankfurt
M4 versions
Updated CDS versions to use repaired version 0.7.1
Reverted naming service to El Alto version (0.6.3) as
workaround while startup issue is investigated.
Issue-ID: SDNC-1110
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: Ie76466dd65a3a3dfb0df2aaa13f14c298bbc7c11
|
|
Use 6.0.0 in preparation for Frankfurt release
Issue-ID: OOM-2320
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I8ad82dfdf48b56c38c0e85d640b18cc13c8d9e67
|
|
1. Add the possibility to specify a suffix and a specific persistence
information path.
This is useful when a deployment has several PVC
2. Create a template for Volume Claim Templates in Statefulset
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I0ed47818e8f5a73b54f95cb82615adaa03bf8ce8
|
|
Keep HTTP port reachable from inside the server.
Issue-ID: OJSI-101
Change-Id: I0468697d8f3d0192a5d8e102501db0d14633fa86
Signed-off-by: gummar <raj.gumma@est.tech>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
filePaths comes as a list and we didn't "fully support" passing this
variable as a reference to other variable like we do in all other
cases.
Let's fix that and allow both constructs:
secrets:
- name: construct 1
type: generic
filePaths:
- file1
- file2
- name: construct 2
type: generic
filePaths: '{{ .Values.fpaths }}'
fpaths: |
- file1
- file2
- '{{ include "templateThatGeneratesFileName" . }}
Please note the | after : in fpaths. It means that from yaml point of
view this is is a string. We need to do it this way because we pass
this to tpl function and then we need to collect a proper list from it.
Issue-ID: SO-2730
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I5a6b475366bfea4cd0995a7e530bf88cb8ad639e
|
|
|
|
Generic secrets needs filePaths key in their dictionary which was not
correctly handled by previous implementation of secretFast.
Issue-ID: OOM-2051
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Idc1062db5867bd23d580fbe59c90c0ce410151ce
|
|
Resource Metadata template can now have an optional "annotation" field
in dict, which can be useful for post install job for example.
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib25ce4e09a7a51a35cf878e1c1198370e6dd2b20
|
|
It turned out that our current implementation of common secret
template is really heavy which makes onap linitng extremely long.
To improve the situation let's introduce some results caching instead
of processing templates over and over.
For now we cannot simply replace common secret template because in
mariadb-init we generate list of secrets on the fly so we will need
to revisit this fragment later.
Whole series of patches managed to reduce ONAP linting time to 40
mins.
Issue-ID: OOM-2051
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Id2e743147afa37290df19b73feee67621f13f67c
|
|
_labels.tpl:
- support of additional customized labels in
common.labels,
common.matchLabels,
common.selectors
common.templateMetadata
- support of name suffix in common.resourceMetadata
_name.tpl:
- support of name suffix in
common.name,
common.fullname,
common.fullnameExplicit
_service.tpl
- support of additional customized labels in
common.serviceMetadata, common.*service
- support of sessionAffinity in
common.service
New common template:
_aafconfig
- new common template to enable charts for AAF
includes templates for init container, volumemounts, pvc and pv
Issue-ID: SDNC-1088
Change-Id: Icbaa806608f9e1f36f0e47686668ae3632d3f2b0
Signed-off-by: Alexander Dehn <alexander.dehn@highstreet-technologies.com>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
Postgres image that we are currently using uses sed to replace
passwords placeholders with their actual values at startup time.
This apprach is very fragile and leads to issues if & happens to be a
part of password as it has a special meaning in sed.
To fix this issue let's just extract the setup.sql file from the
container and process it on our own in init container using envsubst
and then mount it to the main container to be used.
Issue-ID: OOM-2317
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ifd51d8f0af0099958caa209185fb7a87a0480bd2
|
|
|
|
Issue-ID: OOM-1227
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ia885d54fbb9a9fe1ea8a0dec311f63b11cc028c6
|
|
SO adds some annotations to one of its secres so let's extend the
common secret template with the ability to add annotations.
Issue-ID: OOM-2328
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I4c33d87724b2296852d62e2ddf9061ff4e235157
|
|
Current service and headlessService templates doesn't handle the fact
that out of cluster ports must be TLS encrypted only.
With a new (backward compatible) DSL, this is now possible.
In values.yaml, all ports in service part with port AND plain_port will
have the ability to be HTTP or HTTPS depending on the context.
Per default, they'll be HTTPS.
TLS choice will be done according this table:
| tlsOverride | global.tlsEnabled | global.serviceMesh.enabled | global.serviceMesh.tls | result |
|-------------|-------------------|----------------------------|------------------------|--------|
| not present | not present | not present | any | true |
| not present | not present | false | any | true |
| not present | not present | true | false | true |
| not present | not present | true | true | false |
| not present | true | any | any | true |
| not present | false | any | any | false |
| true | any | any | any | true |
| false | any | any | any | false |
Service template will create one or two service templates according to this table:
| serviceType | both_tls_and_plain | result |
|---------------|--------------------|--------------|
| ClusterIP | any | one Service |
| Not ClusterIP | not present | one Service |
| Not ClusterIP | false | one Service |
| Not ClusterIP | true | two Services |
If two services are created, one is ClusterIP with both crypted and plain
ports and the other one is NodePort (or LoadBalancer) with crypted port only.
Issue-ID: OOM-1936
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If766dd73132022d1a6e578fd36113c461bb91ea5
|
|
|
|
|
|
Move OOM to use SDC cassandra 3
Issue-ID: SDC-2595
Signed-off-by: shrek2000 <oren.kleks@amdocs.com>
Change-Id: Ie58f3420cad70fbed7931656a98951e69a4b7b4b
Signed-off-by: shrek2000 <oren.kleks@amdocs.com>
|
|
Add the ability to specify whether a nodePortPrefix or
nodePortPrefixExt should be used while defining a port using common
service template.
Now you can specify:
ports:
- name: http
port: 9098
nodePort: "09"
prefix: nodePortPrefixExt
Issue-ID: OOM-1971
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ied78584e5b1c8f479ca180890df67ad4dee3501a
|
|
There is no need to maintain two postgres charts if all components can
work with the newest version so let's remove the legacy one.
Issue-ID: OOM-2310
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I8b399902e37fdec7e55552e7972daaf1c0c74cfe
|
|
Improve usage of common secret template by removing all hardcoded
values and use common mariadb-galera instance.
Issue-ID: OOM-2249
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ia126a0b66d9e61c90114ff688cc52cc5fa4f5d58
|
|
|
|
Use version 10.11 deployed by crunchydata scripts version 4.2.1.
this will:
* remove some CVEs (in particular CVE-2019-10164)
* use UTF-8 as default encoding
Issue-ID: OOM-2290
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6f6ca18b48c435f55f5ffcb88e4f2dc83b758b84
|
|
Taken into account how "easy" it would be to modify the dgbuilder
which is written in JavaScript (which is not my mother tongue to say
the least) let's try to remove hardcoded passwords from config files
without modifying the application container itself.
In order to achieve this:
1) Remove createReleaseDir.sh script from the container as it is never
used and contains a ton of passwords
2) Replace all sensitive values in config files with references to
respective environment variables
3) Introduce init container that will run envsubst command on config
files and copy them from ConfigMap value to the new volume which is
backed by tmpfs so that the plain text passwords are never written to
the disk
For now all the hardcoded values are still there to minimize the risk
of breaking the deployment but step by step they will be removed in
next commits.
Issue-ID: OOM-2247
Change-Id: I5a428e3415713857084ba6aaa6be9b04a8eb8c0f
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
The last line of the template rewrites PVC storage class and thus the
behavior is not the expected one.
This patch removes the faulty (and unecessary) line.
Issue-ID: OOM-1227
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ia0e2f6fbd7d40bbf0de719bbf35f0f0424e1a076
|