Age | Commit message (Collapse) | Author | Files | Lines |
|
* changes:
[OOF] Use the common mariadb-galera instance
[COMMON] Add port under mariadb-galera chart
|
|
|
|
pointed out by checkbashisms.
Issue-ID: OOM-2643
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: Ic9c4edc0fc6bd94a95bcb85d84379e868fb09930
|
|
Update mariadb-galera chart to add internalport value under (.Values.
service) to resolve the port settings needed for the template (common.
mariadbPort) under (common/_mariadb.tpl).
This parameter will use the default value of mariadb 3306 which can be
changed in component charts.
Issue-ID: OOM-2773
Signed-off-by: Mahmoud Abdelhamid <mahmoud.abdelhamid@orange.com>
Change-Id: I0d59ba42f07426b14ec7bc7f157392b5f10b9006
|
|
When image repository does not allow anonymous pull, image pull
failed due to empty credentials in docker-registry-key secret.
This change fixes _repository.tpl repository generator to refer to
.global.repositoryCred in override.yaml .
Issue-ID: OOM-2767
Signed-off-by: Satoshi Fujii <fujii-satoshi@jp.fujitsu.com>
Change-Id: I3cd7eabcdda547e99e0461767a0451dc1e51132b
|
|
|
|
Add service account to requirements.yaml, values.yaml and deployment/statefulset
Issue-ID: OOM-2720
Signed-off-by: farida azmy <farida.azmy.ext@orange.com>
Change-Id: Iefe02cad5b2069879d043d17465f248f1f731519
|
|
- Remove cmpv2Certificate chart in order to deprecate CertService
client mechanism.
- Remove CertServiceClient init containers in SDNC.
- Replace CMPv2CertManagerIntegration with cmpv2Enabled flag
Issue-ID: OOM-2744
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I8c818fcf64a029552c8833f68b6ae95fad379c8d
|
|
- etcd-init chart will provision the users
and roles in a running etcd instance
- Change etcd container name for readiness
init container to work
Issue-ID: OOM-2746
Signed-off-by: krishnaa96 <krishna.moorthy6@wipro.com>
Change-Id: I0cb6d3830b0048c4d70f381815bd3f858ec31ae7
|
|
|
|
pointed out by checkbashisms.
Note this kind of indirections can only be replaced directly in POSIX
by commands using eval.
Security risks must be evaluated for each context where eval is called.
For a safe use, the context must ensure that only a limited number of
possible constrainted values are passed to eval.
https://mywiki.wooledge.org/Bashism#Parameter_Expansions
https://mywiki.wooledge.org/BashFAQ/006#Indirection
Issue-ID: OOM-264
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: Id27f3ffd1ddb092a9c038d3a45d9e3278720eb62
|
|
|
|
As part of removing GPLv3 license, policy components have moved from
bash to sh. This change is required in import-custom-certs script so
that custom certificates can be imported into components that try to
import them. Without this change, the init containers of the
components will just fail.
Change-Id: I6c5028428d4cd7c8baf3e96cb16a3cd91db57f9e
Issue-ID: POLICY-3232
Signed-off-by: a.sreekumar <ajith.sreekumar@bell.ca>
|
|
Generic change for all common services by adding ipFamilyPolicy field.
Dual Stack service exposure will be provided depending on k8s version (v1.20+).
Signed-off-by: Magdalena Biernacka <magdalena.1.biernacka@nokia.com>
Issue-ID: OOM-2749
Change-Id: Ia7236705010e625c19a22e42ec9a02c9f75a0ec5
|
|
pointed out by checkbashisms
$ mycmd=$(tox -e checkbashisms
| grep '(\[\[ foo \]\] should be \[ foo \])'
| sed -e "s@^[^.]*\(.[^ ]*\) line \([0-9]*\) .*@sed -i '\2s/\\\[\\\[\\\(
[^]]*\\\)\\\]\\\]/[\\\1]/g' \1;@")
$ eval $mycmd
plus fix manually quoting hells induced and bash specific regex
and multi-conditions
Issue-ID: OOM-2643
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: Ie7ca5b71938fae22c200b7fead418618160fbe19
|
|
Instead of long initial delay on readiness and liveness probes, use
startup probes and be more aggressive on readiness and liveness.
Also, decrease number of replicas from 3 to 1
Issue-ID: OOM-2742
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ideb0ede251332e182b975ff18ca5a75bcbff2351
|
|
|
|
|
|
Instead of creating all roles every time with service account chart,
let's just create the specific ones for a chart and point to default one
for the three default roles.
In order to lighten serviceAccount chart, whole logic for default role
creation is in `roles-wrapper`.
Issue-ID: OOM-2729
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib4d6a2669ca7d747320a4bccb65aac863eb60956
|
|
|
|
|
|
- Add mounting certificates in pem format.
- Add comment description to certificates in dcae values
Issue-ID: DCAEGEN2-2688
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I546292c33e25e36376b98d42e08a3c4ffa95de64
|
|
|
|
|
|
Add support for CMPv2 certificates in dcaegen2-services-common
template
Add CMPv2 certificates to HV-VES and VES charts
Issue-ID: DCAEGEN2-2688
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I6ade2c24f240872e78df92ca31b30c779f86e38b
|
|
|
|
|
|
Instead of long initial delay on readiness and liveness probes, use
startup probes and be more aggressive on readiness and liveness.
Issue-ID: OOM-2740
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I86015a4a0c4ab313929c5bd103dedced1df88ec3
|
|
After 3 monthes, usage of Cassandra disk is 8Gi.
Moving PVC Claim to 10Gi in order to satisfy this.
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If8de6fecdbbc49d588e4234a62f91f319531fca4
|
|
Update common.mariadbService definition under _mariadb.tpl to use the
proper name of DB in case of local installation
Issue-ID: OOM-2736
Signed-off-by: Mahmoud Abdelhamid <mahmoud.abdelhamid@orange.com>
Change-Id: I454915d493f692076eadbf6ccd69c2d93f36ffc4
|
|
|
|
|
|
|
|
With stability tests, we see that mariadb gets OOM killed and has some
CPU throttling.
Putting higher limits in order to make it no happen.
Scaling also replicas from VFC and APPC db from 3 to 1.
Issue-ID: INT-1883
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I2699b34ac5fcaa805c6fc01592c5a5f607b17fae
|
|
Instead of mandating to provide custom certificates before creation of
helm packages, let's propose to include certificates from a known
secret or configmap.
The current implementation will first search for secret and if not
provided will look for configmap.
Issue-ID: OOM-2731
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If2f90adc18efe59c0516db9409964a236bd17a66
|
|
Some components are http based but want to be usable from outside world.
Instead of dealing with TLS part on the component itself, let's use
certInitializer to generate a secret with the certs which will be usable
by Ingress
Issue-ID: SO-3078
Issue-ID: SO-3237
Issue-ID: CPS-281
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If166716d159586b1eb94c111e9d3d82a54c2fd6e
|
|
Instead of long initial delay on readiness and liveness probes, use
startup probes and be more aggressive on readiness and liveness.
Issue-ID: OOM-2741
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If60f345fd1e11fd1419cee58efb7d53e56dc5c79
|
|
As retrieving values is now done via a generic script, let's clean a
little bit cert retrieval in order to remove unneeded part.
Issue-ID: OOM-2688
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I9da14ac5079b2888352bccb8eae984c8421d900f
|
|
Template enhanced to include policy sidecar
support for DCAE components
Issue-ID: DCAEGEN2-2689
Change-Id: Ida7eeadbcc2df2af9579fdda939d0427a7963b63
Signed-off-by: vv770d <vv770d@att.com>
|
|
|
|
|
|
Camunda has given a guide in order to configure camunda
(https://docs.camunda.org/manual/latest/user-guide/process-engine/database/mariadb-galera-configuration/).
Applying it to ONAP camunda configuration.
gitlint-ignore: B1, body-max-line-length
Issue-ID: INT-1883
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie0cb1c70e4271496ffd5e51ce1d816785f88689f
|
|
Utilize Cert-Manager to secure communication between
Cert-Service and its clients, adjust templates and
configs.
Issue-ID: OOM-2712
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I96426b1a184b4d254575e76d29214d9deda08cce
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
|
|
Instead of creating a truststore nobody is using when using AAF, let's
reuse AAF truststore and onboard certs in it.
Issue-ID: OOM-2730
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Idb1af0357e286d9536c5d16f592068b61f885b0a
|
|
|
|
pointed out by checkbashisms.
$ mycmd=$(tox -e checkbashisms | grep "(should be 'b = a')" | sed -e
"s@^[^.]*\(.[^ ]*\) line \([0-9]*\) .*@sed -i -e '\2s/==/=/g' \1;@")
$ eval $mycmd
Issue-ID: OOM-2643
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: I9032130bc4717e111de11a73187c2f1052376e45
|
|
pointed out by checkbashisms.
$ mycmd=$(tox -e checkbashisms | grep "^possible .*'function' is useless
" | sed -e "s@^[^.]*\(.[^ ]*\) line \([0-9]*\) .*@sed -i -e '\2s/functio
n \\\([^ ()]*\\\) *(\\\?)\\\?/\\\1 ()/\' -e '\2s/(){/() {/' \1;@")
$ eval $mycmd
Issue-ID: OOM-2643
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: Ic41c8ba8288b7a90db9f5775cd601c09ff2ab663
|
|
|
|
%s should be used instead of %d to printf strings.
Even though with %d everything works perfectly fine (as we just need
any string) let's fix this.
Issue-ID: OOM-2328
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I338c47b0f2a82c698c44579737f698b1f19ade38
|
|
pointed out by checkbashisms.
$ tox -e checkbashisms |grep 'interpreter line' | cut -d' ' -f2
|xargs grep -lv '#!/bin/sh' | xargs sed -i -e '1i#!/bin/sh' -e '1i\\'
plus manual fixes
Issue-ID: OOM-2643
Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
Change-Id: Ic41fec6ebadd162cecf889f2b119ac82551bd21d
|