aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/common
AgeCommit message (Collapse)AuthorFilesLines
2020-09-11[COMMON] Allow to set default password complexityKrzysztof Opasiak1-1/+14
With the introduction of common secret template many of ONAP passwords started being automatically generated. The algorithm that we use for this purpose allows to choose the complexity of generated password. By default we use "long" which contains special characters. Unfortunately this turns out to often cause some issue. To make our deployment more stable and user friendly lets allow the deployer to choose the desired password complexity. Issue-ID: OOM-2328 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ib7a412e19f6b44f20c8ac388393936cf5d967d4e (cherry picked from commit f5ee1c5aa533c47f93b091eafb366c4185b4ab49)
2020-09-08[CLAMP,COMMON] Escape special chars in mysql passwordsKrzysztof Opasiak1-2/+3
Fix both clamp and common mariadb-galera instances to make sure that special characters in passwords are escaped properly. Issue-ID: OOM-2328 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Iee48523d36d404ad7b21515f0d205f2f60a507ed (cherry picked from commit 7860146d73472e3b2ff9f7390638ae608c9f9d0f)
2020-07-16[CCSDK] Add hardcoded dgbuilder certificatesDan Timoney6-0/+76
Add hard coded certificate for CCSDK dgbuilder (design time tool) Issue-ID: CCSDK-2541 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: I9fe61a1bdf17cbdf22a3d518ded27582e86c2c07
2020-07-06[COMMON] Allow to use ' in mariadb-initKrzysztof Opasiak1-1/+4
' is one of characters that are placed in passwords by our default password generation algorith. As ' is a special character in SQL we need to escape it before concatenating it with SQL command. Let's also add set -e to fail if any of databases has not been created Issue-ID: OOM-2436 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ida8c75639eaa4049e3f874d30666f1fe4dc02e12 (cherry picked from commit c5dac87fa301247928211d5944be22ae14bcd534)
2020-06-25Revert "[COMMON] add pre upgrade script for mariadb-galera"Sylvain Desbureaux6-323/+3
This reverts commit f5993cdff9c9d873966d24e7987094fee4d13f0d. Reason for revert: upgrade script is not working well in all situations Issue-ID: INT-1633 Change-Id: Ic743f36fac73315eb10189e82cda80aa60e49af8 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-06-10[COMMON] add pre upgrade script for mariadb-galeratringuyen6-3/+323
When upgrading from a version to another, it may be impossible to do it "simply" because of changes in immutable properties of statefulsets. We change that here by creating a temporary deployment which will hold the whole databases during the time the old statefulset gets destroyed and the new one gets created. Issue-ID: OOM-2316 Signed-off-by: tringuyen <tri.nguyen@tatacommunications.com> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I318d72830d5002f50597e23e0753e292f8b47c53 (cherry picked from commit eb9eb59171a43d25fb012aaad0a1d37ca86bc2bf)
2020-06-03[common] Make sure that we declare repository in certInitializerKrzysztof Opasiak2-1/+2
Not all components declare repository in the global section which may lead to some error when processing just a single component instead of whole onap. To avoid this let's make sure that cerInitializer sets repository url internally. Issue-ID: OOM-2416 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I4fd2a235b188c7ee09d0173dbaa873141187a077 (cherry picked from commit 1b6861577c9b0a67e14ce70b1ddecc2e70db88ca)
2020-06-01Update SDNC/CCSDK to Frankfurt RC2 versionsDan Timoney1-1/+1
Update versions for SDNC and CCSDK dockers to reflect Frankfurt RC2 versions. Issue-ID: SDNC-1171 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: Iaf34379550d148a164341dac6c44fa20926b8ccb (cherry picked from commit 830b85f4e37b11136e473182f64ed5612e5edb72)
2020-05-29[COMMON] Use common aaf template in elasticsearchKrzysztof Opasiak4-60/+26
Instead of copy-pasting code around aaf_agent usage let's use a common template that automates this. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I9b3c7aab73186c0bf1dfaa5fe21cf2f001ca8619
2020-05-29[COMMON] Fix certInitializer to use proper global valuesKrzysztof Opasiak1-6/+6
One of reasons why certInitializer is a proper chart that you need to put in your requirements.yaml is to avoid copy-pasting the same global values among different charts. As it turned out in tests we've been not "mangling" global values properly while creating $subchartDot. This patch fixes the issue. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I630154c4eedd7192ebb1881e5899c8df495d988b
2020-05-29[COMMON] Fix certInitializerKrzysztof Opasiak1-5/+4
By mistage aaf-agent-certs volume was created only if aaf_add_config option was set. This is incorrect as it should be created always. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I6172d2cbb781db4a26e09b7c4c324e985978b31e (cherry picked from commit 108483cae4831bb99e11d0c7df9dad8621b202ff)
2020-05-29[COMMON] Override truststore in aaf_agent imageKrzysztof Opasiak4-1/+2235
aaf_agent image currently contains hardcoded truststores in order to be able to connect to certman to retrieve certificate for given component. The goal is to remove hardcoded truststore from aaf_agent immage but first we need to be sure that all its users are able to provide the truststore to the pod as a configmap. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ibe9de6ad7264c05aeca2af858918fc2b4d3a772b (cherry picked from commit 95a5f84069703c583e49028b37003c73c03cc07d)
2020-05-28Merge "[COMMON] Allow to use ' in postgres passwords" into frankfurtSylvain Desbureaux1-4/+11
2020-05-26[COMMON] Allow to use ' in postgres passwordsKrzysztof Opasiak1-4/+11
' is one of characters that are placed in passwords by our default password generation algorith. As ' is a special character in SQL files we need to escape it before substituting environment variables in .sql file. Issue-ID: OOM-2317 Reported-by: Fiachra Corcoran <fiachra.corcoran@est.tech> Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I970eaf03fbcbfa8cb68df4a06ee27503d02d896a (cherry picked from commit b0a2d3b3628166dc2dba34a6984cc36b8f821fe0)
2020-05-26Naming micro-service - Helm chart values updates.bt29832-3/+17
Changes requested by Yuriy. Moved policy password to secrets. Issue-ID: CCSDK-1307 Signed-off-by: bt2983 <bt2983@att.com> Change-Id: Ibec80f147ad1f7623b5915afd0072f7add76ef9f (cherry picked from commit 91566f00ca5ad9d76ff658f05fc8596ab481287a)
2020-05-22Naming micro-service - Helm chart values updates.bt29831-1/+1
Changes requested by Yuriy. Updated Policy URL. Issue-ID: CCSDK-1307 Signed-off-by: bt2983 <bt2983@att.com> Change-Id: I8880fdc5a3a3611f036b3277991c5880f250f3f7 (cherry picked from commit 06961eb7abf0b71206f414e8a2456e0801e32ed0)
2020-05-18Merge "[COMMON] Use "" instead of {} as a default value to avoid warning" ↵Sylvain Desbureaux1-1/+1
into frankfurt
2020-05-18[COMMON] Enable password generation in postgresKrzysztof Opasiak1-3/+3
Issue-ID: OOM-2250 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ibad1e8d523d2a182d2f43e1ae2b46fff07c11e01 (cherry picked from commit b51ee37db0bf164fb24961c5f1146e22ea245dfa)
2020-05-18[COMMON] Use "" instead of {} as a default value to avoid warningKrzysztof Opasiak1-1/+1
After we upgraded our helm version we started getting below issues with emails: Warning: Merging destination map for chart 'curator'. Overwriting table item 'image', with non table value: onap/sdnc-image:1.8.2 To fix this let's just use "" instead of () for our daily operations. Issue-ID: OOM-2412 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I5f2c215c281036a7eb921d6a805527c807a4aca9 (cherry picked from commit 8953675506f4b3807502a3be73b846ab5fe79c67)
2020-05-12[Tree-wide] Make chart build process predictibleKrzysztof Opasiak13-17/+16
ONAP is built using plain makefile rules. List of targets is generated using wildcard function. Based on make changelog: http://git.savannah.gnu.org/cgit/make.git/tree/NEWS since version 3.82 wildcard is not going to sort its results which means that charts are being processed in an arbitrary order which may lead to build failure due to missing dependencies. Since version 4.3 make started sorting the wildcard results once again which may lead to build issues. To avoid that and make our builds predictible independently from Makefile version let's make sure that we always sort wildcard results. Addinally let's use 'file://' instead of '@local' for charts in common to resolve dependencies between them. Issue-ID: OOM-2399 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Iacb02dcdbd577ce0e9ca1078dd0586d296ec9375 (cherry picked from commit aae2da91becf5f1f56329d49656c1ad634917cba)
2020-05-07Merge "[AAF] v1.16+ compatible templates"Krzysztof Opasiak1-0/+14
2020-05-07Merge "[COMMON] Add new template for obtaining certificate"Sylvain Desbureaux6-0/+272
2020-05-06Use RC1 version of CCSDK artifactsDan Timoney1-1/+1
Update helm charts to use RC1 version of CCSDK dockers Issue-ID: CCSDK-2358 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: Id247bdf3442084d724b84ed752956d08868c7ddf
2020-05-06[COMMON] Add new template for obtaining certificateKrzysztof Opasiak6-0/+272
Add new template that can be used to obtain certificate by component. Make also a PoC with NBI. Strongly based on aaf-config template. Issue-ID: AAF-1134 Change-Id: I10cb2a7b36a8dc436be337518cc15431aabbbc5d Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-05-05MUSIC spring boot helm charts (music-sb)Tschaen, Brendan31-1159/+725
Removal of tomcat and zookeeper as per latest music version.. Replaced with cassandra only and spring boot version of music, adding support for https and running the music container under a non-root user Update oof-has music-api configuration, use https Switch to music-api-springboot for all the ready.py Issue-ID: MUSIC-572 Signed-off-by: Tschaen, Brendan <ctschaen@att.com> Change-Id: Idbfac29cb5e9808787b5994e2575f055c292a146 Signed-off-by: vrvarma <vikas.varma@att.com>
2020-05-05[COMMON] add missing ingress templateSylvain Desbureaux1-0/+15
ingress template is needed to create ingress. Issue-ID: OOM-2173 Issue-ID: OOM-2188 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ia957cb25f3f76658affabd148aaa4118b2d7ea0c
2020-05-04[AAF] v1.16+ compatible templatesSylvain Desbureaux1-0/+14
Use the different "common" templates in order to create consistent and v1.16+ compatible templates for the different resources of AAF Issue-ID: AAF-1122 Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Iefc1391211a69b6584ea127066ce430d4f5eb389
2020-05-04[COMMON|APPC|SDNC] add Ingress to dgbuilderSylvain Desbureaux1-0/+6
Add Ingress for dgbuilder in common and update SDNC and APPC in order to use proper configuration. Issue-ID: OOM-2173 Issue-ID: OOM-2188 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib810ce3f4b3ff2ff3297c39be352d246aef6d7f1
2020-04-30Merge "[COMMON] Switch dgbuilder chart to new API"Krzysztof Opasiak1-4/+2
2020-04-27[COMMON] Allow to use ' in mysql passwordsKrzysztof Opasiak3-1/+111
derivePassword which we use to generate our passwords includes ' in set of special characters that can be used in passwords. Current implementation of bitnami configure-mysql.sh simply concatenates password surrounded with '' rest of SQL query. This causes issues if password contains ' as it creates invalid SQL statement. To fix this issue we just patch the script and escape the special ' character in password. Issue-ID: OOM-2246 Reported-by: Mateusz Pilat <m.pilat@partner.samsung.com> Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I3d2150760755e55558e2045cbb7ca5693c8ab71f Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-04-24[COMMON] Switch dgbuilder chart to new APIKrzysztof Opasiak1-4/+2
While working on password removal we added a new configuration node (config.db) which should be used for passing db credentials. Now when all user are switched to use new config options we can remove backward compatibility layer and start using new options. Issue-ID: OOM-2247 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I77876fbfc0a4af18fa36f0e8c5813a5e393a7e09
2020-04-22Merge "[COMMON] templates for centralized logs"Krzysztof Opasiak1-0/+53
2020-04-22[COMMON] templates for centralized logsSylvain Desbureaux1-0/+53
Add three templates: * one for creating the sidecar * one for creating the configmap * one for creating the volumes Issue-ID: OOM-2370 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I34ac35a30b3ab892622431ee7c70277bc7b1f41d
2020-04-20Merge "[DMaaP DR Node] v1.16+ compatible templates"Krzysztof Opasiak1-0/+30
2020-04-20Merge "[COMMON] helm chart for elastic db"Krzysztof Opasiak36-4/+2255
2020-04-20[COMMON] helm chart for elastic dbAlexander Dehn36-4/+2255
Add elasticdb as common chart to oom Issue-ID: SDNC-1061 Signed-off-by: Alexander Dehn <alexander.dehn@highstreet-technologies.com> Change-Id: Id8c48113b8d4193d7f13991296f0307a29724c01 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-04-17Add repository for cassandra imageafenner1-1/+1
Change-Id: I287b830f86da0fe0adc440cf9e645f8d244aefe1 Issue-ID: OOM-2368 Signed-off-by: afenner <andrew.fenner@est.tech>
2020-04-16[DMaaP DR Node] v1.16+ compatible templatesSylvain Desbureaux1-0/+30
Use the different "common" templates in order to create consistent and v1.16+ compatible templates for the different resources of DMaaP DR Node. Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I399b168882d09bd8f08148758a0f683e15ac141c
2020-04-15Merge "[COMMON] Remove hardcoded mariadb-galera password"Sylvain Desbureaux1-1/+1
2020-04-14[COMMON] Allow use of second Node Port PrefixSylvain Desbureaux1-1/+32
OOM uses two node port prefix. Templates were not able to use the second one. This patch allows templates to use the second node port prefix and also to override on a per chart basis the value of the node port prefix. Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I05f43e3dad93d6f0fbf575657ea41082e7c91053
2020-04-14[COMMON] Remove hardcoded mariadb-galera passwordKrzysztof Opasiak1-1/+1
The time has come! All ONAP charts use now common secret template at least for the mariadb-galera root password (and most of them also for user part). This means that it should be now safe to remove hardcoded mariadb-galera root password and depend on common secret template to generate it for every deployment. No more secretpassword!:D Issue-ID: OOM-2342 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ib9d8bbcc45bfd85a4d762c716c03dba23d901009
2020-04-03Merge "[COMMON] Faster aafConfig template"Krzysztof Opasiak1-123/+45
2020-04-03Merge "[COMMON] More versatile templates for storage"Krzysztof Opasiak1-45/+199
2020-04-03[COMMON] Faster aafConfig templateSylvain Desbureaux1-123/+45
"index" function is bad in term of performance in Helm. Reworked the templates in order to avoid it. as certificates are retrieved at every boot (and as already present certs are deleted before), we don't need persistent storage Also set aafImage as a global variable in order to have a consistent use accross ONAP Issue-ID: EXTAPI-375 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ie3f5ae5c2a37d816afc42d2c67ebe8e40e749c79
2020-04-02Use released Frankfurt M4 images for SDNC and CCSDKDan Timoney1-1/+1
Update image versions for SDNC and CCSDK to use Frankfurt M4 versions Updated CDS versions to use repaired version 0.7.1 Reverted naming service to El Alto version (0.6.3) as workaround while startup issue is investigated. Issue-ID: SDNC-1110 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: Ie76466dd65a3a3dfb0df2aaa13f14c298bbc7c11
2020-04-02Bump chart versionSylvain Desbureaux25-27/+27
Use 6.0.0 in preparation for Frankfurt release Issue-ID: OOM-2320 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I8ad82dfdf48b56c38c0e85d640b18cc13c8d9e67
2020-04-01[COMMON] More versatile templates for storageSylvain Desbureaux1-45/+199
1. Add the possibility to specify a suffix and a specific persistence information path. This is useful when a deployment has several PVC 2. Create a template for Volume Claim Templates in Statefulset Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I0ed47818e8f5a73b54f95cb82615adaa03bf8ce8
2020-04-01[SDC BE] Remove HTTP node port 30205gummar1-7/+12
Keep HTTP port reachable from inside the server. Issue-ID: OJSI-101 Change-Id: I0468697d8f3d0192a5d8e102501db0d14633fa86 Signed-off-by: gummar <raj.gumma@est.tech> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-03-31[COMMON] Allow to include filePaths as a reference to variableKrzysztof Opasiak1-1/+13
filePaths comes as a list and we didn't "fully support" passing this variable as a reference to other variable like we do in all other cases. Let's fix that and allow both constructs: secrets: - name: construct 1 type: generic filePaths: - file1 - file2 - name: construct 2 type: generic filePaths: '{{ .Values.fpaths }}' fpaths: | - file1 - file2 - '{{ include "templateThatGeneratesFileName" . }} Please note the | after : in fpaths. It means that from yaml point of view this is is a string. We need to do it this way because we pass this to tpl function and then we need to collect a proper list from it. Issue-ID: SO-2730 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I5a6b475366bfea4cd0995a7e530bf88cb8ad639e
2020-03-26Merge "[COMMON] Handle generic secrets in secretFast"Krzysztof Opasiak1-1/+4