Age | Commit message (Collapse) | Author | Files | Lines |
|
We have stability issues with MariaDB (which didn't occur on istanbul).
Issue-ID: OOM-2963
Signed-off-by: Michal Jagiello <michal.jagiello@t-mobile.pl>
Change-Id: I23b31db06dd87a45a47c8b2741b36e6387e5d1ec
|
|
Deploy a 2 node replica strimzi kafka cluster
Reduce MR kafka to 1 replica
Add kafka ready check to cps-temporal
Update readthedocs with strimzi prerequisite
Modify deploy.sh to deploy the strimzi kafka in advance
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Change-Id: I87e54ad69a174174cb86f096c07d58878e3ab14e
Issue-ID: DMAAP-1621
|
|
OOF HAS controller uses Python oslo library to manage config files.
In Python configuration files dollar sign ($) is used to reference other values.
If that sign is in generated password container can't parse configuration file
and exits with error.
Basic password strength means it will use only alphanumberic characters.
Issue-ID: OPTFRA-1028
Signed-off-by: Michal Jagiello <michal.jagiello@t-mobile.pl>
Change-Id: Id31d6f21f22dab93386ea36e2aa026f70367c2e0
|
|
|
|
|
|
|
|
Use busybox 1.34.1 image for Jakarta
Issue-ID: SECCOM-271
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I9c03855a610577fe396095ae7e631d22c75d22f8
|
|
Use kubectl 1.22.4 image for Jakarta
Issue-ID: SECCOM-271
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I4501f5a91f0fe7d9b75abf7fdaaaf7405433fb16
|
|
Use nginx 1.21.4 image for Jakarta
Issue-ID: SECCOM-271
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I2a391697c066a45845a45f605db1c578684e1feb
|
|
AAF SMS is importing secrets in vault. CPS secret can be retrieved only
if cps is enabled.
this patch allows to disable CPS import in AAF SMS
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib33d2fe05bb6e13fb6322138161a13cdfd2cf522
|
|
Adding basic requirements for Service Mesh Compliance within SDC.
Change-Id: Ib9104ef2e8b6daf0b9b529288cee158b297ce9e4
Issue-ID: OOM-2253
Signed-off-by: rope252 <gareth.roper@est.tech>
Signed-off-by: othman touijer <othman.touijer@soprasteria.com>
|
|
Use version 10.6.5-debian-10-r28 instead of 10.6.5.
Also align clamp and so to use the same version as the other ones
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie1db09b03daa1bb7792ee0ff6a73bd3483213e75
|
|
|
|
|
|
Use onap/integration-java11 11.0.0 image for Jakarta
Issue-ID: SECCOM-271
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Id5aab493eebae3787d636c6a771c58d0b9d98558
|
|
Use curl 7.80.0 image for Jakarta
Issue-ID: SECCOM-271
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ieb288a29acd36bacec9a36e06717514adce04bd3
|
|
Bump version to the one asked by SECCOM.
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I99a4c1e412a2288b595d78470dc433466586529b
|
|
Integration team believes that it will have no impact
assuming that ESR is not used directly.
Some AAI API mentions ESR but no direct call to ESR in the tests.
This gate shall prove it or not...
Issue-ID: INT-1972
Signed-off-by: morganrol <morgan.richomme@orange.com>
Change-Id: If37199dc25fa9c268baa1dc88921aa22d6cb7277
|
|
|
|
Introduction of chartmuseum as internal repo for
ONAP components to push/pull charts post instantiation
+ Script to preload charts to this repo
Change-Id: I4880900548dfe1d3e47a67b3822f82a15314b5b7
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
Issue-ID: DCAEGEN2-2630
Issue-ID: OOM-2734
Issue-ID: INT-1895
Issue-ID: DCAEGEN2-2694
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
Signed-off-by: vv770d <vv770d@att.com>
|
|
- Remove cmpv2Certificate chart in order to deprecate CertService
client mechanism.
- Remove CertServiceClient init containers in SDNC.
- Replace CMPv2CertManagerIntegration with cmpv2Enabled flag
Issue-ID: OOM-2744
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I8c818fcf64a029552c8833f68b6ae95fad379c8d
|
|
Instead of creating all roles every time with service account chart,
let's just create the specific ones for a chart and point to default one
for the three default roles.
In order to lighten serviceAccount chart, whole logic for default role
creation is in `roles-wrapper`.
Issue-ID: OOM-2729
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib4d6a2669ca7d747320a4bccb65aac863eb60956
|
|
Utilize Cert-Manager to secure communication between
Cert-Service and its clients, adjust templates and
configs.
Issue-ID: OOM-2712
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I96426b1a184b4d254575e76d29214d9deda08cce
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
|
|
Instead of using cloudify, use helm directly in order to deploy the
charts.
Change-Id: I6c97862898ab34b63a15b942b1396c0d19179e46
Issue-ID: HOLMES-396
Signed-off-by: GuangrongFu <fu.guangrong@zte.com.cn>
[Adding AAF part and change nodeports]
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
Set the newest version of crunchy-postgres image.
In this image python 2.x was replaced by python 3.x.
The crunchy-postgres image is used in few projects in the ONAP,
not only in vnfsdk.
Change-Id: I1799b6be66312d2418878533775c741b286bec61
Issue-ID: VNFSDK-647
Signed-off-by: Tomasz Pietruszkiewicz <tomasz.pietruszkiewicz@nokia.com>
|
|
Deploy DCAE microservices using Helm instead of having
the DCAE bootstrap container deploy them using Cloudify.
Charts for the microservices are found under
oom/kubernetes/dcaegen2-services.
Issue-ID: DCAEGEN2-2615
Issue-ID: DCAEGEN2-2617
Signed-off-by: Jack Lucas <jflos@sonoris.net>
Change-Id: I22d88987ae8e21b3c08f31f13ffda98967d13297
[Use common secret template for secrets]
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
CPS Helm charts added
Issue-ID: CPS-7
Co-authored-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca>
Co-authored-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Co-authored-by: Bruno Sakoto <bruno.sakoto@bell.ca>
Signed-off-by: Claudio David Gasparini <claudio.gasparini@pantheon.tech>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Signed-off-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca>
Signed-off-by: Bruno Sakoto <bruno.sakoto@bell.ca>
Change-Id: I027e5e4b3eec78ce889168f8796d55e6f9fd9be6
Signed-off-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca>
|
|
- Create certManagerCertificate chart for Certificate template
- Change default values for duration and renewBefore
- Add creation Secret with keystore password
- Use template in SDNC (add volumes and volumesMounts)
Issue-ID: OOM-2568
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: Ib70d91b599fa6813ed0a6d5b96206508f2fdafcf
|
|
|
|
Enhance CertServiceAPI response (include CMP server error messages)
Fix KeyUsage extension sent to CMPv2 server
Issue-ID: OOM-2658
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
Change-Id: Ic2c68b85fce08d20e423b316a3234e6f00799a42
|
|
Create generic template to simplify CertServiceClient use
Issue-ID: OOM-2568
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I4fb9829b27b1dd13a9e7a098f807710cc5648438
|
|
Instead of "hardcoding" all services, let's generate them with two
values and shrink a little bit template.
It also simplify the reading of the template.
Issue-ID: OOM-2664
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I2a5f181fac93f34e074998aeaf82489f8305de1f
|
|
|
|
Align Cert Service Api to RFC4210.
Fix Cert Service Client CA_NAME validation.
Fix Cert Service External Provider logging.
Issue-ID: OOM-2656
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I644946b139bd4879e44cdf705eadcc4c2c81a0e2
|
|
This commit introduces a template for requesting a cert-manager certificate.
See: https://cert-manager.io.
It consist of the following parts:
- a template for creating certificate in commons component
- a definition of a certifcate object in sdnc component
Issue-ID: OOM-2568
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: If58b8f12eff075d058db5a0fee3b2db5c2c93a17
|
|
This commit makes CertInitializer template to use the new generator for
repositories and images.
Issue-ID: OOM-2364
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I5efa37225bfe05e2c7be7b8d2420ccaeb10afe62
|
|
|
|
Mariadb DB Galera containers version is outdated and unmaintained. We
need them to move to a new image provider.
As new image provider is not compatible with our old templates, we
also update the templates (by reworking bitnami mariadb-galera chart).
An update of global mariadb image is also done in order to match mariadb
galera version.
Issue-ID: OOM-1720
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib9976227759e90022183d4f37fc655143be4d6ac
|
|
Instead of globally choosing between virtualhosts and path based
ingress, it's better to allow to choose it per component.
Issue-ID: OOM-2641
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I952826d03722693ebae7c95a083b95bf83752d68
|
|
Update cert service and cert service client to allow IPAddresses,
E-mails and URIs as SANs.
Update ejbca configuration with IPAddresses, E-mail and URIs.
Fix dcae bp inputs to use comma as SANs delimiter (from to allow
use of IPv6)
Issue-ID: OOM-2559
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I71bea7f63540eb5d345bce6867fa25e098353d6d
|
|
Add new fake deployment to CertService, controlled by new global flag global.offlineDeployment, which is disabled as default. Change Makefile to use java image from ONAP Nexus for certificate generation.
Signed-off-by: Adam Wudzinski <adam.wudzinski@nokia.com>
Issue-ID: OOM-2588
Change-Id: I2f9fe4b626604c5bfd8512449d893015bdc6ca98
|
|
Current repository templates handles only ONAP "nexus" repository
configuration.
So, all images coming from another repository (currently, OOM is using 4
repository, including nexus one) cannot simply be retrieved from another
one.
This commit add new templates, in a specific chart, in order to change
that.
Now, each for repository can be overidden and all 4 can have a
credentials.
Also, in order to minimize global variables, templates aimed to
retrieve usual utility images (busybox, envsubst, readiness, ...) are
created.
Issue-ID: OOM-2634
Change-Id: I27eb33d830d56ec28f9de68599f5108a262983b3
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
[Reduce code size, add missing busyboxRepository]
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
pnda was introduced in earlier release (R3) as POC however no longer
supported. As we don't like unmaintained code and noone is using it
let's remove it from oom helm charts.
Issue-ID: DCAEGEN2-2503
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I717925acee3956ac7e5c6abda7a54e3a78f3ebf3
|
|
|
|
- SO-Monitoring service exposed as NodePort
- Certs are retrieved dynamically using certInitializer
Issue-ID: SO-2920
Signed-off-by: Krzysztof Gajewski <krzysztof.gajewski@nokia.com>
Change-Id: I04e6556bcddc3c67afc2a76c5b4fecb59a134911
|
|
Truststore is quite heavy. If it is included several times in the
component it can easily cross helm chart size limit.
To fix this issue let's make sure that the truststore is created only
once and then shared among all certInitializer instances.
Issue-ID: AAF-1134
Change-Id: I546a88fea3fe869748194682e7dcf3ad566282ab
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
|
|
Top up certservice-api image
Update config for k8splugin 3.4.1:
- update images of certservice-client
- add certservice-client secret name to config
- add certservice-post-processor image to config
CertPostProcessor is an application which appends CMPv2
truststore entries to AAF CertMan truststore and allows
swapping AAF CertMan keystore for CMPv2 keystore.
Issue-ID: DCAEGEN2-2253
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: Icc7020d8e1431f4ba2f49206b84bf3930d3c2c23
|
|
Changes for 111973
Issue-ID: SDNC-1136
Signed-off-by: esobmar <mariusz.sobucki@est.tech>
Change-Id: If185ee3658b8f51a969bb3505f8bfb163cfea2a3
Signed-off-by: egernug <gerard.nugent@est.tech>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
[Access EJBCA secret from cert service]
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
aaf-cert-service has been renamed to oom-cert-service and moved from oom/kubernetes/aaf/components to oom/kubernetes/platform/components.
All aaf-cert-service references have been replaced with oom-cert-service.
Issue-ID: OOM-2526
Change-Id: I70ef4bf3ee7085a5ef7075bde68eb0ea0a95ebf7
Signed-off-by: Maciej Malewski <maciej.malewski@nokia.com>
|