Age | Commit message (Collapse) | Author | Files | Lines |
|
Update cert service and cert service client to allow IPAddresses,
E-mails and URIs as SANs.
Update ejbca configuration with IPAddresses, E-mail and URIs.
Fix dcae bp inputs to use comma as SANs delimiter (from to allow
use of IPv6)
Issue-ID: OOM-2559
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I71bea7f63540eb5d345bce6867fa25e098353d6d
|
|
Add new fake deployment to CertService, controlled by new global flag global.offlineDeployment, which is disabled as default. Change Makefile to use java image from ONAP Nexus for certificate generation.
Signed-off-by: Adam Wudzinski <adam.wudzinski@nokia.com>
Issue-ID: OOM-2588
Change-Id: I2f9fe4b626604c5bfd8512449d893015bdc6ca98
|
|
Current repository templates handles only ONAP "nexus" repository
configuration.
So, all images coming from another repository (currently, OOM is using 4
repository, including nexus one) cannot simply be retrieved from another
one.
This commit add new templates, in a specific chart, in order to change
that.
Now, each for repository can be overidden and all 4 can have a
credentials.
Also, in order to minimize global variables, templates aimed to
retrieve usual utility images (busybox, envsubst, readiness, ...) are
created.
Issue-ID: OOM-2634
Change-Id: I27eb33d830d56ec28f9de68599f5108a262983b3
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
[Reduce code size, add missing busyboxRepository]
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
pnda was introduced in earlier release (R3) as POC however no longer
supported. As we don't like unmaintained code and noone is using it
let's remove it from oom helm charts.
Issue-ID: DCAEGEN2-2503
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I717925acee3956ac7e5c6abda7a54e3a78f3ebf3
|
|
|
|
- SO-Monitoring service exposed as NodePort
- Certs are retrieved dynamically using certInitializer
Issue-ID: SO-2920
Signed-off-by: Krzysztof Gajewski <krzysztof.gajewski@nokia.com>
Change-Id: I04e6556bcddc3c67afc2a76c5b4fecb59a134911
|
|
Truststore is quite heavy. If it is included several times in the
component it can easily cross helm chart size limit.
To fix this issue let's make sure that the truststore is created only
once and then shared among all certInitializer instances.
Issue-ID: AAF-1134
Change-Id: I546a88fea3fe869748194682e7dcf3ad566282ab
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
|
|
Top up certservice-api image
Update config for k8splugin 3.4.1:
- update images of certservice-client
- add certservice-client secret name to config
- add certservice-post-processor image to config
CertPostProcessor is an application which appends CMPv2
truststore entries to AAF CertMan truststore and allows
swapping AAF CertMan keystore for CMPv2 keystore.
Issue-ID: DCAEGEN2-2253
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: Icc7020d8e1431f4ba2f49206b84bf3930d3c2c23
|
|
Changes for 111973
Issue-ID: SDNC-1136
Signed-off-by: esobmar <mariusz.sobucki@est.tech>
Change-Id: If185ee3658b8f51a969bb3505f8bfb163cfea2a3
Signed-off-by: egernug <gerard.nugent@est.tech>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
[Access EJBCA secret from cert service]
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
aaf-cert-service has been renamed to oom-cert-service and moved from oom/kubernetes/aaf/components to oom/kubernetes/platform/components.
All aaf-cert-service references have been replaced with oom-cert-service.
Issue-ID: OOM-2526
Change-Id: I70ef4bf3ee7085a5ef7075bde68eb0ea0a95ebf7
Signed-off-by: Maciej Malewski <maciej.malewski@nokia.com>
|
|
|
|
Issue-ID: CCSDK-2492
Change-Id: Ide809298d075471b457cfb93fee77658c7cb597c
Signed-off-by: Lathish <lathishbabu.ganesan@est.tech>
|
|
|
|
Readiness container v3.x and up are now present in ONAP main repository.
They're also not using root user anymore and then script path has
changed.
Finally, "job_complete" script has been integrated in main "ready"
script.
As those changes are significant, we must upgrade all the components at
once.
Depends-On: I5afa83892043f4844afe12e61724a8d368a9f2e0
Issue-ID: OOM-2545
Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com>
Change-Id: I0b4eb5dd86390273532d67d0a9696e1cfcadf110
|
|
With the introduction of common secret template many of ONAP passwords
started being automatically generated.
The algorithm that we use for this purpose allows to choose the
complexity of generated password. By default we use "long" which
contains special characters. Unfortunately this turns out to often
cause some issue. To make our deployment more stable and user friendly
lets allow the deployer to choose the desired password complexity.
Issue-ID: OOM-2328
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ib7a412e19f6b44f20c8ac388393936cf5d967d4e
|
|
|
|
Add configuration supporting dealing with CMPv2 certs in K8s plugin.
Remove outputType from global values to allow it be specific for service.
Issue-ID: DCAEGEN2-2252
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: Iedb9c3f63a539a386b9abd5d257c54f5ce023662
|
|
This new chart allows to set the same log level accross components in
ONAP.
As other similar templates, default value will be retrieved
(`logConfiguration.logLevel`) but can be overrided:
- globally by setting global.logLevel
- per component basis by setting `logConfiguration.logLevelOverride` per
component basis
Issue-ID: OOM-2515
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I18196b56bb4f8732d42271d7c93c1a0f71bfac58
|
|
Update Cert Service version to 1.2.0 in order to allow creation
not existing subdirectories where certs will be located.
Issue-ID: DCAEGEN2-2252
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I83560e21a6894c8869201205000bb7c41956176a
|
|
Allow use of OUTPUT_TYPE env in certservice client to define desired
certificates format (one of: P12, JKS, PEM)
Issue-ID: AAF-1152
Change-Id: I5065b659ae36d71209d643303896516042fabaa0
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
|
|
Use a newer readiness check script with better handling of readiness on
statefulsets.
Issue-ID: OOM-2418
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ica7c87e856c193b2ed825a3eb2345262689f2808
|
|
|
|
When upgrading from a version to another, it may be impossible to do it
"simply" because of changes in immutable properties of statefulsets. We
change that here by creating a temporary deployment which will hold the
whole databases during the time the old statefulset gets destroyed and
the new one gets created.
Issue-ID: OOM-2316
Signed-off-by: tringuyen <tri.nguyen@tatacommunications.com>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I318d72830d5002f50597e23e0753e292f8b47c53
|
|
This new micro service allow retrieval of certificates using CMPv2
protocol and relay the requests to CA server (such as EJBCA provided in
contrib folder).
Issue-ID: AAF-1083
Change-Id: Ib3acba3d071533ad933d043f067147e8406d8fa8
Signed-off-by: EmmettCox <emmett.cox@est.tech>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
|
|
New readiness image proposes several new stuff:
* smaller size
* ability to wait for daemonset
Issue-ID: OOM-2373
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I4af9a09393c5b71214d8f4db2c1a095b260c9fbd
|
|
This aligns with other changes on OOM.
You can either supply a specific password or
have it generated for you based on a master password
Issue-ID: CLAMP-796, OJSI-188
Change-Id: If1b80fc47cf1033e094f8a106746d1e8c556c08b
Signed-off-by: JulienBe <jb379x@att.com>
Co-authored-by: sebdet <sebastien.determe@intl.att.com>
[small updates in common secret template usage]
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
|
|
Add three templates:
* one for creating the sidecar
* one for creating the configmap
* one for creating the volumes
Issue-ID: OOM-2370
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I34ac35a30b3ab892622431ee7c70277bc7b1f41d
|
|
Add elasticdb as common chart to oom
Issue-ID: SDNC-1061
Signed-off-by: Alexander Dehn <alexander.dehn@highstreet-technologies.com>
Change-Id: Id8c48113b8d4193d7f13991296f0307a29724c01
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
EJBCA Server is used to test that CMPv2 Certificate handling is well
done in ONAP.
Issue-ID: AAF-1083
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I5e2d25b68b5cd80d3c7bf282ce871dd81e711ff6
|
|
Cleaned up up configs, JDK11 fixes, Hello and Agent works, now a model for Apps
non-root fix
Issue-ID: AAF-1081, AAF-1102
Signed-off-by: Instrumental <jgonap@stl.gathman.org>
Signed-off-by: ChrisC <christophe.closset@intl.att.com>
Change-Id: I4947075029db8abd7d2072b6b82064af8e2daa3e
|
|
"index" function is bad in term of performance in Helm.
Reworked the templates in order to avoid it.
as certificates are retrieved at every boot (and as already present
certs are deleted before), we don't need persistent storage
Also set aafImage as a global variable in order to have a consistent use
accross ONAP
Issue-ID: EXTAPI-375
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie3f5ae5c2a37d816afc42d2c67ebe8e40e749c79
|
|
Issue-ID: DCAEGEN2-1866
Change-Id: I0179e1e75529ad8017b1a5c23747dbd80aa6f625
Signed-off-by: Jack Lucas <jflucas@research.att.com>
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
Current service and headlessService templates doesn't handle the fact
that out of cluster ports must be TLS encrypted only.
With a new (backward compatible) DSL, this is now possible.
In values.yaml, all ports in service part with port AND plain_port will
have the ability to be HTTP or HTTPS depending on the context.
Per default, they'll be HTTPS.
TLS choice will be done according this table:
| tlsOverride | global.tlsEnabled | global.serviceMesh.enabled | global.serviceMesh.tls | result |
|-------------|-------------------|----------------------------|------------------------|--------|
| not present | not present | not present | any | true |
| not present | not present | false | any | true |
| not present | not present | true | false | true |
| not present | not present | true | true | false |
| not present | true | any | any | true |
| not present | false | any | any | false |
| true | any | any | any | true |
| false | any | any | any | false |
Service template will create one or two service templates according to this table:
| serviceType | both_tls_and_plain | result |
|---------------|--------------------|--------------|
| ClusterIP | any | one Service |
| Not ClusterIP | not present | one Service |
| Not ClusterIP | false | one Service |
| Not ClusterIP | true | two Services |
If two services are created, one is ClusterIP with both crypted and plain
ports and the other one is NodePort (or LoadBalancer) with crypted port only.
Issue-ID: OOM-1936
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If766dd73132022d1a6e578fd36113c461bb91ea5
|
|
Proposition of common templates to make service declaration and PV
declaration consistent accross OOM.
Propositions of templates for sub parties of resource definitions
such as metadatas, selector and containerPorts.
I've also made an example with cassandra.
Change-Id: I8b8aa8eb61dafba75e89add1979114a0eefce243
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
|
|
OOM has now templates in order to create the needed PVC, using:
* a PV with a specific class when using a common nfs mount path between
nodes (sames as today use) --> is the default behavior today
* or a storage class if we want to use dynamic PV.
On this case, we use (in order of priority):
- persistence.storageClassOverride if set on the chart
- global.persistence.storageClass if set globally
- persistence.storageClass if set on the chart
I've also aligned the PV creation of the different charts.
I've also aligned the PVC creation of the different charts.
I've removed unused mysql chart and (badly) used nfs-provisioner chart.
I've also make cassandra backup work with dynamic PV (but RWX only for
now).
Change-Id: I0ea3f8c7514ca648d94b6c682684c06b822bbe0a
Issue-ID: OOM-2229
Issue-ID: OOM-2228
Issue-ID: OOM-2227
Issue-ID: OOM-1227
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
Add virtual hosting support to the ingress
common template
Added support for global configuration path
or virtual host based
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Change-Id: I6b1a0c9cfd0eb5c90a090058d5db70f8ee33731e
Issue-ID: OOM-2125
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
|
|
Issue-ID: OOM-2085
Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>
Change-Id: I21fed8c9cf33967f62f156cac96deefdcb4f8d47
Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>
|
|
RKE.
Issue-ID: OOM-2050
Signed-off-by: Ondřej Šmalec <o.smalec@partner.samsung.com>
Change-Id: I72802282d296c6e1f23f96112a6406ded18aa5ab
|
|
Add nginx ingress controller support to the OOM
nginx ingress controller is disabled by default.
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Change-Id: I97683ede7d99d2c8ca2f512c962d2d8d03467124
Issue-ID: OOM-1508
|
|
Issue-ID: MODELING-165
Change-Id: I46419561fdc3f1b4fb7a7bcf19185ac6cbd99c1d
Signed-off-by: yangyanyj <yangyanyj@chinamobile.com>
|
|
Change-Id: I2a0428bfec238231b299c9f35364979b116a5d67
Issue-ID: OOM-1598
Signed-off-by: Mike Elliott <mike.elliott@amdocs.com>
|
|
Issue-ID: OOM-1500
Change-Id: I15dd98ea8042914220f1b6025e93f65224bb9adb
Signed-off-by: sushil masal <sushil.masal@amdocs.com>
|
|
Change-Id: Id3fbbc7ad639bfd03ddbfc931abf774407851d74
Issue-ID: OOM-1193
Signed-off-by: Pramod <pramod.kumarsharma@amdocs.com>
|
|
Currently when you deploy onap with no override file, the behavior is
to deploy everything. In order to deploy a subset of components, an
override file must contain all components and then disable the ones
you don't want. As we prepare to transfer helm chart ownership to the
teams, it will simplify the creation of project specific development
override files, if the default behavior for deploying onap was
reversed. Allowing override files to only contain the components
they care to enable (and configure) and ignore the rest as they
would be disabled by default.
From this point on, it will be necessary to use an override file
(as integration uses for testing) to enable all components. This
patch includes an onap-all.yaml override file that may be used for
this purpose.
helm deploy dev local/onap -f onap/overrides/onap-all.yaml
No configuration is part of this override. Its purpose is only to
enable the components and is intended to be used in combination with
other override files that provide environment specific configuration.
Change-Id: I4b74a3a8a35a178298af7205762e2aca7c65dda3
Issue-ID: OOM-1692
Signed-off-by: Mike Elliott <mike.elliott@amdocs.com>
|
|
Issue-ID: OOM-1198
Change-Id: Ie49a34cfbe5bdb2620312e8780dccbc0b86a0d6e
Signed-off-by: Mahendra Raghuwanshi <mahendra.raghuwanshi@amdocs.com>
|
|
As part of the Dublin release, the web version of VVP is being
deprecated. A command-line script will remain, but there will
be no deployable, online version of the tooling. This change
removes the deprecated components from the OOM deployment and
management.
Issue-ID: VVP-136
Change-Id: Iea4e611d6b1a784be271982eb6a92099a944bd76
Signed-off-by: Lovett, Trevor <trevor.lovett@att.com>
|