summaryrefslogtreecommitdiffstats
path: root/kubernetes/onap
AgeCommit message (Collapse)AuthorFilesLines
2021-02-05[COMMON] Create certManagerCertificate chartPiotr Marcinkiewicz1-11/+2
- Create certManagerCertificate chart for Certificate template - Change default values for duration and renewBefore - Add creation Secret with keystore password - Use template in SDNC (add volumes and volumesMounts) Issue-ID: OOM-2568 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: Ib70d91b599fa6813ed0a6d5b96206508f2fdafcf
2021-02-04Merge "[AAI] Templatize MSB services"Krzysztof Opasiak1-1/+5
2021-01-27[PLATFORM] Update cert service images to 2.3.3Joanna Jeremicz1-1/+1
Enhance CertServiceAPI response (include CMP server error messages) Fix KeyUsage extension sent to CMPv2 server Issue-ID: OOM-2658 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com> Change-Id: Ic2c68b85fce08d20e423b316a3234e6f00799a42
2021-01-20[COMMON] Add template for CertServiceClientRemigiusz Janeczek1-1/+2
Create generic template to simplify CertServiceClient use Issue-ID: OOM-2568 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I4fb9829b27b1dd13a9e7a098f807710cc5648438
2021-01-19[AAI] Templatize MSB servicesSylvain Desbureaux1-1/+5
Instead of "hardcoding" all services, let's generate them with two values and shrink a little bit template. It also simplify the reading of the template. Issue-ID: OOM-2664 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I2a5f181fac93f34e074998aeaf82489f8305de1f
2021-01-08Merge "[CMPV2] Add a template for Certificate (cert-manager)"Sylvain Desbureaux1-0/+26
2021-01-06[PLATFORM] Update cert service images to 2.3.2Remigiusz Janeczek1-1/+1
Align Cert Service Api to RFC4210. Fix Cert Service Client CA_NAME validation. Fix Cert Service External Provider logging. Issue-ID: OOM-2656 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I644946b139bd4879e44cdf705eadcc4c2c81a0e2
2021-01-06[CMPV2] Add a template for Certificate (cert-manager)Jan Malkiewicz1-0/+26
This commit introduces a template for requesting a cert-manager certificate. See: https://cert-manager.io. It consist of the following parts: - a template for creating certificate in commons component - a definition of a certifcate object in sdnc component Issue-ID: OOM-2568 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: If58b8f12eff075d058db5a0fee3b2db5c2c93a17
2020-12-18Merge "[COMMON][CertInit] Uses new tpls for repos / images"Krzysztof Opasiak1-0/+3
2020-12-17[CMPV2] Set flag CMPv2CertManagerIntegrationJan Malkiewicz2-1/+3
Default value for onap is 'false'. Default value for cert-service environment is 'true'. Issue-ID: OOM-2560 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: I4e390f875b88f3684f82b9f8bbb3c5462c719c9e
2020-12-17[COMMON][CertInit] Uses new tpls for repos / imagesSylvain Desbureaux1-0/+3
This commit makes CertInitializer template to use the new generator for repositories and images. Issue-ID: OOM-2364 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I5efa37225bfe05e2c7be7b8d2420ccaeb10afe62
2020-12-17Merge "[COMMON][MARIADB] Upgrade Mariadb DB galera version"Krzysztof Opasiak1-8/+13
2020-12-14[COMMON][MARIADB] Upgrade Mariadb DB galera versionSylvain Desbureaux1-8/+13
Mariadb DB Galera containers version is outdated and unmaintained. We need them to move to a new image provider. As new image provider is not compatible with our old templates, we also update the templates (by reworking bitnami mariadb-galera chart). An update of global mariadb image is also done in order to match mariadb galera version. Issue-ID: OOM-1720 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib9976227759e90022183d4f37fc655143be4d6ac
2020-12-14Merge "[COMMON] Configure paths for Ingress"Krzysztof Opasiak1-1/+0
2020-12-09[OOM] Remove POMBA from OOM repositoryGrzegorz-Lis1-4/+0
Pomba is obsolete and not used anymore by ONAP Issue-ID: OOM-2642 Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com> Change-Id: If6b2cc43d1cb088f5ea2ae05970b625fc1f5d425
2020-12-08[COMMON] Configure paths for IngressSylvain Desbureaux1-1/+0
Instead of globally choosing between virtualhosts and path based ingress, it's better to allow to choose it per component. Issue-ID: OOM-2641 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I952826d03722693ebae7c95a083b95bf83752d68
2020-12-04Merge "[PLATFORM] Update cert service images to 2.3.1"Sylvain Desbureaux1-1/+1
2020-12-02[PLATFORM] Update cert service images to 2.3.1Remigiusz Janeczek1-1/+1
Update cert service and cert service client to allow IPAddresses, E-mails and URIs as SANs. Update ejbca configuration with IPAddresses, E-mail and URIs. Fix dcae bp inputs to use comma as SANs delimiter (from to allow use of IPv6) Issue-ID: OOM-2559 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I71bea7f63540eb5d345bce6867fa25e098353d6d
2020-12-02[GENERAL] Update chart version to GuilinSylvain Desbureaux1-1/+1
Issue-ID: OOM-2638 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I2738206390b07c4bb5d0fa191368d8297eb2ba5e
2020-11-30[COMMON][DOC] Bump version GuilinSylvain Desbureaux2-38/+38
Update charts and requirements to 7.0.0. Create release notes for Guilin Update documentation Issue-ID: OOM-2638 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I965ed6b6ebb7d74bfddaff73edd3dd55a657841c
2020-11-23[PLATFORM] Add new fake deployment to fix offline certificates generationAdam Wudzinski1-0/+5
Add new fake deployment to CertService, controlled by new global flag global.offlineDeployment, which is disabled as default. Change Makefile to use java image from ONAP Nexus for certificate generation. Signed-off-by: Adam Wudzinski <adam.wudzinski@nokia.com> Issue-ID: OOM-2588 Change-Id: I2f9fe4b626604c5bfd8512449d893015bdc6ca98
2020-11-20[COMMON] New templates to handle repositoriesSylvain Desbureaux3-47/+62
Current repository templates handles only ONAP "nexus" repository configuration. So, all images coming from another repository (currently, OOM is using 4 repository, including nexus one) cannot simply be retrieved from another one. This commit add new templates, in a specific chart, in order to change that. Now, each for repository can be overidden and all 4 can have a credentials. Also, in order to minimize global variables, templates aimed to retrieve usual utility images (busybox, envsubst, readiness, ...) are created. Issue-ID: OOM-2634 Change-Id: I27eb33d830d56ec28f9de68599f5108a262983b3 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> [Reduce code size, add missing busyboxRepository] Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-11-05Merge "[Tree-wide] Remove pnda charts from OOM"Sylvain Desbureaux3-8/+0
2020-11-04[ONAP] Remove helm comment from environment filesJakub Latusek4-8/+0
This files are never processed as helm's template, so comments should be in yaml style. Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: Id97f1b2640d7d96324f891b54780a12ec28e5d02
2020-11-03Remove unexepected chat in yaml filemrichomme1-2/+0
These parameters trigger an error when installing on windriver so if the file is used, installation will fail due to yaml issue Issue-ID: OOM-2620 Signed-off-by: mrichomme <morgan.richomme@orange.com> Change-Id: I572d7d26067f7b632aaec4fd88a19d28b80b9d68
2020-10-29[Tree-wide] Remove pnda charts from OOMKrzysztof Opasiak3-8/+0
pnda was introduced in earlier release (R3) as POC however no longer supported. As we don't like unmaintained code and noone is using it let's remove it from oom helm charts. Issue-ID: DCAEGEN2-2503 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I717925acee3956ac7e5c6abda7a54e3a78f3ebf3
2020-10-29Merge "[SO] Enable SO-Monitoring - use HTTPS and certInitializer"Krzysztof Opasiak1-0/+6
2020-10-29[SO] Enable SO-Monitoring - use HTTPS and certInitializerKrzysztof Gajewski1-0/+6
- SO-Monitoring service exposed as NodePort - Certs are retrieved dynamically using certInitializer Issue-ID: SO-2920 Signed-off-by: Krzysztof Gajewski <krzysztof.gajewski@nokia.com> Change-Id: I04e6556bcddc3c67afc2a76c5b4fecb59a134911
2020-10-22Merge "[ONAP] change comment style"Sylvain Desbureaux7-0/+14
2020-10-21[ONAP] change comment styleJakub Latusek7-0/+14
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Change-Id: I9725eb1baf99f32d47f146dce2c61d3ae45ca0ab Issue-ID: OOM-2562
2020-10-20[COMMON] Make certInitializer share truststore among instancesKrzysztof Opasiak2-0/+7
Truststore is quite heavy. If it is included several times in the component it can easily cross helm chart size limit. To fix this issue let's make sure that the truststore is created only once and then shared among all certInitializer instances. Issue-ID: AAF-1134 Change-Id: I546a88fea3fe869748194682e7dcf3ad566282ab Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-10-14[CLAMP] Give times to mariadb to come upSylvain Desbureaux1-0/+5
On some environments, clamp database is restarted in the middle of the init script. The consequence is then a weird behavior, especially if the users are not set. This patch adds more time to the DB in the environment override file (which is supposed to be used in slow environnement). Issue-ID: OOM-2597 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ieb700afbb27610dbad18d860b7fb85ac95c2bb0d
2020-10-12[ONAP] update api versionJakub Latusek1-1/+1
Change-Id: I0f3278d513430ddf18abd3580a48f0d7a0bccc78 Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562
2020-09-25Merge "[DCAEGEN2][OOM] Update k8splugin configs"Sylvain Desbureaux1-1/+1
2020-09-24[DCAEGEN2][OOM] Update k8splugin configsJan Malkiewicz1-1/+1
Top up certservice-api image Update config for k8splugin 3.4.1: - update images of certservice-client - add certservice-client secret name to config - add certservice-post-processor image to config CertPostProcessor is an application which appends CMPv2 truststore entries to AAF CertMan truststore and allows swapping AAF CertMan keystore for CMPv2 keystore. Issue-ID: DCAEGEN2-2253 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: Icc7020d8e1431f4ba2f49206b84bf3930d3c2c23
2020-09-21[SDNC] Deploy external TLC cert in ODLegernug1-9/+9
Changes for 111973 Issue-ID: SDNC-1136 Signed-off-by: esobmar <mariusz.sobucki@est.tech> Change-Id: If185ee3658b8f51a969bb3505f8bfb163cfea2a3 Signed-off-by: egernug <gerard.nugent@est.tech> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> [Access EJBCA secret from cert service] Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-09-18[OOM] Moving cert-service to platformMaciej Malewski4-8/+21
aaf-cert-service has been renamed to oom-cert-service and moved from oom/kubernetes/aaf/components to oom/kubernetes/platform/components. All aaf-cert-service references have been replaced with oom-cert-service. Issue-ID: OOM-2526 Change-Id: I70ef4bf3ee7085a5ef7075bde68eb0ea0a95ebf7 Signed-off-by: Maciej Malewski <maciej.malewski@nokia.com>
2020-09-17Merge "Add A1 Policy Management Service helm charts"Sylvain Desbureaux4-1/+19
2020-09-16Add A1 Policy Management Service helm chartsLathish4-1/+19
Issue-ID: CCSDK-2492 Change-Id: Ide809298d075471b457cfb93fee77658c7cb597c Signed-off-by: Lathish <lathishbabu.ganesan@est.tech>
2020-09-07Merge "[COMMON] Allow to set default password complexity"Sylvain Desbureaux1-0/+5
2020-09-04[GENERAL] Use readiness container v3.0.1Sylvain Desbureaux3-7/+8
Readiness container v3.x and up are now present in ONAP main repository. They're also not using root user anymore and then script path has changed. Finally, "job_complete" script has been integrated in main "ready" script. As those changes are significant, we must upgrade all the components at once. Depends-On: I5afa83892043f4844afe12e61724a8d368a9f2e0 Issue-ID: OOM-2545 Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com> Change-Id: I0b4eb5dd86390273532d67d0a9696e1cfcadf110
2020-09-02[COMMON] Allow to set default password complexityKrzysztof Opasiak1-0/+5
With the introduction of common secret template many of ONAP passwords started being automatically generated. The algorithm that we use for this purpose allows to choose the complexity of generated password. By default we use "long" which contains special characters. Unfortunately this turns out to often cause some issue. To make our deployment more stable and user friendly lets allow the deployer to choose the desired password complexity. Issue-ID: OOM-2328 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ib7a412e19f6b44f20c8ac388393936cf5d967d4e
2020-08-26Merge "[SDNC] Remove sdnc-portal component"Sylvain Desbureaux2-6/+0
2020-08-25Merge "[COMMON] new logConfiguration chart"Krzysztof Opasiak1-0/+6
2020-08-24[SDNC] Remove sdnc-portal componentDan Timoney2-6/+0
The sdnc-portal component is currently disabled due to known security vulnerabilities. This component is no longer supported - the developer left the project - and its functionality is not really needed. So, we are removing this component in Guilin. Issue-ID: SDNC-1236 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: I45c7cad2102011fb25ca9f6707792dfd5c97624f
2020-07-30[DCAEGEN2] Add config supporting request CMPv2 certsPiotr Marcinkiewicz1-2/+1
Add configuration supporting dealing with CMPv2 certs in K8s plugin. Remove outputType from global values to allow it be specific for service. Issue-ID: DCAEGEN2-2252 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: Iedb9c3f63a539a386b9abd5d257c54f5ce023662
2020-07-22[COMMON] new logConfiguration chartSylvain Desbureaux1-0/+6
This new chart allows to set the same log level accross components in ONAP. As other similar templates, default value will be retrieved (`logConfiguration.logLevel`) but can be overrided: - globally by setting global.logLevel - per component basis by setting `logConfiguration.logLevelOverride` per component basis Issue-ID: OOM-2515 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I18196b56bb4f8732d42271d7c93c1a0f71bfac58
2020-07-20[AAF Certservice] Update versions to 1.2.0Piotr Marcinkiewicz1-1/+1
Update Cert Service version to 1.2.0 in order to allow creation not existing subdirectories where certs will be located. Issue-ID: DCAEGEN2-2252 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I83560e21a6894c8869201205000bb7c41956176a
2020-07-01[AAF Certservice] Update versions to 1.1.0Remigiusz Janeczek1-1/+2
Allow use of OUTPUT_TYPE env in certservice client to define desired certificates format (one of: P12, JKS, PEM) Issue-ID: AAF-1152 Change-Id: I5065b659ae36d71209d643303896516042fabaa0 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
2020-06-19Merge "[GLOBAL] Upgrade readiness check version"Krzysztof Opasiak1-1/+1