aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/onap
AgeCommit message (Collapse)AuthorFilesLines
2020-09-21[SDNC] Deploy external TLC cert in ODLegernug1-9/+9
Changes for 111973 Issue-ID: SDNC-1136 Signed-off-by: esobmar <mariusz.sobucki@est.tech> Change-Id: If185ee3658b8f51a969bb3505f8bfb163cfea2a3 Signed-off-by: egernug <gerard.nugent@est.tech> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> [Access EJBCA secret from cert service] Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-09-18[OOM] Moving cert-service to platformMaciej Malewski4-8/+21
aaf-cert-service has been renamed to oom-cert-service and moved from oom/kubernetes/aaf/components to oom/kubernetes/platform/components. All aaf-cert-service references have been replaced with oom-cert-service. Issue-ID: OOM-2526 Change-Id: I70ef4bf3ee7085a5ef7075bde68eb0ea0a95ebf7 Signed-off-by: Maciej Malewski <maciej.malewski@nokia.com>
2020-09-17Merge "Add A1 Policy Management Service helm charts"Sylvain Desbureaux4-1/+19
2020-09-16Add A1 Policy Management Service helm chartsLathish4-1/+19
Issue-ID: CCSDK-2492 Change-Id: Ide809298d075471b457cfb93fee77658c7cb597c Signed-off-by: Lathish <lathishbabu.ganesan@est.tech>
2020-09-07Merge "[COMMON] Allow to set default password complexity"Sylvain Desbureaux1-0/+5
2020-09-04[GENERAL] Use readiness container v3.0.1Sylvain Desbureaux3-7/+8
Readiness container v3.x and up are now present in ONAP main repository. They're also not using root user anymore and then script path has changed. Finally, "job_complete" script has been integrated in main "ready" script. As those changes are significant, we must upgrade all the components at once. Depends-On: I5afa83892043f4844afe12e61724a8d368a9f2e0 Issue-ID: OOM-2545 Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com> Change-Id: I0b4eb5dd86390273532d67d0a9696e1cfcadf110
2020-09-02[COMMON] Allow to set default password complexityKrzysztof Opasiak1-0/+5
With the introduction of common secret template many of ONAP passwords started being automatically generated. The algorithm that we use for this purpose allows to choose the complexity of generated password. By default we use "long" which contains special characters. Unfortunately this turns out to often cause some issue. To make our deployment more stable and user friendly lets allow the deployer to choose the desired password complexity. Issue-ID: OOM-2328 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ib7a412e19f6b44f20c8ac388393936cf5d967d4e
2020-08-26Merge "[SDNC] Remove sdnc-portal component"Sylvain Desbureaux2-6/+0
2020-08-25Merge "[COMMON] new logConfiguration chart"Krzysztof Opasiak1-0/+6
2020-08-24[SDNC] Remove sdnc-portal componentDan Timoney2-6/+0
The sdnc-portal component is currently disabled due to known security vulnerabilities. This component is no longer supported - the developer left the project - and its functionality is not really needed. So, we are removing this component in Guilin. Issue-ID: SDNC-1236 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: I45c7cad2102011fb25ca9f6707792dfd5c97624f
2020-07-30[DCAEGEN2] Add config supporting request CMPv2 certsPiotr Marcinkiewicz1-2/+1
Add configuration supporting dealing with CMPv2 certs in K8s plugin. Remove outputType from global values to allow it be specific for service. Issue-ID: DCAEGEN2-2252 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: Iedb9c3f63a539a386b9abd5d257c54f5ce023662
2020-07-22[COMMON] new logConfiguration chartSylvain Desbureaux1-0/+6
This new chart allows to set the same log level accross components in ONAP. As other similar templates, default value will be retrieved (`logConfiguration.logLevel`) but can be overrided: - globally by setting global.logLevel - per component basis by setting `logConfiguration.logLevelOverride` per component basis Issue-ID: OOM-2515 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I18196b56bb4f8732d42271d7c93c1a0f71bfac58
2020-07-20[AAF Certservice] Update versions to 1.2.0Piotr Marcinkiewicz1-1/+1
Update Cert Service version to 1.2.0 in order to allow creation not existing subdirectories where certs will be located. Issue-ID: DCAEGEN2-2252 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I83560e21a6894c8869201205000bb7c41956176a
2020-07-01[AAF Certservice] Update versions to 1.1.0Remigiusz Janeczek1-1/+2
Allow use of OUTPUT_TYPE env in certservice client to define desired certificates format (one of: P12, JKS, PEM) Issue-ID: AAF-1152 Change-Id: I5065b659ae36d71209d643303896516042fabaa0 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
2020-06-19Merge "[GLOBAL] Upgrade readiness check version"Krzysztof Opasiak1-1/+1
2020-06-19[RELEASE] Change AppVersion for onap main chartSylvain Desbureaux1-1/+1
Issue-ID: OOM-2424 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Iee3f9b6e1dc0dd278c9c55d317827f16ac8b3389
2020-06-15[GLOBAL] Upgrade readiness check versionSylvain Desbureaux1-1/+1
Use a newer readiness check script with better handling of readiness on statefulsets. Issue-ID: OOM-2418 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ica7c87e856c193b2ed825a3eb2345262689f2808
2020-06-10Merge "[COMMON] add pre upgrade script for mariadb-galera"Sylvain Desbureaux1-0/+10
2020-06-05[COMMON] add pre upgrade script for mariadb-galeratringuyen1-0/+10
When upgrading from a version to another, it may be impossible to do it "simply" because of changes in immutable properties of statefulsets. We change that here by creating a temporary deployment which will hold the whole databases during the time the old statefulset gets destroyed and the new one gets created. Issue-ID: OOM-2316 Signed-off-by: tringuyen <tri.nguyen@tatacommunications.com> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I318d72830d5002f50597e23e0753e292f8b47c53
2020-05-28[AAF] Add CMPv2 Cert ServiceEmmettCox2-0/+68
This new micro service allow retrieval of certificates using CMPv2 protocol and relay the requests to CA server (such as EJBCA provided in contrib folder). Issue-ID: AAF-1083 Change-Id: Ib3acba3d071533ad933d043f067147e8406d8fa8 Signed-off-by: EmmettCox <emmett.cox@est.tech> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-05-18Merge "Bump version of readiness image"Sylvain Desbureaux1-1/+6
2020-05-13Bump version of readiness imageSylvain Desbureaux1-1/+6
New readiness image proposes several new stuff: * smaller size * ability to wait for daemonset Issue-ID: OOM-2373 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I4af9a09393c5b71214d8f4db2c1a095b260c9fbd
2020-05-04remove hardcoded MariaDB passwordJulienBe1-1/+1
This aligns with other changes on OOM. You can either supply a specific password or have it generated for you based on a master password Issue-ID: CLAMP-796, OJSI-188 Change-Id: If1b80fc47cf1033e094f8a106746d1e8c556c08b Signed-off-by: JulienBe <jb379x@att.com> Co-authored-by: sebdet <sebastien.determe@intl.att.com> [small updates in common secret template usage] Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-04-24Merge "Create ONAP with minimal component count"Sylvain Desbureaux1-0/+139
2020-04-23Create ONAP with minimal component countLucjan Bryndza1-0/+139
Create onap with minimal component count Issue-ID: OOM-2385 Change-Id: Idf7b9f517e65274f6a288fde0d0462fd1cd93762 Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
2020-04-23[Sniro] Disable Sniro-emulator in "onap-all"Sylvain Desbureaux2-4/+0
Sniro emulator is not a component which will be part of the release. As such, we don't start it even in "all" ONAP. Issue-ID: OOM-2372 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib544f93ca51a42cd0b39637c14555cb9a3ecfda0
2020-04-22Merge "[POMBA] Disable pomba in "onap-all""Krzysztof Opasiak2-4/+0
2020-04-22Merge "[COMMON] templates for centralized logs"Krzysztof Opasiak2-1/+10
2020-04-22Merge "[LOG] Disable log in "onap-all""Krzysztof Opasiak2-4/+0
2020-04-22[COMMON] templates for centralized logsSylvain Desbureaux2-1/+10
Add three templates: * one for creating the sidecar * one for creating the configmap * one for creating the volumes Issue-ID: OOM-2370 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I34ac35a30b3ab892622431ee7c70277bc7b1f41d
2020-04-20Merge "[COMMON] helm chart for elastic db"Krzysztof Opasiak1-0/+4
2020-04-20[LOG] Disable log in "onap-all"Sylvain Desbureaux2-4/+0
Log is not a component which will be part of the release. As such, we don't start it even in "all" ONAP. Issue-ID: OOM-2370 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I0238632a3a62ad7cfeee3656afc74144a6337c46
2020-04-20[POMBA] Disable pomba in "onap-all"Sylvain Desbureaux2-4/+0
Pomba is not a component which will be part of the release. As such, we don't start it even in "all" ONAP. Issue-ID: OOM-2371 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I400601dee8e65b1c05948e3ccad99e84eb9c9119
2020-04-20Merge "Enable robot module in 5G Network Slicing use case override file"Sylvain Desbureaux1-1/+1
2020-04-20[COMMON] helm chart for elastic dbAlexander Dehn1-0/+4
Add elasticdb as common chart to oom Issue-ID: SDNC-1061 Signed-off-by: Alexander Dehn <alexander.dehn@highstreet-technologies.com> Change-Id: Id8c48113b8d4193d7f13991296f0307a29724c01 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-04-16Merge "[Contrib] Add EJBCA Server"Krzysztof Opasiak3-5/+29
2020-04-16Enable robot module in 5G Network Slicing use case override filezhangqingjie1-1/+1
Issue-ID: OOM-2365 Signed-off-by: zhangqingjie <zhangqingjie@huawei.com> Change-Id: I18b1c3198c669e7a7bda368f8d9ce8ba5790555b
2020-04-15[Contrib] Add EJBCA ServerSylvain Desbureaux3-5/+29
EJBCA Server is used to test that CMPv2 Certificate handling is well done in ONAP. Issue-ID: AAF-1083 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I5e2d25b68b5cd80d3c7bf282ce871dd81e711ff6
2020-04-09Enable NBI Module in 5G Network Slicing use case override filezhangqingjie1-1/+1
Issue-ID: OOM-2360 Enable NBI Module in 5G Network Slicing use case override file Signed-off-by: zhangqingjie <zhangqingjie@huawei.com> Change-Id: I05d53cd82a037b076b0935ad6a629d094415a3dc
2020-04-07AAF OOM 2.1.20ChrisC1-1/+1
Cleaned up up configs, JDK11 fixes, Hello and Agent works, now a model for Apps non-root fix Issue-ID: AAF-1081, AAF-1102 Signed-off-by: Instrumental <jgonap@stl.gathman.org> Signed-off-by: ChrisC <christophe.closset@intl.att.com> Change-Id: I4947075029db8abd7d2072b6b82064af8e2daa3e
2020-04-03[COMMON] Faster aafConfig templateSylvain Desbureaux1-1/+3
"index" function is bad in term of performance in Helm. Reworked the templates in order to avoid it. as certificates are retrieved at every boot (and as already present certs are deleted before), we don't need persistent storage Also set aafImage as a global variable in order to have a consistent use accross ONAP Issue-ID: EXTAPI-375 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ie3f5ae5c2a37d816afc42d2c67ebe8e40e749c79
2020-04-02Bump chart versionSylvain Desbureaux2-33/+33
Use 6.0.0 in preparation for Frankfurt release Issue-ID: OOM-2320 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I8ad82dfdf48b56c38c0e85d640b18cc13c8d9e67
2020-03-13Add dcaemod chartsJack Lucas3-0/+8
Issue-ID: DCAEGEN2-1866 Change-Id: I0179e1e75529ad8017b1a5c23747dbd80aa6f625 Signed-off-by: Jack Lucas <jflucas@research.att.com> Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-03-09add yaml for 5G Network Slicing usecasezhangqingjie1-0/+172
Issue-ID: OOM-2329 supply a ONAP installation config file for 5G Network Slicing usecase, so that the user can easily install a minimum-scope ONAP with as few resources as possible. Signed-off-by: zhangqingjie <zhangqingjie@huawei.com> Change-Id: I728a0229296d62120418f654e4c3f50a2805a69e
2020-03-06[COMMON] Handle TLS/Non-TLS for ServiceSylvain Desbureaux1-0/+51
Current service and headlessService templates doesn't handle the fact that out of cluster ports must be TLS encrypted only. With a new (backward compatible) DSL, this is now possible. In values.yaml, all ports in service part with port AND plain_port will have the ability to be HTTP or HTTPS depending on the context. Per default, they'll be HTTPS. TLS choice will be done according this table: | tlsOverride | global.tlsEnabled | global.serviceMesh.enabled | global.serviceMesh.tls | result | |-------------|-------------------|----------------------------|------------------------|--------| | not present | not present | not present | any | true | | not present | not present | false | any | true | | not present | not present | true | false | true | | not present | not present | true | true | false | | not present | true | any | any | true | | not present | false | any | any | false | | true | any | any | any | true | | false | any | any | any | false | Service template will create one or two service templates according to this table: | serviceType | both_tls_and_plain | result | |---------------|--------------------|--------------| | ClusterIP | any | one Service | | Not ClusterIP | not present | one Service | | Not ClusterIP | false | one Service | | Not ClusterIP | true | two Services | If two services are created, one is ClusterIP with both crypted and plain ports and the other one is NodePort (or LoadBalancer) with crypted port only. Issue-ID: OOM-1936 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If766dd73132022d1a6e578fd36113c461bb91ea5
2020-02-13[SO] Enable use of Keystone v3Sylvain Desbureaux1-1/+5
SO can handle keystone v3 but override file must be capable to handle this. If openStackKeystoneVersion is set to "KEYSTONE_V3" in so-catalog-db-adapter config part, SO will be able to use keystone v3 for OpenStack Issue-ID: OOM-2221 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I14db318d25842a08ef380f6edb708e26dae050ad
2020-02-04[COMMON] Create templates for services and PVSylvain Desbureaux1-1/+1
Proposition of common templates to make service declaration and PV declaration consistent accross OOM. Propositions of templates for sub parties of resource definitions such as metadatas, selector and containerPorts. I've also made an example with cassandra. Change-Id: I8b8aa8eb61dafba75e89add1979114a0eefce243 Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-02-02Merge "Add ONAP core deployment type override"Borislav Glozman1-0/+134
2020-02-01[ONAP-wide] Replace .Release.Name with common.releaseKrzysztof Opasiak3-3/+3
ONAP is too big to be deployed using helm install so we need to use a custom helm plugin helm deploy. This script deloys onap component by component instead of deploying evrything at once. Unfortunately this script also modifies the helm release by appending component name to it. As a result of this behavior our objects are called for example: onap-mariadb-galera-mariadb-galera-0 instead of just being called onap-mariadb-galera-0. This patch simplifies this naming convention by replacing all direct usages of .Release.Name with common.release macro which strips the component specific part from the release name. Issue-ID: OOM-2275 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ia8cead50d305adb00eef666d0a1ace74479b5183
2020-01-29Add ONAP core deployment type overridePawel Wieczorek1-0/+134
This patch makes heavy use of Orange accomplishments [1][2][3]. This deployment override will probably succeed "minimal-onap.yaml" used in e.g. "integration/bootstrap/vagrant-minimal-onap" setup. Cassandra replicaCount is increased to 3 to allow reaching quorum. [1] https://gitlab.com/Orange-OpenSource/lfn/onap/onap_oom_automatic_installation [2] https://wiki.lfnetworking.org/display/LN/Call%20for%20ONAP%20DDF%20Topics%20-%20Prague%202020#CallforONAPDDFTopics-Prague2020-OOM-IntroductionofServicemesh [3] https://wiki.lfnetworking.org/download/attachments/25364127/OOM%20Service%20Mesh%20Prague.pptx Issue-ID: ONAPARC-551 Change-Id: Ibaec41f088f11f7fb4e7c476f742d12d29c5740b Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>