aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/platform/components/oom-cert-service
AgeCommit message (Collapse)AuthorFilesLines
2024-04-11[COMMON] Update all ReadinessChecksAndreas Geissler1-1/+1
Use the new "service" feature of the readiness image to resolve startup dependencies. Issue-ID: OOM-3280 Change-Id: Ia331d51528676744e5e0479d1fd0ca02830c3499 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2024-03-20[COMMON] Make imagePullSecrets configurableAndreas Geissler1-2/+1
Currently in ONAP the imagePullSecrets is hardcoded to 'onap-docker-registry-key' which is created by the repository-wrapper component. With this change the secrets can be configured via setting global.imagePullSecrets and optionally per image if it is configured as map (image.pullSecrets) Issue-ID: OOM-3284 Change-Id: I8644f9b46043b6014219c42928e057b149df43a4 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2024-03-14[COMMON] Harmonize resource settings, Part 2Andreas Geissler2-4/+4
Some settings are still wrongly interpreted (e.g. 0.02Gi) Therefor they are changed to non-floating numbers (e.g. 20Mi) Issue-ID: OOM-3273 Change-Id: Icc88dead1ac5b1df8629d6adcc438a739e20522e Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2024-02-28[COMMON] Harmonize resource settingsAndreas Geissler2-8/+15
Update all resource settings to the kubernetes recommended normalized form. Fix ReadinessCheck resource limits. Issue-ID: OOM-3273 Change-Id: Ie10903b801e4dc1689bcec092162d711a431a7a6 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2023-10-18[OOM] Fixing k8s cpu limitsvladimir turok1-2/+2
Adding specific cpu limits for all oom components Issue-ID: OOM-3241 Change-Id: I0bbd973d91d11dbb0ffa5848f7c1ed5ebb5f54ba Signed-off-by: vladimir turok <vladimir.turok@t-systems.com>
2023-07-14[OOM] Fixing k8s resources and limitsAndreas Geissler1-7/+7
This fix is adjusting OOM helm charts components resources limits and requests Issue-ID: OOM-3199 Signed-off-by: Vladimir Turok <vladimir.turok@t-systems.com> Change-Id: I56aeba925cda4984277ac7bbf23cfd158263d30f
2023-06-29[COMMON] Bump ONAP versionAndreas Geissler1-5/+5
Update chart versions to 13.0.0 for Montreal Issue-ID: OOM-3173 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: Ie53fd021f01e459c464e44f4459a73ba0b00c172
2022-11-10[COMMON] Bump ONAP versionAndreas Geissler1-5/+5
Update chart versions 12.0.0 for London Issue-ID: OOM-3046 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: Ic196235ff4f6ae14a7ecad799bd75a9666b2594a
2022-09-28[PLATFROM] Update cert-manager release to 2.6.0Andreas Geissler1-1/+1
Update libraries to fix vulnerabilities Issue-ID: OOM-2985 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I8ac4a769a791ffb90dfd57358dd839c7a631c403
2022-08-23[PLATFORM] Create Ingress Certificates for ServiceMeshAndreas Geissler3-1/+94
Add issuers and self-signed certificates for the Ingress controller Additionally a new override file is created for Istio Ingress setup Issue-ID: OOM-3001 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I6da12e54ecc4bbb15e3bcf1aa259e50f5be320b6
2022-06-24[COMMON] Bump ONAP versionAndreas Geissler1-5/+5
Use version 11.0.0 for Kohn Issue-ID: OOM-2971 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: Icc0e0839fc6def2035383b5fa4c9153fc15fafda
2022-06-03[PLATFORM] Platform ServiceMesh compatibilityRadoslaw Chmiel1-0/+10
cmpv2-cert-provider and oom-cert-service charts changes to make it work with SM Issue-ID: OOM-2980 Signed-off-by: Radoslaw Chmiel <r.chmiel@partner.samsung.com> Change-Id: Ib952a6b43136a7dc72bf45b029c864862b2182a4
2022-01-19[OOM-CERT-SERVICE][DCAE] Top up Cert Service containersTomasz Wrobel1-1/+1
Top up cert service container to 2.5.0 Issue-ID: OOM-2903 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com> Change-Id: I297f14b89043f680add508dbf2b636edbc12cb61
2021-12-07[GLOBAL] Migrate to helm v3efiacor2-29/+17
Move all Chart.yaml to use apiVersion: 2 Move dependencies from requirements.yaml to Chart.yaml Changes to all makeFiles Changes to helm deploy plugin Signed-off-by: efiacor <fiachra.corcoran@est.tech> Change-Id: I03c5290eee9e40f76eacbf171e774204cf5fb1c0 Issue-ID: OOM-2845
2021-10-15[COMMON] Bump ONAP versionSylvain Desbureaux2-7/+8
Use version 9.0.0 for Istanbul Also update the doc. Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I03e11799bf487226784c98b04116f005c89d1e70
2021-10-10[DCAEGEN2] Update chart with service accountfarida azmy1-1/+1
Add service account to requirements.yaml, values.yaml and deployment/statefulset. Issue-ID: OOM-2726 Signed-off-by: farida azmy <farida.azmy.ext@orange.com> Co-authored-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6bafed3c621f4e7b1a307bc9338334586eb6795e Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>
2021-09-06[CONTRIB] Introduce certificate update use case in CertServicePiotr Marcinkiewicz2-4/+4
1. Make changes in order to allow performing KUR/CR in EJBCA: - Add Certificate Update Admin role - Enable EndEntityAuthentication module - Create and set CA with constant UID - Add configuration for provider. 2. Update CertService, which provides with new certificate update endpoint. 3. Update release-notes. Issue-ID: OOM-2753 Issue-ID: OOM-2754 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I9cb0cb4d6d6939ad229a4ea254f2bc35d45a3d52 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
2021-07-19[PLATFORM] Added imagePullSecrets to common template filesandreas-geissler1-0/+2
Added the missing definition for imagePullSecrets in the deployment.yaml of oom-cert-service, cmpv2-cert-provider to support the registryGenerator Issue-ID: OOM-2792 Signed-off-by: andreas-geissler <andreas-geissler@telekom.de> Change-Id: I6cec6b223515de649606f1daba1dd920a8348213
2021-05-10[PLATFORM] Remove certificate generation deploymentPiotr Marcinkiewicz2-35/+0
- remove certificate generation deployment - change certificate secret for provider (from server to client) - correct documentation Issue-ID: OOM-2712 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I21a8e277e1fd5f5190c7b67fb6ef97c1b3355230
2021-04-22[PLATFORM] Generate Cert-Service certs with Cert-ManagerPiotr Marcinkiewicz7-246/+139
Utilize Cert-Manager to secure communication between Cert-Service and its clients, adjust templates and configs. Issue-ID: OOM-2712 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I96426b1a184b4d254575e76d29214d9deda08cce Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
2021-03-24[DOC][COMMON] Prepare Honolulu releaseSylvain Desbureaux2-3/+3
Updating the documentation and bumping version to 8.0.0 Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6f942f1466fed64264c44fb8fc0e1ffc93a98f18
2021-01-27[PLATFORM] Update cert service images to 2.3.3Joanna Jeremicz1-2/+2
Enhance CertServiceAPI response (include CMP server error messages) Fix KeyUsage extension sent to CMPv2 server Issue-ID: OOM-2658 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com> Change-Id: Ic2c68b85fce08d20e423b316a3234e6f00799a42
2021-01-06[PLATFORM] Update cert service images to 2.3.2Remigiusz Janeczek1-1/+1
Align Cert Service Api to RFC4210. Fix Cert Service Client CA_NAME validation. Fix Cert Service External Provider logging. Issue-ID: OOM-2656 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I644946b139bd4879e44cdf705eadcc4c2c81a0e2
2020-12-04Merge "[CMPv2-CERT-PROVIDER] Add helm chart for K8s external provider"Sylvain Desbureaux6-6/+60
2020-12-03[CMPv2-CERT-PROVIDER] Add helm chart for K8s external providerJan Malkiewicz6-6/+60
Cert Service K8s external provider ia a part of certificate distribution infrastructure in ONAP. The main functionality of the provider is to forward Certificate Signing Requests (CSRs) created by cert-mananger (https://cert-manager.io) to CertServiceAPI. More information can found on a dedicated page: https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration. Issue-ID: OOM-2560 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: Ibc94d5db5cac9649d47143406b47ce179beddd14
2020-12-02[PLATFORM] Update cert service images to 2.3.1Remigiusz Janeczek1-1/+1
Update cert service and cert service client to allow IPAddresses, E-mails and URIs as SANs. Update ejbca configuration with IPAddresses, E-mail and URIs. Fix dcae bp inputs to use comma as SANs delimiter (from to allow use of IPv6) Issue-ID: OOM-2559 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I71bea7f63540eb5d345bce6867fa25e098353d6d
2020-11-30[COMMON][DOC] Bump version GuilinSylvain Desbureaux2-3/+3
Update charts and requirements to 7.0.0. Create release notes for Guilin Update documentation Issue-ID: OOM-2638 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I965ed6b6ebb7d74bfddaff73edd3dd55a657841c
2020-11-27[PLATFORM] Small fix of name of the userPawel1-2/+2
Issue-ID: OOM-2588 Signed-off-by: Pawel <pawel.kasperkiewicz@nokia.com> Change-Id: I978428b63d769c7fa226d8d95a5dbd892630b662
2020-11-25Fix "fake" deployment image nameBartek Grzybowski1-1/+1
Change-Id: Iaf5ca63623a72e46f54911c07626da2d145a5762 Issue-ID: OOM-2588 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2020-11-23[PLATFORM] Add new fake deployment to fix offline certificates generationAdam Wudzinski3-3/+44
Add new fake deployment to CertService, controlled by new global flag global.offlineDeployment, which is disabled as default. Change Makefile to use java image from ONAP Nexus for certificate generation. Signed-off-by: Adam Wudzinski <adam.wudzinski@nokia.com> Issue-ID: OOM-2588 Change-Id: I2f9fe4b626604c5bfd8512449d893015bdc6ca98
2020-11-21[PLATFORM] Uses new tpls for repos / imagesSylvain Desbureaux3-18/+7
This commit makes platform chart to use the new generator for repositories and images. Issue-ID: OOM-2364 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I95c238eff8e7e166fb4d70d388e7952c2f1c1dd2
2020-11-20[GENERIC] move from registry.hub.docker.com to docker.ioSylvain Desbureaux1-2/+2
`registry.hub.docker.com` needs authentication now, in contrary to previous behavior. As OOM deployments is unauthenticated when using docker hib repository, all OOM deployments is broken. `docker.io` seems to be still OK with unauthenticated requests so let's move to this endpoint. Issue-ID: OOM-2636 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Iea81b882d347124af22b0a9c408081706b1c6c6d
2020-09-28[PLATFORM] Change yaml comment to helm commentJakub Latusek3-6/+6
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: I3fbc4b8c29fb8c69be3ee91030a1cb23953c3db8
2020-09-25Merge "[DCAEGEN2][OOM] Update k8splugin configs"Sylvain Desbureaux1-1/+1
2020-09-24Merge "[OOM] Automate certificate generation for CMPv2 Cert Service"Sylvain Desbureaux6-33/+148
2020-09-24[DCAEGEN2][OOM] Update k8splugin configsJan Malkiewicz1-1/+1
Top up certservice-api image Update config for k8splugin 3.4.1: - update images of certservice-client - add certservice-client secret name to config - add certservice-post-processor image to config CertPostProcessor is an application which appends CMPv2 truststore entries to AAF CertMan truststore and allows swapping AAF CertMan keystore for CMPv2 keystore. Issue-ID: DCAEGEN2-2253 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: Icc7020d8e1431f4ba2f49206b84bf3930d3c2c23
2020-09-24[OOM] Automate certificate generation for CMPv2 Cert ServicePawel Kasperkiewicz6-33/+148
Add Makefiles to automatically and dynamically generate certificates, for CertService TLS communication. Makefiles are executed automatically during making project. Makefile uses docker container to generate certificates, because openssl and keytool is needed, so this solution was choosed to not add additional requirements for RKE Node. Certificates generated in docker container are mounted to resources directory. Removed hardcoded certificates as they are no longer needed. Issue-ID: OOM-2526 Signed-off-by: Pawel <pawel.kasperkiewicz@nokia.com> Change-Id: Ide350ee50a1d458d798ca655f7e83bac4096121c
2020-09-21[SDNC] Deploy external TLC cert in ODLegernug1-0/+1
Changes for 111973 Issue-ID: SDNC-1136 Signed-off-by: esobmar <mariusz.sobucki@est.tech> Change-Id: If185ee3658b8f51a969bb3505f8bfb163cfea2a3 Signed-off-by: egernug <gerard.nugent@est.tech> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> [Access EJBCA secret from cert service] Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-09-18[OOM] Moving cert-service to platformMaciej Malewski14-0/+474
aaf-cert-service has been renamed to oom-cert-service and moved from oom/kubernetes/aaf/components to oom/kubernetes/platform/components. All aaf-cert-service references have been replaced with oom-cert-service. Issue-ID: OOM-2526 Change-Id: I70ef4bf3ee7085a5ef7075bde68eb0ea0a95ebf7 Signed-off-by: Maciej Malewski <maciej.malewski@nokia.com>