aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/platform/components
AgeCommit message (Collapse)AuthorFilesLines
2023-04-17[PLATFORM] Add OAuth2-Proxy to ONAPAndreas Geissler43-6/+1922
As part of the ServiceMesh solution OAuth2-proxy will be used to enable a central authentication and authorization for ONAP Service Access. This patch delivers the function based on oauth2-proxy helmcharts: https://github.com/oauth2-proxy/manifests/tree/main/helm/oauth2-proxy Issue-ID: OOM-2489 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: Iafa82813a7b9494cf13d77d47a39fc6030cb919b
2023-03-24[PLATFORM] Add Oauth2-Proxy client to ONAP RealmAndreas Geissler6-11/+145
Add the oauth2-proxy client to the ONAP keycloak REALM Issue-ID: OOM-2489 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I3c38df8ad79a7cdaa87f4b55b1bb38afb18d2c0e
2023-01-23[PLATFORM] Add Keycloak ONAP REALM importAndreas Geissler14-0/+957
As part of the ServiceMesh solution Keycloak will be used to enable a central authentication and authorization for ONAP Service Access. This chart provides the import of a default ONAP Realm to an existing Keycloak Instance (alternative to a combined KC+REALM installation). It contains clients for the planned portal-ng. Make all subcomponents selectable Issue-ID: OOM-3021 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I677a3b9e200299c2cde7774e09db6cf33ac510b7
2022-11-10[COMMON] Bump ONAP versionAndreas Geissler3-13/+13
Update chart versions 12.0.0 for London Issue-ID: OOM-3046 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: Ic196235ff4f6ae14a7ecad799bd75a9666b2594a
2022-09-28[PLATFROM] Update cert-manager release to 2.6.0Andreas Geissler2-2/+2
Update libraries to fix vulnerabilities Issue-ID: OOM-2985 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I8ac4a769a791ffb90dfd57358dd839c7a631c403
2022-08-23[PLATFORM] Create Ingress Certificates for ServiceMeshAndreas Geissler3-1/+94
Add issuers and self-signed certificates for the Ingress controller Additionally a new override file is created for Istio Ingress setup Issue-ID: OOM-3001 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I6da12e54ecc4bbb15e3bcf1aa259e50f5be320b6
2022-08-17[COMMON] Update Makefiles to enable parallelizationAndreas Geissler1-7/+10
All Makefiles are updated to support SKIP_LINT option, have a defined order of compilation (common -> components) to support the parallel compilation of charts using: make all -j8 (for 8 Jobs). Additionally use cm-push instead of push to use the new K8S/Helm version Issue-ID: OOM-3011 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: If9903c9d5bc646b5ce54075acc616e98c4b6706e
2022-06-24[COMMON] Bump ONAP versionAndreas Geissler3-13/+13
Use version 11.0.0 for Kohn Issue-ID: OOM-2971 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: Icc0e0839fc6def2035383b5fa4c9153fc15fafda
2022-06-03[PLATFORM] Platform ServiceMesh compatibilityRadoslaw Chmiel2-0/+20
cmpv2-cert-provider and oom-cert-service charts changes to make it work with SM Issue-ID: OOM-2980 Signed-off-by: Radoslaw Chmiel <r.chmiel@partner.samsung.com> Change-Id: Ib952a6b43136a7dc72bf45b029c864862b2182a4
2022-01-19[OOM-CERT-SERVICE][DCAE] Top up Cert Service containersTomasz Wrobel2-2/+2
Top up cert service container to 2.5.0 Issue-ID: OOM-2903 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com> Change-Id: I297f14b89043f680add508dbf2b636edbc12cb61
2021-12-07[GLOBAL] Migrate to helm v3efiacor7-86/+47
Move all Chart.yaml to use apiVersion: 2 Move dependencies from requirements.yaml to Chart.yaml Changes to all makeFiles Changes to helm deploy plugin Signed-off-by: efiacor <fiachra.corcoran@est.tech> Change-Id: I03c5290eee9e40f76eacbf171e774204cf5fb1c0 Issue-ID: OOM-2845
2021-10-15[COMMON] Bump ONAP versionSylvain Desbureaux6-16/+21
Use version 9.0.0 for Istanbul Also update the doc. Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I03e11799bf487226784c98b04116f005c89d1e70
2021-10-10[DCAEGEN2] Update chart with service accountfarida azmy1-1/+1
Add service account to requirements.yaml, values.yaml and deployment/statefulset. Issue-ID: OOM-2726 Signed-off-by: farida azmy <farida.azmy.ext@orange.com> Co-authored-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6bafed3c621f4e7b1a307bc9338334586eb6795e Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>
2021-09-06[CONTRIB] Introduce certificate update use case in CertServicePiotr Marcinkiewicz5-6/+11
1. Make changes in order to allow performing KUR/CR in EJBCA: - Add Certificate Update Admin role - Enable EndEntityAuthentication module - Create and set CA with constant UID - Add configuration for provider. 2. Update CertService, which provides with new certificate update endpoint. 3. Update release-notes. Issue-ID: OOM-2753 Issue-ID: OOM-2754 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I9cb0cb4d6d6939ad229a4ea254f2bc35d45a3d52 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
2021-08-13[PLATFORM][CMPV2-CERT-PROVIDER] Remove kube-rbac-proxyPiotr Marcinkiewicz3-78/+2
- Remove unused kube-rbac-proxy container with service Issue-ID: OOM-2796 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I1c4eb79bc0d4336f24666779ab1efc10e2b484a6
2021-07-19[PLATFORM] Added imagePullSecrets to common template filesandreas-geissler2-0/+4
Added the missing definition for imagePullSecrets in the deployment.yaml of oom-cert-service, cmpv2-cert-provider to support the registryGenerator Issue-ID: OOM-2792 Signed-off-by: andreas-geissler <andreas-geissler@telekom.de> Change-Id: I6cec6b223515de649606f1daba1dd920a8348213
2021-06-23Merge "[OOM][DCAE] Chartmuseum deployment support"Sylvain Desbureaux8-0/+310
2021-06-21[OOM][DCAE] Chartmuseum deployment supportVijay Venkatesh Kumar8-0/+310
Introduction of chartmuseum as internal repo for ONAP components to push/pull charts post instantiation + Script to preload charts to this repo Change-Id: I4880900548dfe1d3e47a67b3822f82a15314b5b7 Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com> Issue-ID: DCAEGEN2-2630 Issue-ID: OOM-2734 Issue-ID: INT-1895 Issue-ID: DCAEGEN2-2694 Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com> Signed-off-by: vv770d <vv770d@att.com>
2021-06-08[COMMON] Remove CertService client mechanismPiotr Marcinkiewicz5-5/+4
- Remove cmpv2Certificate chart in order to deprecate CertService client mechanism. - Remove CertServiceClient init containers in SDNC. - Replace CMPv2CertManagerIntegration with cmpv2Enabled flag Issue-ID: OOM-2744 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I8c818fcf64a029552c8833f68b6ae95fad379c8d
2021-05-10[PLATFORM] Remove certificate generation deploymentPiotr Marcinkiewicz3-36/+1
- remove certificate generation deployment - change certificate secret for provider (from server to client) - correct documentation Issue-ID: OOM-2712 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I21a8e277e1fd5f5190c7b67fb6ef97c1b3355230
2021-04-22[PLATFORM] Generate Cert-Service certs with Cert-ManagerPiotr Marcinkiewicz8-250/+143
Utilize Cert-Manager to secure communication between Cert-Service and its clients, adjust templates and configs. Issue-ID: OOM-2712 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I96426b1a184b4d254575e76d29214d9deda08cce Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
2021-03-24[DOC][COMMON] Prepare Honolulu releaseSylvain Desbureaux4-6/+6
Updating the documentation and bumping version to 8.0.0 Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6f942f1466fed64264c44fb8fc0e1ffc93a98f18
2021-01-27[PLATFORM] Update cert service images to 2.3.3Joanna Jeremicz1-2/+2
Enhance CertServiceAPI response (include CMP server error messages) Fix KeyUsage extension sent to CMPv2 server Issue-ID: OOM-2658 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com> Change-Id: Ic2c68b85fce08d20e423b316a3234e6f00799a42
2021-01-06[PLATFORM] Update cert service images to 2.3.2Remigiusz Janeczek2-2/+2
Align Cert Service Api to RFC4210. Fix Cert Service Client CA_NAME validation. Fix Cert Service External Provider logging. Issue-ID: OOM-2656 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I644946b139bd4879e44cdf705eadcc4c2c81a0e2
2020-12-15[CMPV2] Add readiness checkJan Malkiewicz3-0/+9
Wait for oom-cert-service Issue-ID: OOM-2560 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: Ie78d1ed0500ff44cb24c7859faa9f6366e93ecd8
2020-12-04Merge "[CMPv2-CERT-PROVIDER] Add helm chart for K8s external provider"Sylvain Desbureaux15-6/+644
2020-12-03[CMPv2-CERT-PROVIDER] Add helm chart for K8s external providerJan Malkiewicz15-6/+644
Cert Service K8s external provider ia a part of certificate distribution infrastructure in ONAP. The main functionality of the provider is to forward Certificate Signing Requests (CSRs) created by cert-mananger (https://cert-manager.io) to CertServiceAPI. More information can found on a dedicated page: https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration. Issue-ID: OOM-2560 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: Ibc94d5db5cac9649d47143406b47ce179beddd14
2020-12-02[PLATFORM] Update cert service images to 2.3.1Remigiusz Janeczek1-1/+1
Update cert service and cert service client to allow IPAddresses, E-mails and URIs as SANs. Update ejbca configuration with IPAddresses, E-mail and URIs. Fix dcae bp inputs to use comma as SANs delimiter (from to allow use of IPv6) Issue-ID: OOM-2559 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I71bea7f63540eb5d345bce6867fa25e098353d6d
2020-11-30[COMMON][DOC] Bump version GuilinSylvain Desbureaux2-3/+3
Update charts and requirements to 7.0.0. Create release notes for Guilin Update documentation Issue-ID: OOM-2638 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I965ed6b6ebb7d74bfddaff73edd3dd55a657841c
2020-11-27[PLATFORM] Small fix of name of the userPawel1-2/+2
Issue-ID: OOM-2588 Signed-off-by: Pawel <pawel.kasperkiewicz@nokia.com> Change-Id: I978428b63d769c7fa226d8d95a5dbd892630b662
2020-11-25Fix "fake" deployment image nameBartek Grzybowski1-1/+1
Change-Id: Iaf5ca63623a72e46f54911c07626da2d145a5762 Issue-ID: OOM-2588 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2020-11-23[PLATFORM] Add new fake deployment to fix offline certificates generationAdam Wudzinski3-3/+44
Add new fake deployment to CertService, controlled by new global flag global.offlineDeployment, which is disabled as default. Change Makefile to use java image from ONAP Nexus for certificate generation. Signed-off-by: Adam Wudzinski <adam.wudzinski@nokia.com> Issue-ID: OOM-2588 Change-Id: I2f9fe4b626604c5bfd8512449d893015bdc6ca98
2020-11-21[PLATFORM] Uses new tpls for repos / imagesSylvain Desbureaux3-18/+7
This commit makes platform chart to use the new generator for repositories and images. Issue-ID: OOM-2364 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I95c238eff8e7e166fb4d70d388e7952c2f1c1dd2
2020-11-20[GENERIC] move from registry.hub.docker.com to docker.ioSylvain Desbureaux1-2/+2
`registry.hub.docker.com` needs authentication now, in contrary to previous behavior. As OOM deployments is unauthenticated when using docker hib repository, all OOM deployments is broken. `docker.io` seems to be still OK with unauthenticated requests so let's move to this endpoint. Issue-ID: OOM-2636 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Iea81b882d347124af22b0a9c408081706b1c6c6d
2020-10-16Update makefiles to use specific helm versionJakub Latusek1-6/+7
Helm is now called by HELM_BIN variable which by default is set to helm and makefiles use helm from path. HELM_BIN can be overwritten so user can have two version of helm in system and choose which one to use. Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: I0917796aafe234e87afa0ac3c4c15720296276d5
2020-09-30Merge "[PLATFORM] Use helm-push plugin"Sylvain Desbureaux1-0/+5
2020-09-28[PLATFORM] Change yaml comment to helm commentJakub Latusek3-6/+6
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: I3fbc4b8c29fb8c69be3ee91030a1cb23953c3db8
2020-09-28[PLATFORM] Use helm-push pluginJakub Latusek1-0/+5
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: Ic115d723be9ce6a963ddef8c401eeacc6a38698e
2020-09-25Merge "[DCAEGEN2][OOM] Update k8splugin configs"Sylvain Desbureaux1-1/+1
2020-09-24Merge "[OOM] Automate certificate generation for CMPv2 Cert Service"Sylvain Desbureaux6-33/+148
2020-09-24[DCAEGEN2][OOM] Update k8splugin configsJan Malkiewicz1-1/+1
Top up certservice-api image Update config for k8splugin 3.4.1: - update images of certservice-client - add certservice-client secret name to config - add certservice-post-processor image to config CertPostProcessor is an application which appends CMPv2 truststore entries to AAF CertMan truststore and allows swapping AAF CertMan keystore for CMPv2 keystore. Issue-ID: DCAEGEN2-2253 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: Icc7020d8e1431f4ba2f49206b84bf3930d3c2c23
2020-09-24[OOM] Automate certificate generation for CMPv2 Cert ServicePawel Kasperkiewicz6-33/+148
Add Makefiles to automatically and dynamically generate certificates, for CertService TLS communication. Makefiles are executed automatically during making project. Makefile uses docker container to generate certificates, because openssl and keytool is needed, so this solution was choosed to not add additional requirements for RKE Node. Certificates generated in docker container are mounted to resources directory. Removed hardcoded certificates as they are no longer needed. Issue-ID: OOM-2526 Signed-off-by: Pawel <pawel.kasperkiewicz@nokia.com> Change-Id: Ide350ee50a1d458d798ca655f7e83bac4096121c
2020-09-21[SDNC] Deploy external TLC cert in ODLegernug1-0/+1
Changes for 111973 Issue-ID: SDNC-1136 Signed-off-by: esobmar <mariusz.sobucki@est.tech> Change-Id: If185ee3658b8f51a969bb3505f8bfb163cfea2a3 Signed-off-by: egernug <gerard.nugent@est.tech> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> [Access EJBCA secret from cert service] Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-09-18[OOM] Moving cert-service to platformMaciej Malewski15-0/+525
aaf-cert-service has been renamed to oom-cert-service and moved from oom/kubernetes/aaf/components to oom/kubernetes/platform/components. All aaf-cert-service references have been replaced with oom-cert-service. Issue-ID: OOM-2526 Change-Id: I70ef4bf3ee7085a5ef7075bde68eb0ea0a95ebf7 Signed-off-by: Maciej Malewski <maciej.malewski@nokia.com>