Age | Commit message (Collapse) | Author | Files | Lines |
|
As part of the ServiceMesh solution OAuth2-proxy will be used
to enable a central authentication and authorization for ONAP
Service Access.
This patch delivers the function based on oauth2-proxy helmcharts:
https://github.com/oauth2-proxy/manifests/tree/main/helm/oauth2-proxy
Issue-ID: OOM-2489
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: Iafa82813a7b9494cf13d77d47a39fc6030cb919b
|
|
Add the oauth2-proxy client to the ONAP keycloak REALM
Issue-ID: OOM-2489
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I3c38df8ad79a7cdaa87f4b55b1bb38afb18d2c0e
|
|
As part of the ServiceMesh solution Keycloak will be used
to enable a central authentication and authorization for ONAP
Service Access. This chart provides the import of a default
ONAP Realm to an existing Keycloak Instance (alternative
to a combined KC+REALM installation).
It contains clients for the planned portal-ng.
Make all subcomponents selectable
Issue-ID: OOM-3021
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I677a3b9e200299c2cde7774e09db6cf33ac510b7
|
|
Update chart versions 12.0.0 for London
Issue-ID: OOM-3046
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: Ic196235ff4f6ae14a7ecad799bd75a9666b2594a
|
|
Update libraries to fix vulnerabilities
Issue-ID: OOM-2985
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I8ac4a769a791ffb90dfd57358dd839c7a631c403
|
|
Add issuers and self-signed certificates for the Ingress controller
Additionally a new override file is created for Istio Ingress setup
Issue-ID: OOM-3001
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I6da12e54ecc4bbb15e3bcf1aa259e50f5be320b6
|
|
All Makefiles are updated to support SKIP_LINT option,
have a defined order of compilation (common -> components)
to support the parallel compilation of charts using:
make all -j8 (for 8 Jobs). Additionally use cm-push instead
of push to use the new K8S/Helm version
Issue-ID: OOM-3011
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: If9903c9d5bc646b5ce54075acc616e98c4b6706e
|
|
Use version 11.0.0 for Kohn
Issue-ID: OOM-2971
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: Icc0e0839fc6def2035383b5fa4c9153fc15fafda
|
|
cmpv2-cert-provider and oom-cert-service charts changes to make it work with SM
Issue-ID: OOM-2980
Signed-off-by: Radoslaw Chmiel <r.chmiel@partner.samsung.com>
Change-Id: Ib952a6b43136a7dc72bf45b029c864862b2182a4
|
|
Top up cert service container to 2.5.0
Issue-ID: OOM-2903
Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
Change-Id: I297f14b89043f680add508dbf2b636edbc12cb61
|
|
Move all Chart.yaml to use apiVersion: 2
Move dependencies from requirements.yaml to Chart.yaml
Changes to all makeFiles
Changes to helm deploy plugin
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Change-Id: I03c5290eee9e40f76eacbf171e774204cf5fb1c0
Issue-ID: OOM-2845
|
|
Use version 9.0.0 for Istanbul
Also update the doc.
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I03e11799bf487226784c98b04116f005c89d1e70
|
|
Add service account to requirements.yaml,
values.yaml and deployment/statefulset.
Issue-ID: OOM-2726
Signed-off-by: farida azmy <farida.azmy.ext@orange.com>
Co-authored-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6bafed3c621f4e7b1a307bc9338334586eb6795e
Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>
|
|
1. Make changes in order to allow performing KUR/CR in EJBCA:
- Add Certificate Update Admin role
- Enable EndEntityAuthentication module
- Create and set CA with constant UID
- Add configuration for provider.
2. Update CertService, which provides with new certificate update
endpoint.
3. Update release-notes.
Issue-ID: OOM-2753
Issue-ID: OOM-2754
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I9cb0cb4d6d6939ad229a4ea254f2bc35d45a3d52
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
|
|
- Remove unused kube-rbac-proxy container with service
Issue-ID: OOM-2796
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I1c4eb79bc0d4336f24666779ab1efc10e2b484a6
|
|
Added the missing definition for imagePullSecrets in the
deployment.yaml of oom-cert-service, cmpv2-cert-provider
to support the registryGenerator
Issue-ID: OOM-2792
Signed-off-by: andreas-geissler <andreas-geissler@telekom.de>
Change-Id: I6cec6b223515de649606f1daba1dd920a8348213
|
|
|
|
Introduction of chartmuseum as internal repo for
ONAP components to push/pull charts post instantiation
+ Script to preload charts to this repo
Change-Id: I4880900548dfe1d3e47a67b3822f82a15314b5b7
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
Issue-ID: DCAEGEN2-2630
Issue-ID: OOM-2734
Issue-ID: INT-1895
Issue-ID: DCAEGEN2-2694
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
Signed-off-by: vv770d <vv770d@att.com>
|
|
- Remove cmpv2Certificate chart in order to deprecate CertService
client mechanism.
- Remove CertServiceClient init containers in SDNC.
- Replace CMPv2CertManagerIntegration with cmpv2Enabled flag
Issue-ID: OOM-2744
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I8c818fcf64a029552c8833f68b6ae95fad379c8d
|
|
- remove certificate generation deployment
- change certificate secret for provider (from server to client)
- correct documentation
Issue-ID: OOM-2712
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I21a8e277e1fd5f5190c7b67fb6ef97c1b3355230
|
|
Utilize Cert-Manager to secure communication between
Cert-Service and its clients, adjust templates and
configs.
Issue-ID: OOM-2712
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I96426b1a184b4d254575e76d29214d9deda08cce
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
|
|
Updating the documentation and bumping version to 8.0.0
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6f942f1466fed64264c44fb8fc0e1ffc93a98f18
|
|
Enhance CertServiceAPI response (include CMP server error messages)
Fix KeyUsage extension sent to CMPv2 server
Issue-ID: OOM-2658
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
Change-Id: Ic2c68b85fce08d20e423b316a3234e6f00799a42
|
|
Align Cert Service Api to RFC4210.
Fix Cert Service Client CA_NAME validation.
Fix Cert Service External Provider logging.
Issue-ID: OOM-2656
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I644946b139bd4879e44cdf705eadcc4c2c81a0e2
|
|
Wait for oom-cert-service
Issue-ID: OOM-2560
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: Ie78d1ed0500ff44cb24c7859faa9f6366e93ecd8
|
|
|
|
Cert Service K8s external provider ia a part of certificate distribution infrastructure in ONAP.
The main functionality of the provider is to forward Certificate Signing Requests (CSRs) created by cert-mananger (https://cert-manager.io) to CertServiceAPI.
More information can found on a dedicated page: https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration.
Issue-ID: OOM-2560
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: Ibc94d5db5cac9649d47143406b47ce179beddd14
|
|
Update cert service and cert service client to allow IPAddresses,
E-mails and URIs as SANs.
Update ejbca configuration with IPAddresses, E-mail and URIs.
Fix dcae bp inputs to use comma as SANs delimiter (from to allow
use of IPv6)
Issue-ID: OOM-2559
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I71bea7f63540eb5d345bce6867fa25e098353d6d
|
|
Update charts and requirements to 7.0.0.
Create release notes for Guilin
Update documentation
Issue-ID: OOM-2638
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I965ed6b6ebb7d74bfddaff73edd3dd55a657841c
|
|
Issue-ID: OOM-2588
Signed-off-by: Pawel <pawel.kasperkiewicz@nokia.com>
Change-Id: I978428b63d769c7fa226d8d95a5dbd892630b662
|
|
Change-Id: Iaf5ca63623a72e46f54911c07626da2d145a5762
Issue-ID: OOM-2588
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Add new fake deployment to CertService, controlled by new global flag global.offlineDeployment, which is disabled as default. Change Makefile to use java image from ONAP Nexus for certificate generation.
Signed-off-by: Adam Wudzinski <adam.wudzinski@nokia.com>
Issue-ID: OOM-2588
Change-Id: I2f9fe4b626604c5bfd8512449d893015bdc6ca98
|
|
This commit makes platform chart to use the new generator for repositories and
images.
Issue-ID: OOM-2364
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I95c238eff8e7e166fb4d70d388e7952c2f1c1dd2
|
|
`registry.hub.docker.com` needs authentication now, in contrary to
previous behavior.
As OOM deployments is unauthenticated when using docker hib repository,
all OOM deployments is broken.
`docker.io` seems to be still OK with unauthenticated requests so let's
move to this endpoint.
Issue-ID: OOM-2636
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iea81b882d347124af22b0a9c408081706b1c6c6d
|
|
components directory takes up a lot of
space and is included during helm package
Lets remove it using .helmignore
This is just a copy of idea showed in:
"[OOF] Add helmignore to ignore components"
by krishnaa96 <krishna.moorthy6@wipro.com>
Issue-ID: OOM-2534
Suggested-by: krishnaa96 <krishna.moorthy6@wipro.com>
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I25c82e79ba2c472b7761a63365573188ab8db56b
|
|
Helm is now called by HELM_BIN variable which by default is set to helm
and makefiles use helm from path. HELM_BIN can be overwritten so user
can have two version of helm in system and choose which one to use.
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
Change-Id: I0917796aafe234e87afa0ac3c4c15720296276d5
|
|
|
|
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
Change-Id: I3fbc4b8c29fb8c69be3ee91030a1cb23953c3db8
|
|
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
Change-Id: Ic115d723be9ce6a963ddef8c401eeacc6a38698e
|
|
|
|
|
|
Top up certservice-api image
Update config for k8splugin 3.4.1:
- update images of certservice-client
- add certservice-client secret name to config
- add certservice-post-processor image to config
CertPostProcessor is an application which appends CMPv2
truststore entries to AAF CertMan truststore and allows
swapping AAF CertMan keystore for CMPv2 keystore.
Issue-ID: DCAEGEN2-2253
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: Icc7020d8e1431f4ba2f49206b84bf3930d3c2c23
|
|
Add Makefiles to automatically and dynamically generate certificates, for CertService TLS communication. Makefiles are executed automatically during making project.
Makefile uses docker container to generate certificates, because openssl and keytool is needed, so this solution was choosed to not add additional requirements for RKE Node.
Certificates generated in docker container are mounted to resources directory. Removed hardcoded certificates as they are no longer needed.
Issue-ID: OOM-2526
Signed-off-by: Pawel <pawel.kasperkiewicz@nokia.com>
Change-Id: Ide350ee50a1d458d798ca655f7e83bac4096121c
|
|
Changes for 111973
Issue-ID: SDNC-1136
Signed-off-by: esobmar <mariusz.sobucki@est.tech>
Change-Id: If185ee3658b8f51a969bb3505f8bfb163cfea2a3
Signed-off-by: egernug <gerard.nugent@est.tech>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
[Access EJBCA secret from cert service]
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
aaf-cert-service has been renamed to oom-cert-service and moved from oom/kubernetes/aaf/components to oom/kubernetes/platform/components.
All aaf-cert-service references have been replaced with oom-cert-service.
Issue-ID: OOM-2526
Change-Id: I70ef4bf3ee7085a5ef7075bde68eb0ea0a95ebf7
Signed-off-by: Maciej Malewski <maciej.malewski@nokia.com>
|