Age | Commit message (Collapse) | Author | Files | Lines |
|
Changed keycloak-init to "authentication"
and moved as root chart
Moved oauth2-proxy to onap-authentication and updated
to version 7.5.4
Use TCL proposal for REALM creation.
Update keycloak-config-cli version to 5.12.0.
Ingress AuthorizationPolicy creation for all defined accessRoles
in the configured realms
Issue-ID: OOM-3292
Issue-ID: OOM-3268
Change-Id: I0901cd416ca5da871931d7cf084cd35c55f804f1
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
|
|
Use the new "service" feature of the readiness image to
resolve startup dependencies.
Issue-ID: OOM-3280
Change-Id: Ia331d51528676744e5e0479d1fd0ca02830c3499
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
|
|
|
|
Update the ReadinessCheck (13.1.0) to support the "services" feature
of readiness image version 6.0.2 and use the feature in the charts
under common (dgbuilder, etcd-init, mariadb-galera, mariadb-init,
postgres-init)
Additional exclude K8S API port (443) from Istio Sidecar communication
to allow CNI Plugin
Issue-ID: OOM-3280
Change-Id: Ibe030aa9debfc82e88f2ce5e309dd6fa2250f211
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
|
|
Currently in ONAP the imagePullSecrets is hardcoded to
'onap-docker-registry-key' which is created by the
repository-wrapper component.
With this change the secrets can be configured via setting
global.imagePullSecrets and optionally per image if it is
configured as map (image.pullSecrets)
Issue-ID: OOM-3284
Change-Id: I8644f9b46043b6014219c42928e057b149df43a4
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
|
|
Some settings are still wrongly interpreted (e.g. 0.02Gi)
Therefor they are changed to non-floating numbers (e.g. 20Mi)
Issue-ID: OOM-3273
Change-Id: Icc88dead1ac5b1df8629d6adcc438a739e20522e
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
|
|
Update all resource settings to the kubernetes recommended
normalized form. Fix ReadinessCheck resource limits.
Issue-ID: OOM-3273
Change-Id: Ie10903b801e4dc1689bcec092162d711a431a7a6
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
|
|
Update Keycloak installation instructions to use keycloakx
(Quarkus based) and update of REALM import
Move the creation of the keycloak-ui ingress setup from helmchart
to documentation.
Issue-ID: OOM-3267
Change-Id: I3c79b05edd488f60a112590584974ba94a8c71a8
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
|
|
Adding specific cpu limits for all oom components
Issue-ID: OOM-3241
Change-Id: I0bbd973d91d11dbb0ffa5848f7c1ed5ebb5f54ba
Signed-off-by: vladimir turok <vladimir.turok@t-systems.com>
|
|
This fix is adjusting OOM helm charts components resources limits and requests
Issue-ID: OOM-3199
Signed-off-by: Vladimir Turok <vladimir.turok@t-systems.com>
Change-Id: I56aeba925cda4984277ac7bbf23cfd158263d30f
|
|
Update chart versions to 13.0.0 for Montreal
Issue-ID: OOM-3173
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: Ie53fd021f01e459c464e44f4459a73ba0b00c172
|
|
As part of the ServiceMesh solution OAuth2-proxy will be used
to enable a central authentication and authorization for ONAP
Service Access.
This patch delivers the function based on oauth2-proxy helmcharts:
https://github.com/oauth2-proxy/manifests/tree/main/helm/oauth2-proxy
Issue-ID: OOM-2489
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: Iafa82813a7b9494cf13d77d47a39fc6030cb919b
|
|
Add the oauth2-proxy client to the ONAP keycloak REALM
Issue-ID: OOM-2489
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I3c38df8ad79a7cdaa87f4b55b1bb38afb18d2c0e
|
|
As part of the ServiceMesh solution Keycloak will be used
to enable a central authentication and authorization for ONAP
Service Access. This chart provides the import of a default
ONAP Realm to an existing Keycloak Instance (alternative
to a combined KC+REALM installation).
It contains clients for the planned portal-ng.
Make all subcomponents selectable
Issue-ID: OOM-3021
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I677a3b9e200299c2cde7774e09db6cf33ac510b7
|
|
Update chart versions 12.0.0 for London
Issue-ID: OOM-3046
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: Ic196235ff4f6ae14a7ecad799bd75a9666b2594a
|
|
Update libraries to fix vulnerabilities
Issue-ID: OOM-2985
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I8ac4a769a791ffb90dfd57358dd839c7a631c403
|
|
Add issuers and self-signed certificates for the Ingress controller
Additionally a new override file is created for Istio Ingress setup
Issue-ID: OOM-3001
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I6da12e54ecc4bbb15e3bcf1aa259e50f5be320b6
|
|
All Makefiles are updated to support SKIP_LINT option,
have a defined order of compilation (common -> components)
to support the parallel compilation of charts using:
make all -j8 (for 8 Jobs). Additionally use cm-push instead
of push to use the new K8S/Helm version
Issue-ID: OOM-3011
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: If9903c9d5bc646b5ce54075acc616e98c4b6706e
|
|
Use version 11.0.0 for Kohn
Issue-ID: OOM-2971
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: Icc0e0839fc6def2035383b5fa4c9153fc15fafda
|
|
cmpv2-cert-provider and oom-cert-service charts changes to make it work with SM
Issue-ID: OOM-2980
Signed-off-by: Radoslaw Chmiel <r.chmiel@partner.samsung.com>
Change-Id: Ib952a6b43136a7dc72bf45b029c864862b2182a4
|
|
Top up cert service container to 2.5.0
Issue-ID: OOM-2903
Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
Change-Id: I297f14b89043f680add508dbf2b636edbc12cb61
|
|
Move all Chart.yaml to use apiVersion: 2
Move dependencies from requirements.yaml to Chart.yaml
Changes to all makeFiles
Changes to helm deploy plugin
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Change-Id: I03c5290eee9e40f76eacbf171e774204cf5fb1c0
Issue-ID: OOM-2845
|
|
Use version 9.0.0 for Istanbul
Also update the doc.
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I03e11799bf487226784c98b04116f005c89d1e70
|
|
Add service account to requirements.yaml,
values.yaml and deployment/statefulset.
Issue-ID: OOM-2726
Signed-off-by: farida azmy <farida.azmy.ext@orange.com>
Co-authored-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6bafed3c621f4e7b1a307bc9338334586eb6795e
Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>
|
|
1. Make changes in order to allow performing KUR/CR in EJBCA:
- Add Certificate Update Admin role
- Enable EndEntityAuthentication module
- Create and set CA with constant UID
- Add configuration for provider.
2. Update CertService, which provides with new certificate update
endpoint.
3. Update release-notes.
Issue-ID: OOM-2753
Issue-ID: OOM-2754
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I9cb0cb4d6d6939ad229a4ea254f2bc35d45a3d52
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
|
|
- Remove unused kube-rbac-proxy container with service
Issue-ID: OOM-2796
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I1c4eb79bc0d4336f24666779ab1efc10e2b484a6
|
|
Added the missing definition for imagePullSecrets in the
deployment.yaml of oom-cert-service, cmpv2-cert-provider
to support the registryGenerator
Issue-ID: OOM-2792
Signed-off-by: andreas-geissler <andreas-geissler@telekom.de>
Change-Id: I6cec6b223515de649606f1daba1dd920a8348213
|
|
|
|
Introduction of chartmuseum as internal repo for
ONAP components to push/pull charts post instantiation
+ Script to preload charts to this repo
Change-Id: I4880900548dfe1d3e47a67b3822f82a15314b5b7
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
Issue-ID: DCAEGEN2-2630
Issue-ID: OOM-2734
Issue-ID: INT-1895
Issue-ID: DCAEGEN2-2694
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
Signed-off-by: vv770d <vv770d@att.com>
|
|
- Remove cmpv2Certificate chart in order to deprecate CertService
client mechanism.
- Remove CertServiceClient init containers in SDNC.
- Replace CMPv2CertManagerIntegration with cmpv2Enabled flag
Issue-ID: OOM-2744
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I8c818fcf64a029552c8833f68b6ae95fad379c8d
|
|
- remove certificate generation deployment
- change certificate secret for provider (from server to client)
- correct documentation
Issue-ID: OOM-2712
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I21a8e277e1fd5f5190c7b67fb6ef97c1b3355230
|
|
Utilize Cert-Manager to secure communication between
Cert-Service and its clients, adjust templates and
configs.
Issue-ID: OOM-2712
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I96426b1a184b4d254575e76d29214d9deda08cce
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
|
|
Updating the documentation and bumping version to 8.0.0
Issue-ID: OOM-1
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6f942f1466fed64264c44fb8fc0e1ffc93a98f18
|
|
Enhance CertServiceAPI response (include CMP server error messages)
Fix KeyUsage extension sent to CMPv2 server
Issue-ID: OOM-2658
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
Change-Id: Ic2c68b85fce08d20e423b316a3234e6f00799a42
|
|
Align Cert Service Api to RFC4210.
Fix Cert Service Client CA_NAME validation.
Fix Cert Service External Provider logging.
Issue-ID: OOM-2656
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I644946b139bd4879e44cdf705eadcc4c2c81a0e2
|
|
Wait for oom-cert-service
Issue-ID: OOM-2560
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: Ie78d1ed0500ff44cb24c7859faa9f6366e93ecd8
|
|
|
|
Cert Service K8s external provider ia a part of certificate distribution infrastructure in ONAP.
The main functionality of the provider is to forward Certificate Signing Requests (CSRs) created by cert-mananger (https://cert-manager.io) to CertServiceAPI.
More information can found on a dedicated page: https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration.
Issue-ID: OOM-2560
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: Ibc94d5db5cac9649d47143406b47ce179beddd14
|
|
Update cert service and cert service client to allow IPAddresses,
E-mails and URIs as SANs.
Update ejbca configuration with IPAddresses, E-mail and URIs.
Fix dcae bp inputs to use comma as SANs delimiter (from to allow
use of IPv6)
Issue-ID: OOM-2559
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I71bea7f63540eb5d345bce6867fa25e098353d6d
|
|
Update charts and requirements to 7.0.0.
Create release notes for Guilin
Update documentation
Issue-ID: OOM-2638
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I965ed6b6ebb7d74bfddaff73edd3dd55a657841c
|
|
Issue-ID: OOM-2588
Signed-off-by: Pawel <pawel.kasperkiewicz@nokia.com>
Change-Id: I978428b63d769c7fa226d8d95a5dbd892630b662
|
|
Change-Id: Iaf5ca63623a72e46f54911c07626da2d145a5762
Issue-ID: OOM-2588
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Add new fake deployment to CertService, controlled by new global flag global.offlineDeployment, which is disabled as default. Change Makefile to use java image from ONAP Nexus for certificate generation.
Signed-off-by: Adam Wudzinski <adam.wudzinski@nokia.com>
Issue-ID: OOM-2588
Change-Id: I2f9fe4b626604c5bfd8512449d893015bdc6ca98
|
|
This commit makes platform chart to use the new generator for repositories and
images.
Issue-ID: OOM-2364
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I95c238eff8e7e166fb4d70d388e7952c2f1c1dd2
|
|
`registry.hub.docker.com` needs authentication now, in contrary to
previous behavior.
As OOM deployments is unauthenticated when using docker hib repository,
all OOM deployments is broken.
`docker.io` seems to be still OK with unauthenticated requests so let's
move to this endpoint.
Issue-ID: OOM-2636
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iea81b882d347124af22b0a9c408081706b1c6c6d
|
|
components directory takes up a lot of
space and is included during helm package
Lets remove it using .helmignore
This is just a copy of idea showed in:
"[OOF] Add helmignore to ignore components"
by krishnaa96 <krishna.moorthy6@wipro.com>
Issue-ID: OOM-2534
Suggested-by: krishnaa96 <krishna.moorthy6@wipro.com>
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I25c82e79ba2c472b7761a63365573188ab8db56b
|
|
Helm is now called by HELM_BIN variable which by default is set to helm
and makefiles use helm from path. HELM_BIN can be overwritten so user
can have two version of helm in system and choose which one to use.
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
Change-Id: I0917796aafe234e87afa0ac3c4c15720296276d5
|
|
|
|
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
Change-Id: I3fbc4b8c29fb8c69be3ee91030a1cb23953c3db8
|
|
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
Change-Id: Ic115d723be9ce6a963ddef8c401eeacc6a38698e
|