aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/platform
AgeCommit message (Collapse)AuthorFilesLines
2024-07-05[COMMON] Fix Kyverno PoliciesAndreas Geissler1-15/+0
common: - Add settings to common pod templates and fix Cassandra serviceMesh and MariaDB operator templates - Added template for mongodb - Empty lines to files added readinessCheck: - Add missing security settings mariadb-init: - add security settings in job cassandra: - Empty lines added to files mongodb: - make emptyDir volume size configurable others: - update chart dependency for mongodb in components - fix linter errors in all files Issue-ID: OOM-3295 Issue-ID: OOM-3296 Change-Id: Ieb64be337013e0477f7aaca9c75bb6a3f3264848 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2024-06-05[AUTHENTICATION] Restructured keycloak and Oauth2-proxyAndreas Geissler55-2991/+2
Changed keycloak-init to "authentication" and moved as root chart Moved oauth2-proxy to onap-authentication and updated to version 7.5.4 Use TCL proposal for REALM creation. Update keycloak-config-cli version to 5.12.0. Ingress AuthorizationPolicy creation for all defined accessRoles in the configured realms Issue-ID: OOM-3292 Issue-ID: OOM-3268 Change-Id: I0901cd416ca5da871931d7cf084cd35c55f804f1 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2024-04-11[COMMON] Update all ReadinessChecksAndreas Geissler3-6/+4
Use the new "service" feature of the readiness image to resolve startup dependencies. Issue-ID: OOM-3280 Change-Id: Ia331d51528676744e5e0479d1fd0ca02830c3499 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2024-04-03Merge "[COMMON][READINESS] Update readiness image and use service feature"Lukasz Rajewski1-1/+1
2024-03-27[COMMON][READINESS] Update readiness image and use service featureAndreas Geissler1-1/+1
Update the ReadinessCheck (13.1.0) to support the "services" feature of readiness image version 6.0.2 and use the feature in the charts under common (dgbuilder, etcd-init, mariadb-galera, mariadb-init, postgres-init) Additional exclude K8S API port (443) from Istio Sidecar communication to allow CNI Plugin Issue-ID: OOM-3280 Change-Id: Ibe030aa9debfc82e88f2ce5e309dd6fa2250f211 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2024-03-20[COMMON] Make imagePullSecrets configurableAndreas Geissler3-6/+3
Currently in ONAP the imagePullSecrets is hardcoded to 'onap-docker-registry-key' which is created by the repository-wrapper component. With this change the secrets can be configured via setting global.imagePullSecrets and optionally per image if it is configured as map (image.pullSecrets) Issue-ID: OOM-3284 Change-Id: I8644f9b46043b6014219c42928e057b149df43a4 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2024-03-14[COMMON] Harmonize resource settings, Part 2Andreas Geissler5-10/+10
Some settings are still wrongly interpreted (e.g. 0.02Gi) Therefor they are changed to non-floating numbers (e.g. 20Mi) Issue-ID: OOM-3273 Change-Id: Icc88dead1ac5b1df8629d6adcc438a739e20522e Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2024-02-28[COMMON] Harmonize resource settingsAndreas Geissler6-26/+33
Update all resource settings to the kubernetes recommended normalized form. Fix ReadinessCheck resource limits. Issue-ID: OOM-3273 Change-Id: Ie10903b801e4dc1689bcec092162d711a431a7a6 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2024-02-15[PLATFORM][KEYCLOAK] Update Keycloak instructions and Realm importAndreas Geissler6-39/+10
Update Keycloak installation instructions to use keycloakx (Quarkus based) and update of REALM import Move the creation of the keycloak-ui ingress setup from helmchart to documentation. Issue-ID: OOM-3267 Change-Id: I3c79b05edd488f60a112590584974ba94a8c71a8 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2023-10-18[OOM] Fixing k8s cpu limitsvladimir turok2-4/+4
Adding specific cpu limits for all oom components Issue-ID: OOM-3241 Change-Id: I0bbd973d91d11dbb0ffa5848f7c1ed5ebb5f54ba Signed-off-by: vladimir turok <vladimir.turok@t-systems.com>
2023-07-14[OOM] Fixing k8s resources and limitsAndreas Geissler2-12/+12
This fix is adjusting OOM helm charts components resources limits and requests Issue-ID: OOM-3199 Signed-off-by: Vladimir Turok <vladimir.turok@t-systems.com> Change-Id: I56aeba925cda4984277ac7bbf23cfd158263d30f
2023-06-29[COMMON] Bump ONAP versionAndreas Geissler8-29/+29
Update chart versions to 13.0.0 for Montreal Issue-ID: OOM-3173 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: Ie53fd021f01e459c464e44f4459a73ba0b00c172
2023-04-17[PLATFORM] Add OAuth2-Proxy to ONAPAndreas Geissler45-10/+1928
As part of the ServiceMesh solution OAuth2-proxy will be used to enable a central authentication and authorization for ONAP Service Access. This patch delivers the function based on oauth2-proxy helmcharts: https://github.com/oauth2-proxy/manifests/tree/main/helm/oauth2-proxy Issue-ID: OOM-2489 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: Iafa82813a7b9494cf13d77d47a39fc6030cb919b
2023-03-24[PLATFORM] Add Oauth2-Proxy client to ONAP RealmAndreas Geissler6-11/+145
Add the oauth2-proxy client to the ONAP keycloak REALM Issue-ID: OOM-2489 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I3c38df8ad79a7cdaa87f4b55b1bb38afb18d2c0e
2023-01-23[PLATFORM] Add Keycloak ONAP REALM importAndreas Geissler16-3/+981
As part of the ServiceMesh solution Keycloak will be used to enable a central authentication and authorization for ONAP Service Access. This chart provides the import of a default ONAP Realm to an existing Keycloak Instance (alternative to a combined KC+REALM installation). It contains clients for the planned portal-ng. Make all subcomponents selectable Issue-ID: OOM-3021 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I677a3b9e200299c2cde7774e09db6cf33ac510b7
2022-11-10[COMMON] Bump ONAP versionAndreas Geissler4-17/+17
Update chart versions 12.0.0 for London Issue-ID: OOM-3046 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: Ic196235ff4f6ae14a7ecad799bd75a9666b2594a
2022-09-28[PLATFROM] Update cert-manager release to 2.6.0Andreas Geissler2-2/+2
Update libraries to fix vulnerabilities Issue-ID: OOM-2985 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I8ac4a769a791ffb90dfd57358dd839c7a631c403
2022-08-23[PLATFORM] Create Ingress Certificates for ServiceMeshAndreas Geissler3-1/+94
Add issuers and self-signed certificates for the Ingress controller Additionally a new override file is created for Istio Ingress setup Issue-ID: OOM-3001 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I6da12e54ecc4bbb15e3bcf1aa259e50f5be320b6
2022-08-17[COMMON] Update Makefiles to enable parallelizationAndreas Geissler2-14/+20
All Makefiles are updated to support SKIP_LINT option, have a defined order of compilation (common -> components) to support the parallel compilation of charts using: make all -j8 (for 8 Jobs). Additionally use cm-push instead of push to use the new K8S/Helm version Issue-ID: OOM-3011 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: If9903c9d5bc646b5ce54075acc616e98c4b6706e
2022-06-24[COMMON] Bump ONAP versionAndreas Geissler4-17/+17
Use version 11.0.0 for Kohn Issue-ID: OOM-2971 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: Icc0e0839fc6def2035383b5fa4c9153fc15fafda
2022-06-03[PLATFORM] Platform ServiceMesh compatibilityRadoslaw Chmiel2-0/+20
cmpv2-cert-provider and oom-cert-service charts changes to make it work with SM Issue-ID: OOM-2980 Signed-off-by: Radoslaw Chmiel <r.chmiel@partner.samsung.com> Change-Id: Ib952a6b43136a7dc72bf45b029c864862b2182a4
2022-01-19[OOM-CERT-SERVICE][DCAE] Top up Cert Service containersTomasz Wrobel2-2/+2
Top up cert service container to 2.5.0 Issue-ID: OOM-2903 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com> Change-Id: I297f14b89043f680add508dbf2b636edbc12cb61
2021-12-07[GLOBAL] Migrate to helm v3efiacor10-117/+63
Move all Chart.yaml to use apiVersion: 2 Move dependencies from requirements.yaml to Chart.yaml Changes to all makeFiles Changes to helm deploy plugin Signed-off-by: efiacor <fiachra.corcoran@est.tech> Change-Id: I03c5290eee9e40f76eacbf171e774204cf5fb1c0 Issue-ID: OOM-2845
2021-10-15[COMMON] Bump ONAP versionSylvain Desbureaux8-22/+28
Use version 9.0.0 for Istanbul Also update the doc. Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I03e11799bf487226784c98b04116f005c89d1e70
2021-10-10[DCAEGEN2] Update chart with service accountfarida azmy1-1/+1
Add service account to requirements.yaml, values.yaml and deployment/statefulset. Issue-ID: OOM-2726 Signed-off-by: farida azmy <farida.azmy.ext@orange.com> Co-authored-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6bafed3c621f4e7b1a307bc9338334586eb6795e Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>
2021-09-06[CONTRIB] Introduce certificate update use case in CertServicePiotr Marcinkiewicz5-6/+11
1. Make changes in order to allow performing KUR/CR in EJBCA: - Add Certificate Update Admin role - Enable EndEntityAuthentication module - Create and set CA with constant UID - Add configuration for provider. 2. Update CertService, which provides with new certificate update endpoint. 3. Update release-notes. Issue-ID: OOM-2753 Issue-ID: OOM-2754 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I9cb0cb4d6d6939ad229a4ea254f2bc35d45a3d52 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
2021-08-13[PLATFORM][CMPV2-CERT-PROVIDER] Remove kube-rbac-proxyPiotr Marcinkiewicz3-78/+2
- Remove unused kube-rbac-proxy container with service Issue-ID: OOM-2796 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I1c4eb79bc0d4336f24666779ab1efc10e2b484a6
2021-07-19[PLATFORM] Added imagePullSecrets to common template filesandreas-geissler2-0/+4
Added the missing definition for imagePullSecrets in the deployment.yaml of oom-cert-service, cmpv2-cert-provider to support the registryGenerator Issue-ID: OOM-2792 Signed-off-by: andreas-geissler <andreas-geissler@telekom.de> Change-Id: I6cec6b223515de649606f1daba1dd920a8348213
2021-06-23Merge "[OOM][DCAE] Chartmuseum deployment support"Sylvain Desbureaux9-0/+313
2021-06-21[OOM][DCAE] Chartmuseum deployment supportVijay Venkatesh Kumar9-0/+313
Introduction of chartmuseum as internal repo for ONAP components to push/pull charts post instantiation + Script to preload charts to this repo Change-Id: I4880900548dfe1d3e47a67b3822f82a15314b5b7 Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com> Issue-ID: DCAEGEN2-2630 Issue-ID: OOM-2734 Issue-ID: INT-1895 Issue-ID: DCAEGEN2-2694 Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com> Signed-off-by: vv770d <vv770d@att.com>
2021-06-08[COMMON] Remove CertService client mechanismPiotr Marcinkiewicz6-10/+4
- Remove cmpv2Certificate chart in order to deprecate CertService client mechanism. - Remove CertServiceClient init containers in SDNC. - Replace CMPv2CertManagerIntegration with cmpv2Enabled flag Issue-ID: OOM-2744 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I8c818fcf64a029552c8833f68b6ae95fad379c8d
2021-05-10[PLATFORM] Remove certificate generation deploymentPiotr Marcinkiewicz3-36/+1
- remove certificate generation deployment - change certificate secret for provider (from server to client) - correct documentation Issue-ID: OOM-2712 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I21a8e277e1fd5f5190c7b67fb6ef97c1b3355230
2021-04-22[PLATFORM] Generate Cert-Service certs with Cert-ManagerPiotr Marcinkiewicz8-250/+143
Utilize Cert-Manager to secure communication between Cert-Service and its clients, adjust templates and configs. Issue-ID: OOM-2712 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I96426b1a184b4d254575e76d29214d9deda08cce Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
2021-03-24[DOC][COMMON] Prepare Honolulu releaseSylvain Desbureaux6-9/+9
Updating the documentation and bumping version to 8.0.0 Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6f942f1466fed64264c44fb8fc0e1ffc93a98f18
2021-01-27[PLATFORM] Update cert service images to 2.3.3Joanna Jeremicz1-2/+2
Enhance CertServiceAPI response (include CMP server error messages) Fix KeyUsage extension sent to CMPv2 server Issue-ID: OOM-2658 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com> Change-Id: Ic2c68b85fce08d20e423b316a3234e6f00799a42
2021-01-06[PLATFORM] Update cert service images to 2.3.2Remigiusz Janeczek2-2/+2
Align Cert Service Api to RFC4210. Fix Cert Service Client CA_NAME validation. Fix Cert Service External Provider logging. Issue-ID: OOM-2656 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I644946b139bd4879e44cdf705eadcc4c2c81a0e2
2020-12-15[CMPV2] Add readiness checkJan Malkiewicz3-0/+9
Wait for oom-cert-service Issue-ID: OOM-2560 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: Ie78d1ed0500ff44cb24c7859faa9f6366e93ecd8
2020-12-04Merge "[CMPv2-CERT-PROVIDER] Add helm chart for K8s external provider"Sylvain Desbureaux16-7/+648
2020-12-03[CMPv2-CERT-PROVIDER] Add helm chart for K8s external providerJan Malkiewicz16-7/+648
Cert Service K8s external provider ia a part of certificate distribution infrastructure in ONAP. The main functionality of the provider is to forward Certificate Signing Requests (CSRs) created by cert-mananger (https://cert-manager.io) to CertServiceAPI. More information can found on a dedicated page: https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration. Issue-ID: OOM-2560 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: Ibc94d5db5cac9649d47143406b47ce179beddd14
2020-12-02[PLATFORM] Update cert service images to 2.3.1Remigiusz Janeczek1-1/+1
Update cert service and cert service client to allow IPAddresses, E-mails and URIs as SANs. Update ejbca configuration with IPAddresses, E-mail and URIs. Fix dcae bp inputs to use comma as SANs delimiter (from to allow use of IPv6) Issue-ID: OOM-2559 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I71bea7f63540eb5d345bce6867fa25e098353d6d
2020-11-30[COMMON][DOC] Bump version GuilinSylvain Desbureaux4-5/+5
Update charts and requirements to 7.0.0. Create release notes for Guilin Update documentation Issue-ID: OOM-2638 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I965ed6b6ebb7d74bfddaff73edd3dd55a657841c
2020-11-27[PLATFORM] Small fix of name of the userPawel1-2/+2
Issue-ID: OOM-2588 Signed-off-by: Pawel <pawel.kasperkiewicz@nokia.com> Change-Id: I978428b63d769c7fa226d8d95a5dbd892630b662
2020-11-25Fix "fake" deployment image nameBartek Grzybowski1-1/+1
Change-Id: Iaf5ca63623a72e46f54911c07626da2d145a5762 Issue-ID: OOM-2588 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2020-11-23[PLATFORM] Add new fake deployment to fix offline certificates generationAdam Wudzinski3-3/+44
Add new fake deployment to CertService, controlled by new global flag global.offlineDeployment, which is disabled as default. Change Makefile to use java image from ONAP Nexus for certificate generation. Signed-off-by: Adam Wudzinski <adam.wudzinski@nokia.com> Issue-ID: OOM-2588 Change-Id: I2f9fe4b626604c5bfd8512449d893015bdc6ca98
2020-11-21[PLATFORM] Uses new tpls for repos / imagesSylvain Desbureaux4-35/+7
This commit makes platform chart to use the new generator for repositories and images. Issue-ID: OOM-2364 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I95c238eff8e7e166fb4d70d388e7952c2f1c1dd2
2020-11-20[GENERIC] move from registry.hub.docker.com to docker.ioSylvain Desbureaux2-4/+4
`registry.hub.docker.com` needs authentication now, in contrary to previous behavior. As OOM deployments is unauthenticated when using docker hib repository, all OOM deployments is broken. `docker.io` seems to be still OK with unauthenticated requests so let's move to this endpoint. Issue-ID: OOM-2636 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Iea81b882d347124af22b0a9c408081706b1c6c6d
2020-10-21[Tree-wide] Add helmignore to ignore componentsKrzysztof Opasiak1-1/+2
components directory takes up a lot of space and is included during helm package Lets remove it using .helmignore This is just a copy of idea showed in: "[OOF] Add helmignore to ignore components" by krishnaa96 <krishna.moorthy6@wipro.com> Issue-ID: OOM-2534 Suggested-by: krishnaa96 <krishna.moorthy6@wipro.com> Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I25c82e79ba2c472b7761a63365573188ab8db56b
2020-10-16Update makefiles to use specific helm versionJakub Latusek2-12/+14
Helm is now called by HELM_BIN variable which by default is set to helm and makefiles use helm from path. HELM_BIN can be overwritten so user can have two version of helm in system and choose which one to use. Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: I0917796aafe234e87afa0ac3c4c15720296276d5
2020-09-30Merge "[PLATFORM] Use helm-push plugin"Sylvain Desbureaux2-0/+10
2020-09-28[PLATFORM] Change yaml comment to helm commentJakub Latusek3-6/+6
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: I3fbc4b8c29fb8c69be3ee91030a1cb23953c3db8