aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/policy
AgeCommit message (Collapse)AuthorFilesLines
2024-08-02[POLICY] Fix Kyverno Policy violationsAndreas Geissler72-186/+656
- Add "archive" folder for removed policy-gui charts - Update all deployments/jobs to fix policies - Correct KafkaUser definition to avoid deprecated attribute - update xacml-pdp deployment to work with readOnlyFilesystem setting Issue-ID: OOM-3307 Change-Id: I579062c1c49923666c1d836f7324c8bbd7b88695 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2024-07-26[POLICY] Deprecation of policy-guiadheli.tavares15-650/+4
- policy-gui is going into unmaintained state. Issue-ID: POLICY-5049 Change-Id: Ic83ab19a37d1c3e7007975b27ca150c4794a86e9 Signed-off-by: adheli.tavares <adheli.tavares@est.tech>
2024-05-21[POLICY] Update docker images to latest versionssaul.gill14-14/+14
The image versions in policy values.yaml files have been updated *** This commit is generated by a PF release script *** Issue-ID: POLICY-4997 Change-Id: Ia874c6a050f9a0253628247519541e17d86d08cf Signed-off-by: saul.gill <saul.gill@est.tech>
2024-04-26[POLICY] Update docker images to latest versionssaul.gill14-14/+14
The image versions in policy values.yaml files have been updated *** This commit is generated by a PF release script *** Issue-ID: POLICY-4970 Change-Id: Ib431ebb448205fb79808dab8e1edc2c6aaaaf13c Signed-off-by: saul.gill <saul.gill@est.tech>
2024-04-17[MARIADB][POLICY] Correct the MariaDB ReadinessCheckAndreas Geissler1-7/+7
The configuration of an external MariaDB did not fit with the template function of _mariadb.tpl and additionally the template function has a bug in the service information. Issue-ID: OOM-3290 Change-Id: I92f758647012ebf289549665f7f5c20e94c9ff66 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2024-04-13[COMMON] Remove hostPath entriesAndreas Geissler13-78/+0
As hostPath volumes violate Cluster policies, they are not allowed within pod definitions. In our case only the "etc/localtime" is mounted to get the timezone of the host, which is not required. Issue-ID: OOM-3287 Change-Id: I6c8c8ea4e982d7e95e73f5fed7fc07ed47ceaab7 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2024-04-11[COMMON] Update all ReadinessChecksAndreas Geissler12-54/+13
Use the new "service" feature of the readiness image to resolve startup dependencies. Issue-ID: OOM-3280 Change-Id: Ia331d51528676744e5e0479d1fd0ca02830c3499 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2024-04-08[POLICY] Add kafka support in policy chartsrameshiyer2744-305/+169
Added kafka support in all policy charts. Dmaap option is removed Issue-ID: POLICY-4941 Change-Id: I015d303c11c04a64d815fe2f054919eca2252250 Signed-off-by: rameshiyer27 <ramesh.murugan.iyer@est.tech>
2024-03-20[COMMON] Make imagePullSecrets configurableAndreas Geissler15-36/+18
Currently in ONAP the imagePullSecrets is hardcoded to 'onap-docker-registry-key' which is created by the repository-wrapper component. With this change the secrets can be configured via setting global.imagePullSecrets and optionally per image if it is configured as map (image.pullSecrets) Issue-ID: OOM-3284 Change-Id: I8644f9b46043b6014219c42928e057b149df43a4 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2024-03-14[COMMON] Harmonize resource settings, Part 2Andreas Geissler12-27/+27
Some settings are still wrongly interpreted (e.g. 0.02Gi) Therefor they are changed to non-floating numbers (e.g. 20Mi) Issue-ID: OOM-3273 Change-Id: Icc88dead1ac5b1df8629d6adcc438a739e20522e Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2024-03-11[COMMON] Update MariaDB readinessChecks to fix Operator issuesAndreas Geissler2-20/+25
Give different readinessCheck rules depending on the usage of mariaDB Operator and local/global DB setup Apply these changes to CDS, NBI, SO, SDNC, Policy Issue-ID: OOM-3280 Change-Id: I4e6f584558ffebb6ab602db88a73c2f02891902e Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2024-03-06[POLICY] Update docker images to latest versionssaul.gill29-58/+58
The image versions in policy values.yaml files have been updated *** This commit is generated by a PF release script *** Issue-ID: POLICY-4907 Change-Id: I2a03efe9e39db70fd60e0790f206ad92cd8fe42b Signed-off-by: Saul Gill <saul.gill@est.tech>
2024-02-28[COMMON] Harmonize resource settingsAndreas Geissler22-148/+218
Update all resource settings to the kubernetes recommended normalized form. Fix ReadinessCheck resource limits. Issue-ID: OOM-3273 Change-Id: Ie10903b801e4dc1689bcec092162d711a431a7a6 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2024-01-23[POLICY] Support external MariaDB using OperatorAndreas Geissler2-6/+26
Change global.mariadb to be able to select Operator user and add setting for external Secret name for root User Issue-ID: OOM-3266 Change-Id: Ic54819b0d146bd3194b51fddff069167b72cd4f3 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2023-11-14[POLICY] Update docker images to latest versionsliamfallon14-14/+14
The image versions in policy values.yaml files have been updated *** This commit is generated by a PF release script *** Issue-ID: POLICY-4854 Signed-off-by: liamfallon <liam.fallon@est.tech> Change-Id: I4a28d35bbdda2497faaa5c91baa42aaa9d398437
2023-10-24Merge "[POLICY] Add configurable acm parameters"Lukasz Rajewski2-0/+7
2023-10-18[POLICY] Add configurable acm parametersrameshiyer272-0/+7
Added parameters for custom naming in runtime helm chart Issue-ID: POLICY-4830 Signed-off-by: rameshiyer27 <ramesh.murugan.iyer@est.tech> Change-Id: I88022b0fa54cc41d7abc8e27bee241e10d75250a
2023-10-18[OOM] Fixing k8s cpu limitsvladimir turok13-26/+26
Adding specific cpu limits for all oom components Issue-ID: OOM-3241 Change-Id: I0bbd973d91d11dbb0ffa5848f7c1ed5ebb5f54ba Signed-off-by: vladimir turok <vladimir.turok@t-systems.com>
2023-09-29[MARIADB][COMMON] Add support for mariadb-operatorAndreas Geissler8-11/+33
Add template functions for the mariadb-operator resources and update the mariadb-galera chart to support them Change the flag to "useOperator" in cassandra to the global setup and additional labels for cassandra resources Changed Policy DB users to support the new mariadb User and fixed db.sh script to wait for the DB user creation Use the new readiness image 5.0.1 with the "app-name" option Change the MariaDB-Galera Service to the "primary" to avoid Deadlocks Fix previous SDNC patch (https://gerrit.onap.org/r/c/oom/+/135308) and temporary disable MariaDB for SDNR, as it is not compatible to MariaDB 11 Issue-ID: OOM-3236 Change-Id: Ie63fcc9c6d5fa802d38c592b449e7ff8553c2ab9 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2023-08-25[POLICY] Add optional disable prometheus ep authsaul.gill1-0/+4
Allows the option to disable the prometheus endpoint authentication in clamp acm chart Issue-ID: POLICY-4802 Change-Id: I0aa584d657282b12aa97cae85c4704f71faf85b1 Signed-off-by: saul.gill <saul.gill@est.tech>
2023-07-19[POLICY] Correct container ports in Nexus and GUIAndreas Geissler2-6/+4
Use templates in deployment.yaml to fix container port settings Issue-ID: OOM-3231 Change-Id: I4802ad318ec87fd55980483caa86a1ab7f018693 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
2023-07-14[OOM] Fixing k8s resources and limitsAndreas Geissler13-92/+92
This fix is adjusting OOM helm charts components resources limits and requests Issue-ID: OOM-3199 Signed-off-by: Vladimir Turok <vladimir.turok@t-systems.com> Change-Id: I56aeba925cda4984277ac7bbf23cfd158263d30f
2023-06-29[COMMON] Bump ONAP versionAndreas Geissler15-84/+84
Update chart versions to 13.0.0 for Montreal Issue-ID: OOM-3173 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: Ie53fd021f01e459c464e44f4459a73ba0b00c172
2023-06-26[COMMON] Fix various helm errorsAndreas Geissler2-5/+3
Fixes in helmcharts which are not detected by helm, but kustomize in common, CDS, POLICY, SDC, SO Issue-ID: OOM-3200 Issue-ID: OOM-3201 Issue-ID: OOM-3202 Issue-ID: OOM-3203 Issue-ID: OOM-3204 Issue-ID: OOM-3205 Issue-ID: OOM-3206 Issue-ID: OOM-3207 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I8416726693d6606d936aaf4cfe2c097752689c29
2023-06-14[POLICY] Correct clamp timeouts and enable sidecars in jobs againAndreas Geissler6-18/+86
Clamp pods take longer to start in "small" flavor case and require 60 seconds to startup. Revert the Istio Sidecar removal in MariaDB jobs, as they are not the root cause of the startup issue. Issue-ID: OOM-3186 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I0f3fd6a55e851640617bc3b0de8f96a0fe33d765
2023-05-24[POLICY] Update docker images to latest versionsliamfallon6-6/+6
The image versions in policy values.yaml files have been updated *** This commit is generated by a PF release script *** Issue-ID: POLICY-4662 Signed-off-by: liamfallon <liam.fallon@est.tech> Change-Id: Id4904916026969730830441a17d1442d1c690004
2023-05-05Merge "[POLICY] Update docker images to latest versions"Andreas Geissler27-143/+386
2023-05-04[POLICY] Update docker images to latest versionssaul.gill27-143/+386
The image versions in policy values.yaml files have been updated Added native configurable support in pap and api for strimzi Added configurable support in api and pap for postgres *** This commit is generated by a PF release script *** Issue-ID: POLICY-4648 Change-Id: Ia91ea4a8babc850d0854e299eb80541c1d38285d Signed-off-by: saul.gill <saul.gill@est.tech>
2023-04-21[POLICY][COMMON] Create Authorization Policies for PolicyAndrewLamb28-2/+331
Policy- Add initial authorized serviceaccounts for each sub component service Common- Change authorizationpolicy to match on the label app Issue-ID: OOM-3139 Change-Id: I411877b933d6dfcbdee633f1440d16c9658438e5 Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>
2023-04-20Merge "[AAI] Kiali Validation - KIA0601 - Port name must follow [-suffix] form"Andreas Geissler1-3/+3
2023-04-20[AAI] Kiali Validation - KIA0601 - Port name must follow [-suffix] formFiete Ostkamp1-3/+3
- change portNames to have a protocol prefix Issue-ID: OOM-3166 Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de> Change-Id: I3013ba629c951c12dfb7594aadc34dd0c47afab9
2023-04-19[POLICY] Fix policy-gui Ingress setupAndreas Geissler1-1/+1
Change the target service for the policy-gui Issue-ID: OOM-3165 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I803e32b2be0e35f9670b4a241e06c77009104325
2023-04-03[POLICY] Correct comtainer port in policy-xacml-pdpAndreas Geissler1-2/+1
Wrong port definition leads to missing Service selection Issue-ID: OOM-3120 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I0d843f6cff494e9062ee18321c5525499b868dcd
2023-03-23[POLICY] Cleanup of Helmcharts from AAF/TLS optionsAndreas Geissler60-1057/+113
Remove AAF options and Certificate settings Disable Istio Sidecar injection for DB jobs due to problems during DB Migration Extended the timeouts for clamp-runtime-acm Issue-ID: OOM-3120 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I802fa2038535524f4696513acd5aa7772e0a3f35
2023-03-15[POLICY] Add Kserve participantaravind.est11-0/+623
Add kserve participant helm charts. Issue-ID: POLICY-4525 Signed-off-by: aravind.est <aravindhan.a@est.tech> Change-Id: I51f1ddb91302fd54c6e926f9f5c80e648b9a4a07
2023-03-10[POLICY-PPNT] Move policy-clamp-ppnt use case to use strimzi kafkaefiacor29-461/+488
Move acm to use strimzi common templates Enabled kafka by default for acm ppnts Update relevant config params Signed-off-by: efiacor <fiachra.corcoran@est.tech> Change-Id: Ia23970e59f4ddaa83a07d224293b0155e28d0ab2 Issue-ID: DMAAP-1857
2023-03-05Merge "[COMMON] Fix resources indent"Andreas Geissler13-32/+16
2023-03-03[POLICY] Update docker images to latest versionssaul.gill22-37/+90
The image versions in policy values.yaml files have been updated Chart config update to match new images *** This commit is generated by a PF release script *** Issue-ID: POLICY-4570 Signed-off-by: saul.gill <saul.gill@est.tech> Change-Id: I347f3601c4a0d3c09cf5eaec6e8ed51878c1a02d Signed-off-by: saul.gill <saul.gill@est.tech>
2023-03-03[COMMON] Fix resources indentmiroslavmasaryk13-32/+16
Fix of resources template indent and therefore resources in components Issue-ID: OOM-3104 Signed-off-by: miroslavmasaryk <miroslav.masaryk@telekom.com> Change-Id: I825a3860db00cae4bb80b2aa2d82ac1a42b33124
2023-02-19[POLICY] Move policy dist to use strimzi templatesefiacor6-71/+42
Move policy dist to use strimzi templates Signed-off-by: efiacor <fiachra.corcoran@est.tech> Change-Id: I4a03812a7545ce7a4fcd5443a2c0af89933b1a63 Issue-ID: DMAAP-1857
2023-01-31Merge "[DMAAP] Remove AAF dependency"Andreas Geissler8-19/+19
2023-01-31Merge "[POLICY] Use variable MariaDB image for DB jobs"Andreas Geissler3-10/+4
2023-01-31[DMAAP] Remove AAF dependencyefiacor8-19/+19
Remove DMaaP NodePorts Update dmaap-bc postgres setup and dbc-client image used by DCAE Use the http port of the dbcClient in the dmaapProvisioning job Signed-off-by: efiacor <fiachra.corcoran@est.tech> Change-Id: Ie4888b58b6f7e1405ed67625900da89e58b5cb79 Issue-ID: DMAAP-1573
2023-01-25[POLICY] Fix repository settings for policy jobAndreas Geissler1-5/+5
The repositoryGenerator has to be used for images to be able to override the repository settings Issue-ID: POLICY-4527 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I072474d48c8317130c1c918a1a65a394e88f5774
2023-01-25[POLICY] Use variable MariaDB image for DB jobsAndreas Geissler3-10/+4
Use default MariaDB version (same as deployed) in the DB scripts Issue-ID: POLICY-4537 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: If418f6b35b9f1ecf8631fe002e59d6f9372a979e
2023-01-03[POLICY-SDC-DIST] Upgrade policy-distribtuion to use kafka nativeefiacor5-16/+73
Policy dist to use kafka native Signed-off-by: efiacor <fiachra.corcoran@est.tech> Change-Id: Id83dcd6c4af0bff37689178330827ce96246b5ae Issue-ID: DMAAP-1816
2022-12-23[POLICY] Add A1pms participant chartsaravind.est10-0/+575
Add A1pms participant helm charts Issue-ID: CCSDK-3816 Signed-off-by: aravind.est <aravindhan.a@est.tech> Change-Id: I4153f070e6f3394667b8ce4a714d0f8e91be4738
2022-12-01[POLICY] Update docker images to latest versionsliamfallon11-11/+11
The image versions in policy values.yaml files have been updated *** This commit is generated by a PF release script *** Issue-ID: POLICY-4462 Signed-off-by: liamfallon <liam.fallon@est.tech> Change-Id: I6154e8409900eca422f6b9392883d50232d1f573
2022-11-10[COMMON] Bump ONAP versionAndreas Geissler13-77/+77
Update chart versions 12.0.0 for London Issue-ID: OOM-3046 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: Ic196235ff4f6ae14a7ecad799bd75a9666b2594a
2022-10-26Merge "[POLICY] Correction on PAP MR connection port"Fiachra Corcoran1-1/+1