summaryrefslogtreecommitdiffstats
path: root/kubernetes/portal
AgeCommit message (Collapse)AuthorFilesLines
2020-09-24[Portal] Remove hardcoded cassandra passwordSandeep Shah14-10/+219
Make cassandra password generate automatically and distribute it to components that use DB. Remove also hardcoded encryption key. Issue-ID: PORTAL-944 Signed-off-by: SandeepLinux <Sandeep.Shah@att.com> Change-Id: I6e579a76efacc7a0921fea7c74a7a9e49347ebd8 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-09-07Merge "Removal of zookeeper from portal HELM charts"Sylvain Desbureaux13-296/+1
2020-09-04[GENERAL] Use readiness container v3.0.1Sylvain Desbureaux8-19/+15
Readiness container v3.x and up are now present in ONAP main repository. They're also not using root user anymore and then script path has changed. Finally, "job_complete" script has been integrated in main "ready" script. As those changes are significant, we must upgrade all the components at once. Depends-On: I5afa83892043f4844afe12e61724a8d368a9f2e0 Issue-ID: OOM-2545 Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com> Change-Id: I0b4eb5dd86390273532d67d0a9696e1cfcadf110
2020-08-30Removal of zookeeper from portal HELM chartsSandeep Shah13-296/+1
Portal components no more rely on zookeeper and removed from rspective portal and its component HELM charts Issue-ID: PORTAL-998 Signed-off-by: SandeepLinux <Sandeep.Shah@att.com> Change-Id: I9939da45ee03623a4f7cfc379c68785fdcce8b63
2020-08-18No root access to mariadb from portal appSandeep Shah2-1/+9
Updates to helm charts to include an init container to set permissions for volume, so that the existing initialization code when run as a non-root user can access the volume. this is in combination with PORTAL-966. Issue-ID: PORTAL-946 Signed-off-by: SandeepLinux <Sandeep.Shah@att.com> Change-Id: I63a78dc1ab90914d648b0c1f470d3079eb0ddeba
2020-07-27[PORTAL] Make PORTAL compatible with Kubernetes v1.17Grzegorz-Lis6-6/+24
Issue-ID: OOM-2463 Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com> Change-Id: I20f44472e2c22b23ef22f477b63479b7e71eff16
2020-06-01Merge "[PORTAL] Use common aaf template in portal-sdk"Krzysztof Opasiak5-41/+18
2020-05-29Merge "[PORTAL] Use common aaf template in portal-app"Sylvain Desbureaux5-40/+17
2020-05-27Update Portal Images for Role Mgt fixstatta3-3/+3
Issue-ID: PORTAL-894 Change-Id: I7cf521518a89be18443148b350ba3d1df1bfec06 Signed-off-by: statta <statta@research.att.com>
2020-05-26[PORTAL] Use common aaf template in portal-appKrzysztof Opasiak5-40/+17
Instead of copy-pasting code around aaf_agent usage let's use a common template that automates this. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ida183073e70563527d9d218cb247d7028687c167
2020-05-25[PORTAL] Use common aaf template in portal-sdkKrzysztof Opasiak5-41/+18
Instead of copy-pasting code around aaf_agent usage let's use a common template that automates this. Issue-ID: AAF-1134 Change-Id: I49a7da1458b50dd1c550dbed5e686efc1c8e948d Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-05-22[PORTAL] Move portal subcharts to componentsKrzysztof Opasiak81-1/+231
In order to allow to define dependencies per subchart let's move all of them to components and make sure that they can be build independently. Issue-ID: AAF-1134 Change-Id: Ia75ba66d9338dbacaea500c20f6a5b384d1685a1 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-05-20Use non encrypted pwd for AAF communicationChrisC5-9/+8
Issue-ID: PORTAL-894 Signed-off-by: ChrisC <christophe.closset@intl.att.com> Change-Id: Ide962ac7f02d17e4386002a891ab0cf22f38f656
2020-05-07Update Docker Release versionstatta2-2/+2
Modify Update DB script. Issue-ID: PORTAL-900, PORTAL-894 Signed-off-by: statta <statta@research.att.com> Change-Id: I224826ef027e38d88f035fcef64969137154fd4d
2020-05-06[Portal] Fix Ingress configurationSylvain Desbureaux1-1/+1
Set redirect for SSL for HTTPS backend. Issue-ID: OOM-2185 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I44c42968c2d3ab35c61920f47d3bd6c2ae3cd4dc
2020-05-04Merge "Change ingress hosnames for exposed services"Sylvain Desbureaux2-2/+2
2020-05-04Merge "Portal AAF REST API perm fixes for Roles"Sylvain Desbureaux6-22/+20
2020-05-04Portal AAF REST API perm fixes for RolesChrisC6-22/+20
Fixed AAF REST API creds : reuse of X509 identity the use of javax.net.ssl variables overrides basic auth identity the fake password must be slightly updated in order to pass current decryption method in portal code Issue-ID: PORTAL-875 Change-Id: I0497df70f0ff9a30e4ccd634aff67467f5ae04df Signed-off-by: ChrisC <christophe.closset@intl.att.com>
2020-04-29Change ingress hosnames for exposed servicesLucjan Bryndza2-2/+2
Change ingress host to the required hostnames Change-Id: Ic78c8821e2e23e00943d8abdf7b2183b4d940c72 Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com> Issue-ID: OOM-2391 Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
2020-04-24Changed http to https for SDKLorraine Welch1-1/+1
Issue-ID: PORTAL-890 Signed-off-by: Lorraine Welch <lb2391@att.com> Change-Id: I29db7da917f46a4bd3917fe1b71d714a9bf80022
2020-04-22Merge "[Portal] Move (unused) readinessImage to global"Krzysztof Opasiak2-2/+3
2020-04-22Change msb portal page from HTTP to HTTPS portHuabing Zhao2-2/+2
Issue-ID: MSB-470 Signed-off-by: Huabing Zhao <zhao.huabing@zte.com.cn> Change-Id: Iae21ff6d0adc46838dcc4b0bc7071dd9f858d018
2020-04-20[Portal] Move (unused) readinessImage to globalSylvain Desbureaux2-2/+3
All helm charts in ONAP are setting readinessImage to global part (it can then be easy to bump version for everybody at once). Portal Job is not using it and use a local version. Move to use global one for consistency Issue-ID: OOM-2373 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I5400ab595773ffc7111bc43f64c48b7c9a4c2dcd
2020-04-16Set CLI version to 5.0.4Kanagaraj Manickam1-6/+3
Issue-ID: CLI-255 Change-Id: I1ad4da223a56262db4d86f0ba03a76b3e763d448 Signed-off-by: Kanagaraj Manickam <kanagaraj.manickam@huawei.com>
2020-04-13Update Portal with release artifactsstatta4-4/+4
Issue-ID: PORTAL-842 Signed-off-by: statta <statta@research.att.com> Change-Id: I240051c30b1b71c6e7fc47bdaebe36bc519dd3fb
2020-04-08Portal chart missing image nameOndřej Šmalec2-0/+2
aafAgentImage is missing in values.yaml after recent change. Because of that only repository is visible in helm template. common/common/templates/_aafconfig.tpl: image: {{ (default $dot.Values.repository $dot.Values.global.repository) }}/ {{ $dot.Values.global.aafAgentImage }} Issue-ID: OOM-2358 Signed-off-by: Ondřej Šmalec <o.smalec@partner.samsung.com> Change-Id: I9be639dfb57cbd1263f02a485d359e747707d48e
2020-04-07Portal-app auto cert genChrisC13-151/+141
Migrate to auto cert gen using latest templates Minor updates to align portal-sdk to latest templates Issue-ID: PORTAL-847 Depends-On: Ie3f5ae5c2a37d816afc42d2c67ebe8e40e749c79 Signed-off-by: ChrisC <christophe.closset@intl.att.com> Change-Id: Ib457b0940d549168ebc173d9b1f953bb933088a1
2020-04-02Bump chart versionSylvain Desbureaux8-8/+8
Use 6.0.0 in preparation for Frankfurt release Issue-ID: OOM-2320 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I8ad82dfdf48b56c38c0e85d640b18cc13c8d9e67
2020-04-01[SDC BE] Remove HTTP node port 30205gummar1-1/+1
Keep HTTP port reachable from inside the server. Issue-ID: OJSI-101 Change-Id: I0468697d8f3d0192a5d8e102501db0d14633fa86 Signed-off-by: gummar <raj.gumma@est.tech> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-03-25[PORTAL] Use faster version of common secret templateKrzysztof Opasiak2-3/+3
Issue-ID: OOM-2051 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ieb4027d738041e1bd8d8238b74c3615dce2971eb
2020-03-20Disable HTTP Port of portal-appstatta1-12/+0
Issue-ID: PORTAL-848 Change-Id: Ica17e60ec7497cf6d310a664c2e414455f8d1ef4 Signed-off-by: statta <statta@research.att.com>
2020-03-05Merge "HTTPS/AAF auto cert gen for Portal SDK"Krzysztof Opasiak6-10/+298
2020-03-05HTTPS/AAF auto cert gen for Portal SDKChrisC6-10/+298
integrate portal-sdk with AAF agent init container. add pv to store init-container certs generated at startup. add aafEnabled flag to switch on/off aaf integration. modify tomcat startup to load p12 and enable HTTPS based on flag. Issue-ID: PORTAL-261 Signed-off-by: ChrisC <christophe.closset@intl.att.com> Change-Id: Ia2b05b8661bf9e0c03a60467212e80d1c9d02bac
2020-02-13Temporarily remove the dependency on Cassandrastatta2-0/+158
Issue-ID: PORTAL-796 Change-Id: I41f761e0a90e6cb75e588338b09208f899f3fb58 Signed-off-by: statta <statta@research.att.com>
2020-02-01[ONAP-wide] Replace .Release.Name with common.releaseKrzysztof Opasiak25-41/+41
ONAP is too big to be deployed using helm install so we need to use a custom helm plugin helm deploy. This script deloys onap component by component instead of deploying evrything at once. Unfortunately this script also modifies the helm release by appending component name to it. As a result of this behavior our objects are called for example: onap-mariadb-galera-mariadb-galera-0 instead of just being called onap-mariadb-galera-0. This patch simplifies this naming convention by replacing all direct usages of .Release.Name with common.release macro which strips the component specific part from the release name. Issue-ID: OOM-2275 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ia8cead50d305adb00eef666d0a1ace74479b5183
2019-12-11Merge "[PORTAL] Use global storage templates for PVC"Borislav Glozman4-20/+8
2019-12-09[PORTAL] Use global storage templates for PVCSylvain Desbureaux4-20/+8
OOM has now templates in order to create the needed PVC, using: * a PV with a specific class when using a common nfs mount path between nodes (sames as today use) --> is the default behavior today * or a storage class if we want to use dynamic PV. On this case, we use (in order of priority): - persistence.storageClassOverride if set on the chart - global.persistence.storageClass if set globally - persistence.storageClass if set on the chart Change-Id: I28b4ac5f612de75918973148865cf82f7a7de5e8 Issue-ID: OOM-1227 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2019-11-27Add ingress controller support to portalLucjan Bryndza5-0/+17
Add ingress controller support to portal using default ingress template. Issue-ID: OOM-2185 Change-Id: I99f230d95a396f159559ee1c1e3bb01d6c8a9ff0 Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
2019-11-06Merge "[Portal] Adjust Pods Requests/Limits"Borislav Glozman6-23/+23
2019-11-06[Portal] Adjust Pods Requests/LimitsSylvain Desbureaux6-23/+23
I've adjusted the Requests / Limits of portal pods according to real usage of "Orange Openlab" and "Onap daily master". Calculation is the following: per deployment: * CPU/Mem requests is max of average from the two deployments * CPU/Mem limits is (max of max from the two deployments) * 1.2 Moved portal-widget CPU limit to 1 as it's not starting if set to lower than that. Full values are available on jira ticket (https://jira.onap.org/browse/PORTAL-517). Change-Id: Ic02fef386e05351a6fa9e47bf47d5c2046f490e3 Issue-ID: PORTAL-517 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Signed-off-by: Lorraine Welch <lb2391@att.com>
2019-10-29[Music] Adjust Pods Requests/LimitsSylvain Desbureaux1-1/+1
I've adjusted the Requests / Limits of portal pods according to real usage of "Orange Openlab" and "Onap daily master". Calculation is the following: per deployment: * CPU/Mem requests is max of average from the two deployments * CPU/Mem limits is (max of max from the two deployments) * 1.2 Change-Id: I3fce54e6be495a7014bf346d66721976fa2dab8b Issue-ID: MUSIC-533 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2019-09-18Merge "Updated SDK deployment.yaml"Brian Freeman5-4/+6
2019-09-18HTTPS calls for sdck.kedron2-3/+3
Proper configuration for HTTPS in the sdc: -configured the livenessProbe/readinessProbe ports -changed mount path for dcea-be components -updated dcea component images -updated VID and Portal to talk with the SDC Change-Id: Ibdece8f095aaa79e326cb9c4510e8227a7856b15 Issue-ID: SDC-2548 Signed-off-by: Krystian Kedron <k.kedron@partner.samsung.com>
2019-09-18Updated SDK deployment.yamlWelch, Lorraine (lb2391)5-4/+6
Issue-ID: PORTAL-727 Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com> Change-Id: Ic9041f4a0263c7ab6d36176708323dd47c89bf7d Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com>
2019-09-10Update tomcat to 8.5statta2-1/+3
Issue-ID: PORTAL-723 Change-Id: I78e7badc9b0c02407bc9d4bbdfb1b0019f54b07a Signed-off-by: statta <statta@research.att.com>
2019-09-05Merge "Move PORTAL Storage access to RWO"Mike Elliott2-2/+2
2019-09-04added new docker-entrypoint.sh for mariadbWelch, Lorraine (lb2391)1-153/+159
Issue-ID: PORTAL-709 Signed-off-by: Welch, Lorraine (lb2391) <lb2391@att.com> Change-Id: I70c35ebcaf76fa157da777c28cca6513a22c4465
2019-09-02Move PORTAL Storage access to RWOSylvain Desbureaux2-2/+2
Today when deploying Portal with OOM, the PersistentVolumeClaim needs the "ReadWriteMany" (or "RWX") capability. According to Kubernetes Documentation (https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes), ReadWriteMany stands for "the volume can be mounted as read-write by many nodes". That means that a particular PVC needs to be read and written from many pods. That also means that your code takes that into account and do the work to avoid write at the same place at the same time. An issue on RWX mode is that most "official" storage driver from Kubernetes doesn't support it (13 over the 19 drivers doesn't support it, espacially OpenStack, Amazon and Google storage classes). Portal PVC are only used by a mariadb instance or a cassandra instance. Thus we don't need RWX. Change-Id: I706e13759d3af829d61d7a33d068263aaf9e9158 Issue-ID: PORTAL-724 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2019-07-14Merge "Use nodePortPrefix variable in PORTAL-zookeeper chart"Borislav Glozman1-1/+1
2019-07-14Merge "Use nodePortPrefix variable in PORTAL-mariadb chart"Borislav Glozman1-1/+1