Age | Commit message (Collapse) | Author | Files | Lines |
|
Use the new template features to create two services for DMaaP Message
Router:
* One of ClusterIP type with HTTP AND HTTPS port, with the same
name as before.
* Another of NodePort type with HTTPS only port, with a new name (this
one should be used only for external traffic)
I've also replaced `tabs` iby spaces in two resources files so it's
easier to read the configmap.
Issue-ID: DMAAP-1400
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I394e0b5327ffe2605f0c4c8b134e49553b06232c
|
|
Current service and headlessService templates doesn't handle the fact
that out of cluster ports must be TLS encrypted only.
With a new (backward compatible) DSL, this is now possible.
In values.yaml, all ports in service part with port AND plain_port will
have the ability to be HTTP or HTTPS depending on the context.
Per default, they'll be HTTPS.
TLS choice will be done according this table:
| tlsOverride | global.tlsEnabled | global.serviceMesh.enabled | global.serviceMesh.tls | result |
|-------------|-------------------|----------------------------|------------------------|--------|
| not present | not present | not present | any | true |
| not present | not present | false | any | true |
| not present | not present | true | false | true |
| not present | not present | true | true | false |
| not present | true | any | any | true |
| not present | false | any | any | false |
| true | any | any | any | true |
| false | any | any | any | false |
Service template will create one or two service templates according to this table:
| serviceType | both_tls_and_plain | result |
|---------------|--------------------|--------------|
| ClusterIP | any | one Service |
| Not ClusterIP | not present | one Service |
| Not ClusterIP | false | one Service |
| Not ClusterIP | true | two Services |
If two services are created, one is ClusterIP with both crypted and plain
ports and the other one is NodePort (or LoadBalancer) with crypted port only.
Issue-ID: OOM-1936
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If766dd73132022d1a6e578fd36113c461bb91ea5
|
|
|
|
|
|
|
|
|
|
* Update kubernetes/aai from branch 'master'
to 4f4d14ab45a2225953961136220041189d566015
- Merge "Update logback.xml"
- Update logback.xml
Issue-ID: AAI-2824
Signed-off-by: Jimmy Forsyth <jf2512@att.com>
Change-Id: I9034b283a2cd47770a30db9e1eecf3ef5ad58d47
|
|
|
|
|
|
|
|
And thus needs bigger limits/requests
Issue-ID: USECASEUI-403
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ide23f95af16f9ed9615bcb26e67e40cd1145670f
|
|
* Update kubernetes/aai from branch 'master'
to c9fad710ea31ae6695c3914429266621d37ce8b8
- Fix the graphadmin logback issue
Issue-ID: AAI-2751
Change-Id: Icce232aab798c2c1d2a072a5cbf040403879a48b
Signed-off-by: Harish Venkata Kajur <vk250x@att.com>
|
|
integrate portal-sdk with AAF agent init container.
add pv to store init-container certs generated at startup.
add aafEnabled flag to switch on/off aaf integration.
modify tomcat startup to load p12 and enable HTTPS based on flag.
Issue-ID: PORTAL-261
Signed-off-by: ChrisC <christophe.closset@intl.att.com>
Change-Id: Ia2b05b8661bf9e0c03a60467212e80d1c9d02bac
|
|
|
|
Issue-ID: DMAAP-1363
Signed-off-by: Dominic Lunanuova <dgl@research.att.com>
Change-Id: I198b19a24f2b413f489376eb101efa75a4513ba0
|
|
|
|
Change-Id: I8cf5a6ac58d38c6e5c818259baf7d69615eb9803
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Issue-ID: DMAAP-1400
|
|
Some passwords are still hardcoded but with this commit all components
should be using passwords provided via secrets not directly as strings.
A follow-up patch will remove hardcoded passwords where feasible.
Issue-ID: OOM-2309
Change-Id: I047974506430cbb277200d0103bcc57a6fd8a83b
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
|
|
|
|
Issue-ID: VID-761
Change-Id: Ie3127f62a9b059020b047ae09bf13bdf77923833
Signed-off-by: Ittay Stern <ittay.stern@att.com>
|
|
Add support to build endpoint from SO to multicloud
via msb using http or https scheme.
Change-Id: I474fdd7c885e437c1c8136bffe3e40e41c86dab5
Issue-ID: SO-1450
Signed-off-by: Eric Multanen <eric.w.multanen@intel.com>
|
|
It should make the POD to start again
Issue-ID: AAF-1106
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I934a904ba7310e49bf2cfd3f372c402af3878efa
|
|
The issue related to HV-VES occurs due to a lack of
certificates. There are provided by TLS_INT_CONTAINER.
Therefore use-tls must be set on true.
Issue-ID: OOM-2281
Signed-off-by: Piotr Wielebski <piotr.wielebski@nokia.com>
Change-Id: Ib5c82d5955c0a7b32a4fc5c9797734f930ae7885
|
|
SMS requests/limits were set too low and thus it prevents start when on
small flavors
Issue-ID: AAF-1105
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib591c972ceaa4186dd16ca5cebd86b58c0288718
|
|
|
|
|
|
ElasticSearch run as non-root user
Issue-ID: CLAMP-668
Change-Id: I786e2ff8babf4b78fa6dfdf63ff9cd486099fbac
Signed-off-by: osgn422w <gervais-martial.ngueko@intl.att.com>
|
|
|
|
|
|
Use common secrete template in so-bpmn-infra component.
For now passwords are stil hardcoded but this will be removed in
further commits.
Issue-ID: OOM-2328
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I828d6a5713cf023d72ab22ea758e78e91d1944b9
|
|
Also add requirements for Frankfurt release
Issue-ID: OOM-1960
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Idaa4925515737221c90c4bf9141406fa1d428f15
|
|
|
|
|
|
|
|
consul ui is on http mode.
As nobody really looks at it, let's remove the nodeport and set it as
ClusterIP.
Issue-ID: OJSI-168
Issue-ID: OJSI-202
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If114dac59c4fc919a0ab879ef7c5c2478f6a16d2
|
|
|
|
|
|
|
|
|
|
* Update kubernetes/aai from branch 'master'
to ac0ea8aa12226ac95683838e92d22928eb221630
- Merge "Fix MSB config section"
- Fix MSB config section
Issue-ID: AAI-2809
Signed-off-by: Jimmy Forsyth <jf2512@att.com>
Change-Id: I53bb71ce9d8989ee3d481bcf7f2db606455df1d3
|
|
common mongo chart and input template for tca-gen2
VEScollector rls version for 7.1.1 support
Heartbeat rls version for non root support
Change-Id: Iea9c640411841553d79cee2b21447b87e2cd2a90
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
Issue-ID: DCAEGEN2-1891
Issue-ID: DCAEGEN2-1907
Issue-ID: DCAEGEN2-2071
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
|
|
Added blueprint (for ves secure) and update blueprint (for ves insecure)
Issue-ID: DCAEGEN2-1777
Signed-off-by: Pawel <pawel.kasperkiewicz@nokia.com>
Change-Id: Iaf78187b8196944ecafcef19b1efec855a4d8922
|
|
Let's use common secret template to generate user credentials for
DMAAP data router DB DB and depend on mariadb-galera to generate
secure enough root password.
Issue-ID: OOM-2287
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I82d22a2db2dc9fba655f99f837be689f4a32a871
|
|
Change-Id: I48313446853d9175ec41f288350bedbf6190c30c
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Issue-ID: DMAAP-1388
|
|
Issue-ID: AAI-2734
Change-Id: I04b77796e51afa94832454e4316d415724230124
Signed-off-by: HePeng <he.peng6@zte.com.cn>
[Remove space that breaks everything]
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
- Dashboard switched to https + non-root + portal sdk 2.6.0
- InventoryAPI keystore pwd read from file and filebeat support
Change-Id: I40d2f6a8414f0a8fc8ed7b60ed0118e69cdbb2fd
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
Issue-ID: DCAEGEN2-1592
Issue-ID: OJSI-159
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
|
|
|
|
|
|
Ve-Vnfm-Adapter POD
Issue-ID: OOM-2307
Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com>
Change-Id: I2bb95b1867338964e3f3dce74e50ac3e11231bcd
|