summaryrefslogtreecommitdiffstats
path: root/kubernetes
AgeCommit message (Collapse)AuthorFilesLines
2020-03-03ES non-rootosgn422w3-3/+3
ElasticSearch run as non-root user Issue-ID: CLAMP-668 Change-Id: I786e2ff8babf4b78fa6dfdf63ff9cd486099fbac Signed-off-by: osgn422w <gervais-martial.ngueko@intl.att.com>
2020-02-24Merge "[DMaaP DR] Adding log level config to charts"Krzysztof Opasiak4-2/+9
2020-02-21Merge "Release 1.5.1 container"Krzysztof Opasiak1-1/+1
2020-02-21Merge "[SDNC] Use common secret template in dmaap-listener"Krzysztof Opasiak6-17/+85
2020-02-21Merge "[SDNC] Use common secret template in ansible-server"Krzysztof Opasiak4-21/+107
2020-02-21Merge "[SDNC] Use common secret template in ueb listener"Krzysztof Opasiak5-15/+113
2020-02-21Release 1.5.1 containerjimmy1-1/+1
Issue-ID: AAI-2734 Signed-off-by: Jimmy Forsyth <jf2512@att.com> Change-Id: I7ae419b70f3349e6d0d5007132cfc46ec3810c58
2020-02-21Merge "move to OpenDistro"Krzysztof Opasiak14-317/+108
2020-02-21Add Makefile option to skip lining of helm chartsKrzysztof Opasiak1-1/+7
For some reason after introducing our awesome templates to ONAP make command can take now quite a lot of time, which sometimes causes out CI jobs to fail. Command that takes so much time is helm lint. This patch adds a Makefile option that allows you to skip linting of helm charts and just build them. Example: make SKIP_LINT=TRUE Default behavior stays unchanged. Issue-ID: OOM-2055 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ic50bad0cc82892e1daecc5761d6144d788a79d9f
2020-02-21move to OpenDistroosgn422w14-317/+108
move dashboard to Opendistro and certificate update Issue-ID: CLAMP-483 Change-Id: Ibaba1d517c13adeab611ab23749fb16295081372 Signed-off-by: osgn422w <gervais-martial.ngueko@intl.att.com>
2020-02-21Merge "update msbPort"Sylvain Desbureaux1-1/+1
2020-02-21[SDNC] Use common secret template in dmaap-listenerKrzysztof Opasiak6-17/+85
Whole SDNC strongly depends on the assumption that it is using a common mariadb-galera instance and that root password is secret password. Also user and password to sdnc DB is hardcoded. Let's start working on removing this assumption and component by component add support for local and shared mariadb instance without hardcoding any passwords to the database. In this patch all passwords are still hardcoded in the helm chart to not break other parts of SDNC. Those values will be removed in a final patch. Issue-ID: OOM-2309 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I3280f9d7ff4933d4e50b94ca248676ed9aa6688d
2020-02-21[SDNC] Use common secret template in ansible-serverKrzysztof Opasiak4-21/+107
Whole SDNC strongly depends on the assumption that it is using a common mariadb-galera instance and that root password is secret password. Also user and password to sdnc DB is hardcoded. Let's start working on removing this assumption and component by component add support for local and shared mariadb instance without hardcoding any passwords to the database. In this patch all passwords are still hardcoded in the helm chart to not break other parts of SDNC. Those values will be removed in a final patch. Issue-ID: OOM-2309 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Idb460e72301dd63082d7890d34fea923df3ac426
2020-02-20[SDNC] Use common secret template in ueb listenerKrzysztof Opasiak5-15/+113
Whole SDNC strongly depends on the assumption that it is using a common mariadb-galera instance and that root password is secret password. Also user and password to sdnc DB is hardcoded. Let's start working on removing this assumption and component by component add support for local and shared mariadb instance without hardcoding any passwords to the database. In this patchAll passwords are still hardcoded in the helm chart to not break other parts of SDNC. Those values will be removed in a final patch. Issue-ID: OOM-2309 Change-Id: Ie998b3c5775807ef096074b18a18a1773120c1d6 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-20[DMaaP DR] Adding log level config to chartsefiacor4-2/+9
Change-Id: I3c34258810908b4eb26864f33ee1fc56216906a8 Signed-off-by: efiacor <fiachra.corcoran@est.tech> Issue-ID: DMAAP-1389
2020-02-20Merge "[COMMON] Use common mariadb-galera instance in network-name-gen"Sylvain Desbureaux3-15/+39
2020-02-20Merge "[OOF] Use common secret template for mariadb credentials"Sylvain Desbureaux8-54/+152
2020-02-20update msbPortdyh1-1/+1
Change-Id: Iff0251e5ccd432985d9b25ea80f004d7e772a652 Issue-ID: MODELING-317 Signed-off-by: dyh <dengyuanhong@chinamobile.com>
2020-02-19[COMMON] Use common mariadb-galera instance in network-name-genKrzysztof Opasiak3-15/+39
Improve usage of common secret template by removing all hardcoded values and use common mariadb-galera instance. Issue-ID: OOM-2249 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ia126a0b66d9e61c90114ff688cc52cc5fa4f5d58
2020-02-19Merge "[COMMON] Use common secret template in dgbuilder"Sylvain Desbureaux7-204/+119
2020-02-19Merge "[OOM] Bump postgresql version"Sylvain Desbureaux1-1/+1
2020-02-18Cluster Distributed lock service integration with OOM.Sebastien Premont-Tendland4-0/+107
Disabled by default. In order to enable cluster replicaCount should be higher than 2 and useScriptCompileCache is set to false. We need to disable script compile cache otherwise there is issue with updating CBA when running multiple replicas of blueprint processor. Issue-ID: CCSDK-2011 Signed-off-by: Sebastien Premont-Tendland <sebastien.premont@bell.ca> Change-Id: I6f6071556eb499832f9a765ba4c27100497c6e88
2020-02-18[OOM] Bump postgresql versionSylvain Desbureaux1-1/+1
Use version 10.11 deployed by crunchydata scripts version 4.2.1. this will: * remove some CVEs (in particular CVE-2019-10164) * use UTF-8 as default encoding Issue-ID: OOM-2290 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6f6ca18b48c435f55f5ffcb88e4f2dc83b758b84
2020-02-18Merge "[SO] Enable use of Keystone v3"Krzysztof Opasiak3-2/+8
2020-02-18Update git submodulesJames Forsyth1-0/+0
* Update kubernetes/aai from branch 'master' to 23f076495d36081f34a367067918d15fcc5ada8d - Merge "Add ingress controler support to AAI" - Add ingress controler support to AAI Issue-ID: OOM-2171 Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com> Change-Id: I9afdae36aa9afd1f80f88b5bb3a15935f9335a93
2020-02-18Merge "[SDC] Change default access mode for cert PVC"Krzysztof Opasiak1-1/+1
2020-02-18[COMMON] Use common secret template in dgbuilderKrzysztof Opasiak7-204/+119
Taken into account how "easy" it would be to modify the dgbuilder which is written in JavaScript (which is not my mother tongue to say the least) let's try to remove hardcoded passwords from config files without modifying the application container itself. In order to achieve this: 1) Remove createReleaseDir.sh script from the container as it is never used and contains a ton of passwords 2) Replace all sensitive values in config files with references to respective environment variables 3) Introduce init container that will run envsubst command on config files and copy them from ConfigMap value to the new volume which is backed by tmpfs so that the plain text passwords are never written to the disk For now all the hardcoded values are still there to minimize the risk of breaking the deployment but step by step they will be removed in next commits. Issue-ID: OOM-2247 Change-Id: I5a428e3415713857084ba6aaa6be9b04a8eb8c0f Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-18Merge "Removed use of vfc-redis from etsicatalog component"Sylvain Desbureaux2-4/+0
2020-02-17[OOF] Use common secret template for mariadb credentialsKrzysztof Opasiak8-54/+152
Remove all hardcoded credentials for mariadb and depend on common secret template to generate all passwords at the deployment time. Issue-ID: OOM-2292 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I54e57b317a8852469bcc11aabf6ddf0040ff5eb3
2020-02-17Merge "[DMaaP MR] Remove "lost+found" in kafka PVC"Krzysztof Opasiak1-0/+1
2020-02-17Merge "DNS test server for ingress controller"Krzysztof Opasiak10-0/+407
2020-02-17Merge "[COMMON] fix primary PVC for postgres template"Krzysztof Opasiak1-1/+0
2020-02-17DNS test server for ingress controllerLucjan Bryndza10-0/+407
Testing ingress controller based on virtual hosts requires a lot of entries in the /etc/hosts. The better way is to create DNS server for testing purposes. Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com> Issue-ID: OOM-2289 Change-Id: I2ab104c7391e9634972931ac7e79bec5711d2b39 Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
2020-02-17Merge "[VID] Don't hardcode mariadb-galera password"Sylvain Desbureaux4-44/+25
2020-02-15[VID] Don't hardcode mariadb-galera passwordKrzysztof Opasiak4-44/+25
Let's use common secret template to generate user credentials for VID DB and depend on mariadb-galera to generate secure enough root password. Issue-ID: OOM-2293 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ib474e202e9e35e6b2959d29648f542a89c87a4e5
2020-02-14Merge "[AAF] Loosen the limits for some AAF Components"Morgan Richomme3-4/+4
2020-02-14[COMMON] fix primary PVC for postgres templateSylvain Desbureaux1-1/+0
The last line of the template rewrites PVC storage class and thus the behavior is not the expected one. This patch removes the faulty (and unecessary) line. Issue-ID: OOM-1227 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ia0e2f6fbd7d40bbf0de719bbf35f0f0424e1a076
2020-02-13[SO] Enable use of Keystone v3Sylvain Desbureaux3-2/+8
SO can handle keystone v3 but override file must be capable to handle this. If openStackKeystoneVersion is set to "KEYSTONE_V3" in so-catalog-db-adapter config part, SO will be able to use keystone v3 for OpenStack Issue-ID: OOM-2221 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I14db318d25842a08ef380f6edb708e26dae050ad
2020-02-13Merge "Fix external secret name in mariadb-init"Sylvain Desbureaux2-3/+3
2020-02-13[AAF] Loosen the limits for some AAF ComponentsSylvain Desbureaux3-4/+4
aaf-locate anf aaf-cm limits may have been a bit too stringent. giving some space to these components Issue-ID: OOM-2230 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Id295f3e42bd7220144e5990322e9e6043e087e0e
2020-02-13Merge "Fix the wrong MSB_PROTO env value"Sylvain Desbureaux4-4/+4
2020-02-13Fix external secret name in mariadb-initKrzysztof Opasiak2-3/+3
mariadb-init chart should play nicely with mariadb-galera as it simplifies migration to common mariadb instance. Unfortunately after adding the support for common secret template I didn't pay enough attention to consistent naming convention and mariadb-galera and mariadb-init chart ended up being incompatible. To fix that let's just rename the mariadb-init chart config option to match exactly the one used in mariadb-galera chart. Issue-ID: OOM-2248 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I621804821292e2bd0b5b1dd3f010629d1cb5471f
2020-02-13Merge "Fix multicloud logging issue"Sylvain Desbureaux1-0/+4
2020-02-12Update git submodulesjimmy1-0/+0
* Update kubernetes/aai from branch 'master' to 764cd8514707c1630dbfa6792b8d15953d5b9a59 - Use v1.6.4 of resources Issue-ID: AAI-2796 Change-Id: I865ce2259fe7112c60ca9ab6ab6a6222b20f0527 Signed-off-by: Jimmy Forsyth <jf2512@att.com>
2020-02-12Pick up new tls init containerJack Lucas17-51/+34
Remove unneeded dashboard inputs file Prepend release name to filebeat configmap name Issue-ID: DCAEGEN2-917 Issue-ID: DCAEGEN2-1923 Issue-ID: DCAEGEN2-1805 Signed-off-by: Jack Lucas <jflucas@research.att.com> Change-Id: I53ef20046d7e16c4e0a2defd41c846d91af4ec09
2020-02-12Merge "Make use msb iag with https"Morgan Richomme33-2/+84
2020-02-12Merge "Enable underscore in headers in nginx config"Sylvain Desbureaux1-0/+2
2020-02-12Make use msb iag with httpsyangyan33-2/+84
Change-Id: I8602f2cbe425a061470e62d2a6fc490904f42256 Issue-ID: VFC-1601 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2020-02-12Merge "These OOM changes are related AAF Integration"Sylvain Desbureaux33-124/+510
2020-02-12Merge "Sync up the properties file with current CDS version."Sylvain Desbureaux1-1/+9