Age | Commit message (Collapse) | Author | Files | Lines |
|
ElasticSearch run as non-root user
Issue-ID: CLAMP-668
Change-Id: I786e2ff8babf4b78fa6dfdf63ff9cd486099fbac
Signed-off-by: osgn422w <gervais-martial.ngueko@intl.att.com>
|
|
|
|
|
|
|
|
|
|
|
|
Issue-ID: AAI-2734
Signed-off-by: Jimmy Forsyth <jf2512@att.com>
Change-Id: I7ae419b70f3349e6d0d5007132cfc46ec3810c58
|
|
|
|
For some reason after introducing our awesome templates to ONAP make
command can take now quite a lot of time, which sometimes causes out
CI jobs to fail.
Command that takes so much time is helm lint.
This patch adds a Makefile option that allows you to skip linting of
helm charts and just build them. Example:
make SKIP_LINT=TRUE
Default behavior stays unchanged.
Issue-ID: OOM-2055
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ic50bad0cc82892e1daecc5761d6144d788a79d9f
|
|
move dashboard to Opendistro and certificate update
Issue-ID: CLAMP-483
Change-Id: Ibaba1d517c13adeab611ab23749fb16295081372
Signed-off-by: osgn422w <gervais-martial.ngueko@intl.att.com>
|
|
|
|
Whole SDNC strongly depends on the assumption that it is using a
common mariadb-galera instance and that root password is secret
password. Also user and password to sdnc DB is hardcoded.
Let's start working on removing this assumption and component by
component add support for local and shared mariadb instance without
hardcoding any passwords to the database.
In this patch all passwords are still hardcoded in the helm chart to
not break other parts of SDNC. Those values will be removed in a final patch.
Issue-ID: OOM-2309
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I3280f9d7ff4933d4e50b94ca248676ed9aa6688d
|
|
Whole SDNC strongly depends on the assumption that it is using a
common mariadb-galera instance and that root password is secret
password. Also user and password to sdnc DB is hardcoded.
Let's start working on removing this assumption and component by
component add support for local and shared mariadb instance without
hardcoding any passwords to the database.
In this patch all passwords are still hardcoded in the helm chart to
not break other parts of SDNC. Those values will be removed in a final patch.
Issue-ID: OOM-2309
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Idb460e72301dd63082d7890d34fea923df3ac426
|
|
Whole SDNC strongly depends on the assumption that it is using a
common mariadb-galera instance and that root password is secret
password. Also user and password to sdnc DB is hardcoded.
Let's start working on removing this assumption and component by
component add support for local and shared mariadb instance without
hardcoding any passwords to the database.
In this patchAll passwords are still hardcoded in the helm chart to
not break other parts of SDNC. Those values will be removed in a final patch.
Issue-ID: OOM-2309
Change-Id: Ie998b3c5775807ef096074b18a18a1773120c1d6
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Change-Id: I3c34258810908b4eb26864f33ee1fc56216906a8
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Issue-ID: DMAAP-1389
|
|
|
|
|
|
Change-Id: Iff0251e5ccd432985d9b25ea80f004d7e772a652
Issue-ID: MODELING-317
Signed-off-by: dyh <dengyuanhong@chinamobile.com>
|
|
Improve usage of common secret template by removing all hardcoded
values and use common mariadb-galera instance.
Issue-ID: OOM-2249
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ia126a0b66d9e61c90114ff688cc52cc5fa4f5d58
|
|
|
|
|
|
Disabled by default. In order to enable cluster replicaCount
should be higher than 2 and useScriptCompileCache is set to false.
We need to disable script compile cache otherwise there is
issue with updating CBA when running multiple replicas of
blueprint processor.
Issue-ID: CCSDK-2011
Signed-off-by: Sebastien Premont-Tendland <sebastien.premont@bell.ca>
Change-Id: I6f6071556eb499832f9a765ba4c27100497c6e88
|
|
Use version 10.11 deployed by crunchydata scripts version 4.2.1.
this will:
* remove some CVEs (in particular CVE-2019-10164)
* use UTF-8 as default encoding
Issue-ID: OOM-2290
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6f6ca18b48c435f55f5ffcb88e4f2dc83b758b84
|
|
|
|
* Update kubernetes/aai from branch 'master'
to 23f076495d36081f34a367067918d15fcc5ada8d
- Merge "Add ingress controler support to AAI"
- Add ingress controler support to AAI
Issue-ID: OOM-2171
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Change-Id: I9afdae36aa9afd1f80f88b5bb3a15935f9335a93
|
|
|
|
Taken into account how "easy" it would be to modify the dgbuilder
which is written in JavaScript (which is not my mother tongue to say
the least) let's try to remove hardcoded passwords from config files
without modifying the application container itself.
In order to achieve this:
1) Remove createReleaseDir.sh script from the container as it is never
used and contains a ton of passwords
2) Replace all sensitive values in config files with references to
respective environment variables
3) Introduce init container that will run envsubst command on config
files and copy them from ConfigMap value to the new volume which is
backed by tmpfs so that the plain text passwords are never written to
the disk
For now all the hardcoded values are still there to minimize the risk
of breaking the deployment but step by step they will be removed in
next commits.
Issue-ID: OOM-2247
Change-Id: I5a428e3415713857084ba6aaa6be9b04a8eb8c0f
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
|
|
Remove all hardcoded credentials for mariadb and depend on common
secret template to generate all passwords at the deployment time.
Issue-ID: OOM-2292
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I54e57b317a8852469bcc11aabf6ddf0040ff5eb3
|
|
|
|
|
|
|
|
Testing ingress controller based on virtual hosts
requires a lot of entries in the /etc/hosts.
The better way is to create DNS server for testing purposes.
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Issue-ID: OOM-2289
Change-Id: I2ab104c7391e9634972931ac7e79bec5711d2b39
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
|
|
|
|
Let's use common secret template to generate user credentials for VID
DB and depend on mariadb-galera to generate secure enough root
password.
Issue-ID: OOM-2293
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ib474e202e9e35e6b2959d29648f542a89c87a4e5
|
|
|
|
The last line of the template rewrites PVC storage class and thus the
behavior is not the expected one.
This patch removes the faulty (and unecessary) line.
Issue-ID: OOM-1227
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ia0e2f6fbd7d40bbf0de719bbf35f0f0424e1a076
|
|
SO can handle keystone v3 but override file must be capable to handle
this.
If openStackKeystoneVersion is set to "KEYSTONE_V3" in
so-catalog-db-adapter config part, SO will be able to use keystone v3
for OpenStack
Issue-ID: OOM-2221
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I14db318d25842a08ef380f6edb708e26dae050ad
|
|
|
|
aaf-locate anf aaf-cm limits may have been a bit too stringent.
giving some space to these components
Issue-ID: OOM-2230
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Id295f3e42bd7220144e5990322e9e6043e087e0e
|
|
|
|
mariadb-init chart should play nicely with mariadb-galera as it
simplifies migration to common mariadb instance.
Unfortunately after adding the support for common secret template I
didn't pay enough attention to consistent naming convention and
mariadb-galera and mariadb-init chart ended up being incompatible. To
fix that let's just rename the mariadb-init chart config option to
match exactly the one used in mariadb-galera chart.
Issue-ID: OOM-2248
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I621804821292e2bd0b5b1dd3f010629d1cb5471f
|
|
|
|
* Update kubernetes/aai from branch 'master'
to 764cd8514707c1630dbfa6792b8d15953d5b9a59
- Use v1.6.4 of resources
Issue-ID: AAI-2796
Change-Id: I865ce2259fe7112c60ca9ab6ab6a6222b20f0527
Signed-off-by: Jimmy Forsyth <jf2512@att.com>
|
|
Remove unneeded dashboard inputs file
Prepend release name to filebeat configmap name
Issue-ID: DCAEGEN2-917
Issue-ID: DCAEGEN2-1923
Issue-ID: DCAEGEN2-1805
Signed-off-by: Jack Lucas <jflucas@research.att.com>
Change-Id: I53ef20046d7e16c4e0a2defd41c846d91af4ec09
|
|
|
|
|
|
Change-Id: I8602f2cbe425a061470e62d2a6fc490904f42256
Issue-ID: VFC-1601
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
|
|
|
|
|