summaryrefslogtreecommitdiffstats
path: root/kubernetes
AgeCommit message (Collapse)AuthorFilesLines
2020-02-01[APPC] Don't hardcode mariadb root passwordKrzysztof Opasiak6-26/+16
You should never ever assume that secretpassword is a production ready password for your mariadb-galera instance. Instead let's just share a secret with our instance of mariadb-galera. Issue-ID: OOM-2275 Change-Id: I25486ad81a2ec428dbbd379ab3529c84f55acc4b Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Don't create dummy mysql DB by default in a shared instanceKrzysztof Opasiak1-2/+2
When deploying a shared mariadb-galera instance using common chart a dummy database is created based on the default values n the chart. This is obviously unnecessary and creates an obviousl security issue. That's why let's make sure that when we deploy a shared mariadb instance no dummy databases are created. Issue-ID: OOM-2053 Change-Id: I1130cb8eb555b15a2d8b365102d69e32259233eb Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Allow to lint chart without master passwordKrzysztof Opasiak1-0/+3
When you type make in kubernetes directory all charts are linted. If one of them try to generate password whole linting process ends with an error because masterPassword has not been provided and there is no default value for it. To avoid this issue but still don't provide any default value whcih would be obviously insecure in this context, let's just test current release name. If it matches "testRelease" we treat whis as a special case and use predefined master key. Security implication: You should never, ever name your productional deployment "testRelease" nor use it as a master password. Issue-ID: OOM-2052 Change-Id: I7a2132e81f6910dfea562e8930c7eacd7aa7a00b Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Make network-name-gen use common secrets templateKrzysztof Opasiak3-19/+15
For now we use it only for DB secret but in a future also other secrets should be replaced. Issue-ID: OOM-2249 Change-Id: Ie6515806c39c6a2cd94be378b5210156b78f4afb Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Provide convenience templates for mariadb secretsKrzysztof Opasiak5-8/+45
Usage of plain strings is very fragile especially when you try to change them. That's why instead of depending on strings let's just define a few convenience templates to be used in projects that use mariadb-galera chart. Issue-ID: OOM-2249 Change-Id: Ib867d34090b06a15ea3898a9524f5e3d04a656c0 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Expose common.secret.genName templateKrzysztof Opasiak1-9/+10
This template used to be for internal use only but it turned out to be very useful in number of places so let's just expose it. Issue-ID: OOM-2249 Change-Id: I57cd31681fb5edb4ac95b0b7b2446a364ce826d2 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Allow to generate fullname based on passed chart nameKrzysztof Opasiak1-1/+11
By default common.fullname uses .Chart.Name or .Values.nameOverride to generate a "full name" used in many places. In some cases it may be convenient to be able to generate this full name for a specific, well known chart name. Issue-ID: OOM-2249 Change-Id: I68034c1c5df81ae9533f5f4bc6fab58f2416623a Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Allow to search secret by uid even if name is OverriddenKrzysztof Opasiak1-3/+6
In some cases it is useful to bypass default policy for secret name generation and provide a custom name for a secret. In this case current search implementation got confused and couln't find a secret based on uid. This patch fixes the issue by comaring not only name but also uid. Issue-ID: OOM-2246 Change-Id: Iaea7a23fee09aa388968aad792ba7f7e1fbf2f21 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Use common secret template in mariadb-initKrzysztof Opasiak5-44/+54
Use common secret template for all passwords that are used inside this chart. Issue-ID: OOM-2248 Change-Id: Ia94b87a4d0316a3d334fd492521be5a255c14b4e Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-02-01[ONAP-wide] Replace .Release.Name with common.releaseKrzysztof Opasiak604-1401/+1399
ONAP is too big to be deployed using helm install so we need to use a custom helm plugin helm deploy. This script deloys onap component by component instead of deploying evrything at once. Unfortunately this script also modifies the helm release by appending component name to it. As a result of this behavior our objects are called for example: onap-mariadb-galera-mariadb-galera-0 instead of just being called onap-mariadb-galera-0. This patch simplifies this naming convention by replacing all direct usages of .Release.Name with common.release macro which strips the component specific part from the release name. Issue-ID: OOM-2275 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ia8cead50d305adb00eef666d0a1ace74479b5183
2020-02-01Remove additional _helpers filesKrzysztof Opasiak4-67/+4
Helm by default creates some useful templates in _helpers.tpl file. This is fine for stand alone charts but when they become part of ONAP those helpers are no longer needed as our common components already provides all required functions Issue-ID: OOM-2278 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I659e4b45b031e87cc87f7bbbb22bf9e23cd74e61
2020-01-30Update git submodulesMarco Platania1-0/+0
* Update kubernetes/robot from branch 'master' to 091f164a832479cb40ad6f5d7e4960269e75f87f - Merge "Adjust ETE runner for security tests" - Adjust ETE runner for security tests This patch adds gathering data which cannot be easily obtained from within "robot" pod (without granting it access to "kubectl" tool and as a side effect - cluster modifications). It introduces dependency to python3 on operator's machine (to convert "kubectl" tool filtered output to JSON). Issue-ID: SECCOM-261 Change-Id: Ie5057f65f79337896191b51cfad1b3e06623f80b Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2020-01-30Merge "Revert "basic auth for so-monitoring""Morgan Richomme1-8/+0
2020-01-29Merge changes Ia6344de1,I642bdc7aMorgan Richomme2-3/+3
* changes: VID: Update to version 6.0.2 (Frankfurt wave 1) VID logging adjustments to portal-sdk 2.6.0
2020-01-28Merge "Add VID to onap-vfw overrides"Morgan Richomme1-1/+3
2020-01-28Update git submodulesKrzysztof Opasiak1-0/+0
* Update kubernetes/aai from branch 'master' to f636b1cc2bf7d391dc76956e906a6f497ef1b092 - Remove space from file name Remove the awkward space from the file name and replace it with a dash. Issue-ID: OOM-2275 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ia0d55fae839d5ef865ac53659d93cbda5ba4212a
2020-01-27VID: Update to version 6.0.2 (Frankfurt wave 1)Ittay Stern1-1/+1
Issue-ID: VID-716 Change-Id: Ia6344de1aa524d25a8818e18bfe693cacffc26c8 Signed-off-by: Ittay Stern <ittay.stern@att.com>
2020-01-27VID logging adjustments to portal-sdk 2.6.0Ittay Stern1-2/+2
Issue-ID: VID-253 Issue-ID: VID-471 Change-Id: I642bdc7a3926bf3be897f959aa1886617b2978d6 Signed-off-by: Ittay Stern <ittay.stern@att.com>
2020-01-26Merge "[AAF] Fix PVC for sshsm"Borislav Glozman1-3/+0
2020-01-26Merge "[COMMON] Fix PV/PVC for postgres"Borislav Glozman4-0/+13
2020-01-23Update git submodulesForsyth, James (jf2512)1-0/+0
* Update kubernetes/aai from branch 'master' to 69f85c4ba9f621e5f5172c0dd637048fe7ef3cfd - Update charts for released containers Issue-ID: AAI-2763 Change-Id: Ie005febc51040e1dd7fffb104171ee1ee2ccdd98 Signed-off-by: Forsyth, James (jf2512) <jf2512@att.com>
2020-01-23Merge "[COMMON] Add missing ! in db_init.sh script"Sylvain Desbureaux1-2/+2
2020-01-23[COMMON] Fix PV/PVC for postgresSylvain Desbureaux4-0/+13
When creating https://gerrit.onap.org/r/c/oom/+/99478, forgot to backport storage class part of https://gerrit.onap.org/r/c/oom/+/98962. Issue-ID: OOM-2234 Issue-ID: OOM-1227 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I3c42b28ad5bea67eda004b0209c8a21783b539f1
2020-01-23[AAF] Fix PVC for sshsmSylvain Desbureaux1-3/+0
https://gerrit.onap.org/r/c/oom/+/98938 forgot to remove selectors for PVC and prevent it to work with storage class. Issue-ID: OOM-1227 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ieb45ecbe8c046d6c3bc72e47776df3c9d64de2e5
2020-01-22[COMMON] Add missing ! in db_init.sh scriptKrzysztof Opasiak1-2/+2
For some reason unknown to me I was stupid enough to forget to put ! in a front of variable name in the final vesion of script. Let's just quickly fix that so that not too many people notice;) Issue-ID: OOM-2248 Change-Id: I0b8891b94856b21f4b1fad1d6731c461bae2c1aa Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-01-22Update git submodulesSylvain Desbureaux1-0/+0
* Update kubernetes/robot from branch 'master' to 4bd799e5dbcbf2131a685bf73319e962ace86f5c - Move Storage access to RWO Today when deploying Robot with OOM, the PersistentVolumeClaim needs the "ReadWriteMany" (or "RWX") capability. According to Kubernetes Documentation (https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes), ReadWriteMany stands for "the volume can be mounted as read-write by many nodes". That means that a particular PVC needs to be read and written from many pods. That also means that your code takes that into account and do the work to avoid write at the same place at the same time. An issue on RWX mode is that most "official" storage driver from Kubernetes doesn't support it (13 over the 19 drivers doesn't support it, espacially OpenStack, Amazon and Google storage classes). Robot PVC is used only for one Robot instance. Thus we don't need RWX. Issue-ID: INT-1230 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I300e34a9d4be40b36153812d2a99c458cae6b2c9
2020-01-22Merge "aaf auto cert generation"Sylvain Desbureaux6-3/+108
2020-01-21aaf auto cert generationAgarwal, Ruchira (ra1926)6-3/+108
Add support for AAF init container for config and cert generation Issue-ID: SDNC-755 Signed-off-by: Agarwal, Ruchira (ra1926) <ra1926@att.com> Change-Id: I06ee7921b6dbb1b4b9ca64cf276a374256af3a45 Signed-off-by: Agarwal, Ruchira (ra1926) <ra1926@att.com>
2020-01-21Merge "Add CDS application properties for custom headers for aai calls"Sylvain Desbureaux1-0/+3
2020-01-21Merge "[COMMON] Improve mariadb-init job script"Sylvain Desbureaux2-17/+26
2020-01-21Merge "Update SO-VNFM-Adapter override.yaml for ETSI"Sylvain Desbureaux2-1/+10
2020-01-20Merge "[COMMON] Use deployment for postgresql"Mike Elliott36-9/+1894
2020-01-20Update git submodulesDaniel Rose1-0/+0
* Update kubernetes/robot from branch 'master' to 80a8b8c11d94af39ed26701dc10f2d3fc9e9a042 - Merge "Add ingress controler support to ROBOT" - Add ingress controler support to ROBOT Issue-ID: OOM-2186 Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com> Change-Id: Id6b6f6d1a5d9ea83f73b914509098f7711a6418a
2020-01-17Update git submodulesJames Forsyth1-0/+0
* Update kubernetes/aai from branch 'master' to c8663688eb2755ca5adc4f570c7acf76b6f9a077 - Merge "Remove the usage of uuidv4 since it was causing the deployment to change at every "helm deploy" causing AAI ha proxy pod to restart and cause AAI outage." - Remove the usage of uuidv4 since it was causing the deployment to change at every "helm deploy" causing AAI ha proxy pod to restart and cause AAI outage. Issue-ID: OOM-2226 Signed-off-by: Sebastien Premont-Tendland <sebastien.premont@bell.ca> Change-Id: I03aa47240251fe182ecd841a99a9b99a20c88d65
2020-01-17Add VID to onap-vfw overridesBrian Freeman1-1/+3
Issue-ID: OOM-2266 Change-Id: I0c571c765cb099b1f2e7886bc686e24a436f290e Signed-off-by: Brian Freeman <bf1936@att.com>
2020-01-17Update git submodulesrajendrajaiswal1-0/+0
* Update kubernetes/robot from branch 'master' to ff678657c0fa534840d063131432e1994829f660 - Update DCAE username and password Change-Id: I575be45bbbd2c53a897eac87f303e45cc2fce976 Issue-ID: INT-1375 Signed-off-by: rajendrajaiswal <rajendra.jaiswal@ericsson.com>
2020-01-16OOM-2261 readiness-check does not track DaemonSetdfx19711-1/+17
Issue-ID: OOM-2261 Signed-off-by: Avi Ziv<avi.ziv@amdocs.com> Change-Id: I7f220f8b6b64165c33ed8d707834091240136199 Signed-off-by: Avi Ziv<avi.ziv@amdocs.com> Change-Id: I7f220f8b6b64165c33ed8d707834091240136199
2020-01-15Merge "Add ingress controler support to APPC"Sylvain Desbureaux4-0/+14
2020-01-15Update SO-VNFM-Adapter override.yaml for ETSIrope2522-1/+10
Change-Id: I6b99ccf9bd50d2ec50693df9d4122417b22bcf7a Issue-ID: SO-2575 Signed-off-by: rope252 <gareth.roper@est.tech>
2020-01-13[Contrib] Force version on AWXSylvain Desbureaux1-3/+3
As latest are buggy Change-Id: I8bad9075bc7f4cbcb4bd8274bfbef3d24b15f843 Issue-ID: OOM-2260 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-01-13Update git submodulesHarish Venkata Kajur1-0/+0
* Update kubernetes/aai from branch 'master' to d801a6ee395220b11bfac773c3111489282e735c - Use the frankfurt release data router image Issue-ID: AAI-2727 Change-Id: I85fc2b830156e913abc845b91348990ff2127b20 Signed-off-by: Harish Venkata Kajur <vk250x@att.com>
2020-01-13[COMMON] Improve mariadb-init job scriptKrzysztof Opasiak2-17/+26
Replace two sets of commands with a simple loop. Issue-ID: OOM-2248 Change-Id: I83a748cdad256e7206310d45a987530b4acc621b Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-01-12Merge "VID: Update to version 6.0.1"Sylvain Desbureaux1-1/+1
2020-01-10Merge "[DMaaP] Wait for AAF locate before AAF config"Mike Elliott1-0/+14
2020-01-10Merge "[POMBA] Use global storage templates for PVC"Mike Elliott8-37/+158
2020-01-09VID: Update to version 6.0.1Ittay Stern1-1/+1
Release 6.0.1 supports the current OOM chart setup (without VID_KEYSTORE_PASSWORD workaround). Issue-ID: VID-650 Issue-ID: VID-716 Change-Id: Ie326a9b0cc5c892f815470384b92938ab2312c62 Signed-off-by: Ittay Stern <ittay.stern@att.com>
2020-01-08Add CDS application properties for custom headers for aai callsJozsef Csongvai1-0/+3
Issue-ID: CCSDK-2020 Signed-off-by: Jozsef Csongvai <jozsef.csongvai@bell.ca> Change-Id: Ifebfdaef0907ce441e567d1ff1fc105e0be62243
2020-01-08Enabling logback file to be loaded using configmap for policy componentsa.sreekumar5-6/+10
Change-Id: Ic73ad605ac3aca689221afed258eb3673398e425 Issue-ID: POLICY-2308 Signed-off-by: a.sreekumar <ajith.sreekumar@est.tech>
2020-01-07Merge changes I78e22429,Ic101f384,I8dd4128bSylvain Desbureaux8-38/+307
* changes: Use common secret template in mariadb-galera Improve common secret template Add secret template to common templates
2020-01-07Merge "Update Validation topic passwords for obfuscation"Sylvain Desbureaux3-3/+3