Age | Commit message (Collapse) | Author | Files | Lines |
|
You should never ever assume that secretpassword is a production
ready password for your mariadb-galera instance. Instead let's
just share a secret with our instance of mariadb-galera.
Issue-ID: OOM-2275
Change-Id: I25486ad81a2ec428dbbd379ab3529c84f55acc4b
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
When deploying a shared mariadb-galera instance using common chart
a dummy database is created based on the default values n the chart.
This is obviously unnecessary and creates an obviousl security issue.
That's why let's make sure that when we deploy a shared mariadb
instance no dummy databases are created.
Issue-ID: OOM-2053
Change-Id: I1130cb8eb555b15a2d8b365102d69e32259233eb
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
When you type make in kubernetes directory all charts are linted.
If one of them try to generate password whole linting process
ends with an error because masterPassword has not been provided
and there is no default value for it.
To avoid this issue but still don't provide any default value
whcih would be obviously insecure in this context, let's just
test current release name. If it matches "testRelease" we treat whis
as a special case and use predefined master key.
Security implication:
You should never, ever name your productional deployment "testRelease"
nor use it as a master password.
Issue-ID: OOM-2052
Change-Id: I7a2132e81f6910dfea562e8930c7eacd7aa7a00b
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
For now we use it only for DB secret but in a future also
other secrets should be replaced.
Issue-ID: OOM-2249
Change-Id: Ie6515806c39c6a2cd94be378b5210156b78f4afb
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Usage of plain strings is very fragile especially when you try
to change them. That's why instead of depending on strings let's
just define a few convenience templates to be used in projects
that use mariadb-galera chart.
Issue-ID: OOM-2249
Change-Id: Ib867d34090b06a15ea3898a9524f5e3d04a656c0
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
This template used to be for internal use only but it turned out
to be very useful in number of places so let's just expose it.
Issue-ID: OOM-2249
Change-Id: I57cd31681fb5edb4ac95b0b7b2446a364ce826d2
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
By default common.fullname uses .Chart.Name or
.Values.nameOverride to generate a "full name" used in many
places.
In some cases it may be convenient to be able to generate this
full name for a specific, well known chart name.
Issue-ID: OOM-2249
Change-Id: I68034c1c5df81ae9533f5f4bc6fab58f2416623a
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
In some cases it is useful to bypass default policy for secret name
generation and provide a custom name for a secret. In this case
current search implementation got confused and couln't find a secret
based on uid. This patch fixes the issue by comaring not only name
but also uid.
Issue-ID: OOM-2246
Change-Id: Iaea7a23fee09aa388968aad792ba7f7e1fbf2f21
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Use common secret template for all passwords that are used
inside this chart.
Issue-ID: OOM-2248
Change-Id: Ia94b87a4d0316a3d334fd492521be5a255c14b4e
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
ONAP is too big to be deployed using helm install so we need to
use a custom helm plugin helm deploy. This script deloys onap
component by component instead of deploying evrything at
once. Unfortunately this script also modifies the helm release by
appending component name to it.
As a result of this behavior our objects are called for example:
onap-mariadb-galera-mariadb-galera-0
instead of just being called onap-mariadb-galera-0.
This patch simplifies this naming convention by replacing all direct
usages of .Release.Name with common.release macro which strips the
component specific part from the release name.
Issue-ID: OOM-2275
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ia8cead50d305adb00eef666d0a1ace74479b5183
|
|
Helm by default creates some useful templates in _helpers.tpl
file. This is fine for stand alone charts but when they become
part of ONAP those helpers are no longer needed as our common
components already provides all required functions
Issue-ID: OOM-2278
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I659e4b45b031e87cc87f7bbbb22bf9e23cd74e61
|
|
* Update kubernetes/robot from branch 'master'
to 091f164a832479cb40ad6f5d7e4960269e75f87f
- Merge "Adjust ETE runner for security tests"
- Adjust ETE runner for security tests
This patch adds gathering data which cannot be easily obtained from
within "robot" pod (without granting it access to "kubectl" tool and as
a side effect - cluster modifications).
It introduces dependency to python3 on operator's machine (to convert
"kubectl" tool filtered output to JSON).
Issue-ID: SECCOM-261
Change-Id: Ie5057f65f79337896191b51cfad1b3e06623f80b
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
|
|
* changes:
VID: Update to version 6.0.2 (Frankfurt wave 1)
VID logging adjustments to portal-sdk 2.6.0
|
|
|
|
* Update kubernetes/aai from branch 'master'
to f636b1cc2bf7d391dc76956e906a6f497ef1b092
- Remove space from file name
Remove the awkward space from the file name and replace it with a
dash.
Issue-ID: OOM-2275
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ia0d55fae839d5ef865ac53659d93cbda5ba4212a
|
|
Issue-ID: VID-716
Change-Id: Ia6344de1aa524d25a8818e18bfe693cacffc26c8
Signed-off-by: Ittay Stern <ittay.stern@att.com>
|
|
Issue-ID: VID-253
Issue-ID: VID-471
Change-Id: I642bdc7a3926bf3be897f959aa1886617b2978d6
Signed-off-by: Ittay Stern <ittay.stern@att.com>
|
|
|
|
|
|
* Update kubernetes/aai from branch 'master'
to 69f85c4ba9f621e5f5172c0dd637048fe7ef3cfd
- Update charts for released containers
Issue-ID: AAI-2763
Change-Id: Ie005febc51040e1dd7fffb104171ee1ee2ccdd98
Signed-off-by: Forsyth, James (jf2512) <jf2512@att.com>
|
|
|
|
When creating https://gerrit.onap.org/r/c/oom/+/99478, forgot to
backport storage class part of https://gerrit.onap.org/r/c/oom/+/98962.
Issue-ID: OOM-2234
Issue-ID: OOM-1227
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I3c42b28ad5bea67eda004b0209c8a21783b539f1
|
|
https://gerrit.onap.org/r/c/oom/+/98938 forgot to remove selectors for
PVC and prevent it to work with storage class.
Issue-ID: OOM-1227
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ieb45ecbe8c046d6c3bc72e47776df3c9d64de2e5
|
|
For some reason unknown to me I was stupid enough to forget to
put ! in a front of variable name in the final vesion of script.
Let's just quickly fix that so that not too many people notice;)
Issue-ID: OOM-2248
Change-Id: I0b8891b94856b21f4b1fad1d6731c461bae2c1aa
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
* Update kubernetes/robot from branch 'master'
to 4bd799e5dbcbf2131a685bf73319e962ace86f5c
- Move Storage access to RWO
Today when deploying Robot with OOM, the PersistentVolumeClaim needs the
"ReadWriteMany" (or "RWX") capability.
According to Kubernetes Documentation (https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes),
ReadWriteMany stands for "the volume can be mounted as read-write by many nodes".
That means that a particular PVC needs to be read and written from many pods.
That also means that your code takes that into account and do the work to avoid
write at the same place at the same time.
An issue on RWX mode is that most "official" storage driver from Kubernetes doesn't
support it (13 over the 19 drivers doesn't support it, espacially OpenStack, Amazon
and Google storage classes).
Robot PVC is used only for one Robot instance. Thus we don't need RWX.
Issue-ID: INT-1230
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I300e34a9d4be40b36153812d2a99c458cae6b2c9
|
|
|
|
Add support for AAF init container for config and cert generation
Issue-ID: SDNC-755
Signed-off-by: Agarwal, Ruchira (ra1926) <ra1926@att.com>
Change-Id: I06ee7921b6dbb1b4b9ca64cf276a374256af3a45
Signed-off-by: Agarwal, Ruchira (ra1926) <ra1926@att.com>
|
|
|
|
|
|
|
|
|
|
* Update kubernetes/robot from branch 'master'
to 80a8b8c11d94af39ed26701dc10f2d3fc9e9a042
- Merge "Add ingress controler support to ROBOT"
- Add ingress controler support to ROBOT
Issue-ID: OOM-2186
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Change-Id: Id6b6f6d1a5d9ea83f73b914509098f7711a6418a
|
|
* Update kubernetes/aai from branch 'master'
to c8663688eb2755ca5adc4f570c7acf76b6f9a077
- Merge "Remove the usage of uuidv4 since it was causing the deployment to change at every "helm deploy" causing AAI ha proxy pod to restart and cause AAI outage."
- Remove the usage of uuidv4 since it was causing the deployment
to change at every "helm deploy" causing AAI ha proxy
pod to restart and cause AAI outage.
Issue-ID: OOM-2226
Signed-off-by: Sebastien Premont-Tendland <sebastien.premont@bell.ca>
Change-Id: I03aa47240251fe182ecd841a99a9b99a20c88d65
|
|
Issue-ID: OOM-2266
Change-Id: I0c571c765cb099b1f2e7886bc686e24a436f290e
Signed-off-by: Brian Freeman <bf1936@att.com>
|
|
* Update kubernetes/robot from branch 'master'
to ff678657c0fa534840d063131432e1994829f660
- Update DCAE username and password
Change-Id: I575be45bbbd2c53a897eac87f303e45cc2fce976
Issue-ID: INT-1375
Signed-off-by: rajendrajaiswal <rajendra.jaiswal@ericsson.com>
|
|
Issue-ID: OOM-2261
Signed-off-by: Avi Ziv<avi.ziv@amdocs.com>
Change-Id: I7f220f8b6b64165c33ed8d707834091240136199
Signed-off-by: Avi Ziv<avi.ziv@amdocs.com>
Change-Id: I7f220f8b6b64165c33ed8d707834091240136199
|
|
|
|
Change-Id: I6b99ccf9bd50d2ec50693df9d4122417b22bcf7a
Issue-ID: SO-2575
Signed-off-by: rope252 <gareth.roper@est.tech>
|
|
As latest are buggy
Change-Id: I8bad9075bc7f4cbcb4bd8274bfbef3d24b15f843
Issue-ID: OOM-2260
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
* Update kubernetes/aai from branch 'master'
to d801a6ee395220b11bfac773c3111489282e735c
- Use the frankfurt release data router image
Issue-ID: AAI-2727
Change-Id: I85fc2b830156e913abc845b91348990ff2127b20
Signed-off-by: Harish Venkata Kajur <vk250x@att.com>
|
|
Replace two sets of commands with a simple loop.
Issue-ID: OOM-2248
Change-Id: I83a748cdad256e7206310d45a987530b4acc621b
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
|
|
|
|
|
|
Release 6.0.1 supports the current OOM chart setup (without
VID_KEYSTORE_PASSWORD workaround).
Issue-ID: VID-650
Issue-ID: VID-716
Change-Id: Ie326a9b0cc5c892f815470384b92938ab2312c62
Signed-off-by: Ittay Stern <ittay.stern@att.com>
|
|
Issue-ID: CCSDK-2020
Signed-off-by: Jozsef Csongvai <jozsef.csongvai@bell.ca>
Change-Id: Ifebfdaef0907ce441e567d1ff1fc105e0be62243
|
|
Change-Id: Ic73ad605ac3aca689221afed258eb3673398e425
Issue-ID: POLICY-2308
Signed-off-by: a.sreekumar <ajith.sreekumar@est.tech>
|
|
* changes:
Use common secret template in mariadb-galera
Improve common secret template
Add secret template to common templates
|
|
|