summaryrefslogtreecommitdiffstats
path: root/kubernetes
AgeCommit message (Collapse)AuthorFilesLines
2020-02-18[COMMON] Use common secret template in dgbuilderKrzysztof Opasiak7-204/+119
Taken into account how "easy" it would be to modify the dgbuilder which is written in JavaScript (which is not my mother tongue to say the least) let's try to remove hardcoded passwords from config files without modifying the application container itself. In order to achieve this: 1) Remove createReleaseDir.sh script from the container as it is never used and contains a ton of passwords 2) Replace all sensitive values in config files with references to respective environment variables 3) Introduce init container that will run envsubst command on config files and copy them from ConfigMap value to the new volume which is backed by tmpfs so that the plain text passwords are never written to the disk For now all the hardcoded values are still there to minimize the risk of breaking the deployment but step by step they will be removed in next commits. Issue-ID: OOM-2247 Change-Id: I5a428e3415713857084ba6aaa6be9b04a8eb8c0f Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-17Merge "[VID] Don't hardcode mariadb-galera password"Sylvain Desbureaux4-44/+25
2020-02-15[VID] Don't hardcode mariadb-galera passwordKrzysztof Opasiak4-44/+25
Let's use common secret template to generate user credentials for VID DB and depend on mariadb-galera to generate secure enough root password. Issue-ID: OOM-2293 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ib474e202e9e35e6b2959d29648f542a89c87a4e5
2020-02-14Merge "[AAF] Loosen the limits for some AAF Components"Morgan Richomme3-4/+4
2020-02-13Merge "Fix external secret name in mariadb-init"Sylvain Desbureaux2-3/+3
2020-02-13[AAF] Loosen the limits for some AAF ComponentsSylvain Desbureaux3-4/+4
aaf-locate anf aaf-cm limits may have been a bit too stringent. giving some space to these components Issue-ID: OOM-2230 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Id295f3e42bd7220144e5990322e9e6043e087e0e
2020-02-13Merge "Fix the wrong MSB_PROTO env value"Sylvain Desbureaux4-4/+4
2020-02-13Fix external secret name in mariadb-initKrzysztof Opasiak2-3/+3
mariadb-init chart should play nicely with mariadb-galera as it simplifies migration to common mariadb instance. Unfortunately after adding the support for common secret template I didn't pay enough attention to consistent naming convention and mariadb-galera and mariadb-init chart ended up being incompatible. To fix that let's just rename the mariadb-init chart config option to match exactly the one used in mariadb-galera chart. Issue-ID: OOM-2248 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I621804821292e2bd0b5b1dd3f010629d1cb5471f
2020-02-13Merge "Fix multicloud logging issue"Sylvain Desbureaux1-0/+4
2020-02-12Update git submodulesjimmy1-0/+0
* Update kubernetes/aai from branch 'master' to 764cd8514707c1630dbfa6792b8d15953d5b9a59 - Use v1.6.4 of resources Issue-ID: AAI-2796 Change-Id: I865ce2259fe7112c60ca9ab6ab6a6222b20f0527 Signed-off-by: Jimmy Forsyth <jf2512@att.com>
2020-02-12Pick up new tls init containerJack Lucas17-51/+34
Remove unneeded dashboard inputs file Prepend release name to filebeat configmap name Issue-ID: DCAEGEN2-917 Issue-ID: DCAEGEN2-1923 Issue-ID: DCAEGEN2-1805 Signed-off-by: Jack Lucas <jflucas@research.att.com> Change-Id: I53ef20046d7e16c4e0a2defd41c846d91af4ec09
2020-02-12Merge "Make use msb iag with https"Morgan Richomme33-2/+84
2020-02-12Merge "Enable underscore in headers in nginx config"Sylvain Desbureaux1-0/+2
2020-02-12Make use msb iag with httpsyangyan33-2/+84
Change-Id: I8602f2cbe425a061470e62d2a6fc490904f42256 Issue-ID: VFC-1601 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2020-02-12Merge "These OOM changes are related AAF Integration"Sylvain Desbureaux33-124/+510
2020-02-12Merge "Sync up the properties file with current CDS version."Sylvain Desbureaux1-1/+9
2020-02-10Merge "[APPC] Fix APPC health check failure"Morgan Richomme1-1/+1
2020-02-10Update git submodulesmrichomme1-0/+0
* Update kubernetes/robot from branch 'master' to 591bfdea4f1d833abee3c7e60f084da546d9082a - Create INFO.yaml for testsuite/oom same contributors than testsuite Issue-ID: INT-1386 Signed-off-by: mrichomme <morgan.richomme@orange.com> Change-Id: I37465c46dd5b025cf284157df4a12b140eb9d487
2020-02-10[APPC] Fix APPC health check failureKrzysztof Opasiak1-1/+1
In commit: e74ed5cd24d ("[APPC] Don't hardcode mariadb root password") startOdl.sh script has been updated to take the root password from the environment variable. Unfortunately there was a typo in variable name which resulted in using empty string instead of password. Issue-ID: APPC-1830 Fixes: e74ed5cd24d ("[APPC] Don't hardcode mariadb root password") Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I537e3e24ee4bbbc20d5ebc07dddd9f0d3cbe26d8
2020-02-10Merge "Bump dmaap-dr image versions"Sylvain Desbureaux4-2/+6
2020-02-09Bump dmaap-dr image versionsefiacor4-2/+6
# Also, need to add ready check for aaf-cm Change-Id: I757f56f5eaa79c1cbecec43aeb99f2701afd7fae Signed-off-by: efiacor <fiachra.corcoran@est.tech> Issue-ID: DMAAP-1195
2020-02-07[NBI] Don't hardcode mariadb-galera passwordKrzysztof Opasiak3-9/+34
Let's use common secret template to generate user credentials for NBI DB and depend on mariadb-galera to generate secure enough root password. BTW. Don't be surprised for now mariadb-galera has a hardcoded root password but as soon as we move all charts that use it to common secret template it will be auto generated. Issue-ID: OOM-2291 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I5d16f6c26aa63a46db98ba3dab3a76267b4049f1
2020-02-07[COMMON] Remove pgpoolKrzysztof Opasiak13-1056/+0
It seems that pgpool is never thus there is no need to spend time moving it to common secret template Issue-ID: OOM-2250 Change-Id: I237f9e01cec80bd47ff47c7eb4db282471cfad07 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-07[COMMON] Use common secret template in postgresKrzysztof Opasiak4-29/+88
Use common secret template for storing DB credentials Issue-ID: OOM-2250 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ic640bba21a368cf3dd7d3a712abd13907b86a217
2020-02-07Merge "[COMMON] Share deployment configuration in Postgres"Sylvain Desbureaux3-246/+146
2020-02-07Merge "[OOF] fix secret names for mariadb-galera"Sylvain Desbureaux2-9/+9
2020-02-07Merge "update DMaaP MR docker image version to 1.1.17"Sylvain Desbureaux1-1/+1
2020-02-07Update git submodulesKrzysztof Opasiak1-0/+0
* Update kubernetes/robot from branch 'master' to df719f4a3e63cff0d5d832945f0b8ba18230635c - [ONAP-wide] Replace .Release.Name with common.release ONAP is too big to be deployed using helm install so we need to use a custom helm plugin helm deploy. This script deloys onap component by component instead of deploying evrything at once. Unfortunately this script also modifies the helm release by appending component name to it. As a result of this behavior our objects are called for example: onap-mariadb-galera-mariadb-galera-0 instead of just being called onap-mariadb-galera-0. This patch simplifies this naming convention by replacing all direct usages of .Release.Name with common.release macro which strips the component specific part from the release name. Issue-ID: OOM-2275 Change-Id: I3384bf30c663764339b0b41527ca4eb7168f0d49 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-07These OOM changes are related AAF IntegrationRamesh Parthasarathy33-124/+510
Here we have the ability to optionally disable AAF integration. A global variable global.security.aaf.enabled=true will turn on AAF security. with global.security.aaf.enabled=false it will use spring.security to ensure backward compatibilty. updated based on review comments Issue-ID: SO-2452 Signed-off-by: Ramesh Parthasarathy(rp6768)<ramesh.parthasarathy@att.com> Change-Id: Ia83622ad681cfd122ee906ccd1654b10b5e31fe4
2020-02-06[COMMON] Share deployment configuration in PostgresKrzysztof Opasiak3-246/+146
When I did diff between deployment-primary and deployment-replica it turned out that this is pretty much the same file apart from primary and replica words. To avoid making the same changes in both files, let's just introduce a template that can be included with parameter. Issue-ID: OOM-2246 Change-Id: Ia13b993b9f23008d6be6b3d0e8b745446048de4e Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-06[OOF] fix secret names for mariadb-galeraKrzysztof Opasiak2-9/+9
It looks like AAF issues masked my real mistakes of letting some of oof services failing because of bad secret names. Let's fix that quickly by just setting them to the corrent names temporarly as later oof will be ported to use common secret template anyway. Issue-ID: OOM-2053 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I9de1804dbd5399df25a3ef98354f41d39d073bf7
2020-02-06Sync up the properties file with current CDS version.Marek Szwalkiewicz1-1/+9
File application.properties needs to be synced from time to time between oom charts and original CDS code. Issue-ID: CCSDK-1922 Change-Id: Id2a62ce92e8708b7352ca2d21b248b0887fcb5c8 Signed-off-by: Marek Szwalkiewicz <marek.szwalkiewicz@external.t-mobile.pl>
2020-02-06Merge "[COMMON] Create templates for services and PV"Borislav Glozman13-109/+294
2020-02-05Removing pass_enc_key from DMaaP prov propsefiacor2-1/+14
# Also adding AAF ready check for dr-node Change-Id: I7e6fc29a7f5607cc168f9fd61642a40a9185c55b Signed-off-by: efiacor <fiachra.corcoran@est.tech> Issue-ID: DMAAP-1367
2020-02-05Fix the wrong MSB_PROTO env valueBin Yang4-4/+4
Issue-ID: MULTICLOUD-978 Signed-off-by: Bin Yang <bin.yang@windriver.com> Change-Id: I128421b36def6e974cde12093717cfe9e78b5b5f
2020-02-05Fix multicloud logging issueeHanan1-0/+4
Change-Id: Icd3631e329b7834c716fd9299007e1644d139822 Issue-ID: OOM-2130 Signed-off-by: eHanan <eoin.hanan@est.tech>
2020-02-05Merge "Enable multicloud openstack https endpoints"Morgan Richomme10-11/+36
2020-02-04Merge "Fix problem with wrong volume mount names"Sylvain Desbureaux1-2/+2
2020-02-04Enable multicloud openstack https endpointsBin Yang10-11/+36
Make use of msb iag with https as well Issue-ID: MULTICLOUD-978 Signed-off-by: Bin Yang <bin.yang@windriver.com> Change-Id: I79c988e2ac13f1c11be8ca5ac9ccd44c21418cb4
2020-02-04Enable underscore in headers in nginx configLucjan Bryndza1-0/+2
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com> Issue-ID: PORTAL-806 Change-Id: I9bd2cc1f01a13d198d705affe3cc56be96dd5ce0
2020-02-04[COMMON] Create templates for services and PVSylvain Desbureaux13-109/+294
Proposition of common templates to make service declaration and PV declaration consistent accross OOM. Propositions of templates for sub parties of resource definitions such as metadatas, selector and containerPorts. I've also made an example with cassandra. Change-Id: I8b8aa8eb61dafba75e89add1979114a0eefce243 Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-02-03Update git submodulesKrzysztof Opasiak1-0/+0
* Update kubernetes/aai from branch 'master' to 1c9c9bba658057f6147276fba4f84e7db9117e70 - [ONAP-wide] Replace .Release.Name with common.release ONAP is too big to be deployed using helm install so we need to use a custom helm plugin helm deploy. This script deloys onap component by component instead of deploying evrything at once. Unfortunately this script also modifies the helm release by appending component name to it. As a result of this behavior our objects are called for example: onap-mariadb-galera-mariadb-galera-0 instead of just being called onap-mariadb-galera-0. This patch simplifies this naming convention by replacing all direct usages of .Release.Name with common.release macro which strips the component specific part from the release name. Issue-ID: OOM-2275 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I450057f5b4a10842f09665ecccc58e4ed727cd89
2020-02-03Merge "Revert "Make cassandra service mesh compliant""Morgan Richomme1-8/+0
2020-02-03Merge "Expose multicloud endpoints in https"Borislav Glozman3-4/+12
2020-02-03Revert "Make cassandra service mesh compliant"Sylvain Desbureaux1-8/+0
This reverts commit 239bb3e18494584587ee1a6eb482f022b9e32d44. Reason for revert: mandatory template functions not merged yet Issue-ID: OOM-2252 Change-Id: I80444a7103e12aea4568f03ded08e348bba927fb Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-02-03Expose multicloud endpoints in httpsBin Yang3-4/+12
Make use of msb iag with https as well Change-Id: I46320cb7a3012320091b8b802ed8531285b78b45 Issue-ID: MULTICLOUD-978 Signed-off-by: Bin Yang <bin.yang@windriver.com>
2020-02-02Merge "Update PRH version to 1.5.0"Borislav Glozman1-1/+1
2020-02-02Merge "Add override flag to the ingress template"Borislav Glozman1-3/+20
2020-02-02Merge "redis config optimization"Borislav Glozman1-4/+2
2020-02-02Merge "Update ves collector image"Borislav Glozman1-1/+1