Age | Commit message (Collapse) | Author | Files | Lines |
|
Taken into account how "easy" it would be to modify the dgbuilder
which is written in JavaScript (which is not my mother tongue to say
the least) let's try to remove hardcoded passwords from config files
without modifying the application container itself.
In order to achieve this:
1) Remove createReleaseDir.sh script from the container as it is never
used and contains a ton of passwords
2) Replace all sensitive values in config files with references to
respective environment variables
3) Introduce init container that will run envsubst command on config
files and copy them from ConfigMap value to the new volume which is
backed by tmpfs so that the plain text passwords are never written to
the disk
For now all the hardcoded values are still there to minimize the risk
of breaking the deployment but step by step they will be removed in
next commits.
Issue-ID: OOM-2247
Change-Id: I5a428e3415713857084ba6aaa6be9b04a8eb8c0f
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
|
|
Let's use common secret template to generate user credentials for VID
DB and depend on mariadb-galera to generate secure enough root
password.
Issue-ID: OOM-2293
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ib474e202e9e35e6b2959d29648f542a89c87a4e5
|
|
|
|
|
|
aaf-locate anf aaf-cm limits may have been a bit too stringent.
giving some space to these components
Issue-ID: OOM-2230
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Id295f3e42bd7220144e5990322e9e6043e087e0e
|
|
|
|
mariadb-init chart should play nicely with mariadb-galera as it
simplifies migration to common mariadb instance.
Unfortunately after adding the support for common secret template I
didn't pay enough attention to consistent naming convention and
mariadb-galera and mariadb-init chart ended up being incompatible. To
fix that let's just rename the mariadb-init chart config option to
match exactly the one used in mariadb-galera chart.
Issue-ID: OOM-2248
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I621804821292e2bd0b5b1dd3f010629d1cb5471f
|
|
|
|
* Update kubernetes/aai from branch 'master'
to 764cd8514707c1630dbfa6792b8d15953d5b9a59
- Use v1.6.4 of resources
Issue-ID: AAI-2796
Change-Id: I865ce2259fe7112c60ca9ab6ab6a6222b20f0527
Signed-off-by: Jimmy Forsyth <jf2512@att.com>
|
|
Remove unneeded dashboard inputs file
Prepend release name to filebeat configmap name
Issue-ID: DCAEGEN2-917
Issue-ID: DCAEGEN2-1923
Issue-ID: DCAEGEN2-1805
Signed-off-by: Jack Lucas <jflucas@research.att.com>
Change-Id: I53ef20046d7e16c4e0a2defd41c846d91af4ec09
|
|
|
|
|
|
Change-Id: I8602f2cbe425a061470e62d2a6fc490904f42256
Issue-ID: VFC-1601
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
|
|
|
|
|
|
|
|
* Update kubernetes/robot from branch 'master'
to 591bfdea4f1d833abee3c7e60f084da546d9082a
- Create INFO.yaml for testsuite/oom
same contributors than testsuite
Issue-ID: INT-1386
Signed-off-by: mrichomme <morgan.richomme@orange.com>
Change-Id: I37465c46dd5b025cf284157df4a12b140eb9d487
|
|
In commit:
e74ed5cd24d ("[APPC] Don't hardcode mariadb root password")
startOdl.sh script has been updated to take the root password from the
environment variable. Unfortunately there was a typo in variable name
which resulted in using empty string instead of password.
Issue-ID: APPC-1830
Fixes: e74ed5cd24d ("[APPC] Don't hardcode mariadb root password")
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I537e3e24ee4bbbc20d5ebc07dddd9f0d3cbe26d8
|
|
|
|
# Also, need to add ready check for aaf-cm
Change-Id: I757f56f5eaa79c1cbecec43aeb99f2701afd7fae
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Issue-ID: DMAAP-1195
|
|
Let's use common secret template to generate user credentials for NBI
DB and depend on mariadb-galera to generate secure enough root
password.
BTW.
Don't be surprised for now mariadb-galera has a hardcoded root
password but as soon as we move all charts that use it to common
secret template it will be auto generated.
Issue-ID: OOM-2291
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I5d16f6c26aa63a46db98ba3dab3a76267b4049f1
|
|
It seems that pgpool is never thus there is no need to spend
time moving it to common secret template
Issue-ID: OOM-2250
Change-Id: I237f9e01cec80bd47ff47c7eb4db282471cfad07
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Use common secret template for storing DB credentials
Issue-ID: OOM-2250
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ic640bba21a368cf3dd7d3a712abd13907b86a217
|
|
|
|
|
|
|
|
* Update kubernetes/robot from branch 'master'
to df719f4a3e63cff0d5d832945f0b8ba18230635c
- [ONAP-wide] Replace .Release.Name with common.release
ONAP is too big to be deployed using helm install so we need to
use a custom helm plugin helm deploy. This script deloys onap
component by component instead of deploying evrything at
once. Unfortunately this script also modifies the helm release by
appending component name to it.
As a result of this behavior our objects are called for example:
onap-mariadb-galera-mariadb-galera-0
instead of just being called onap-mariadb-galera-0.
This patch simplifies this naming convention by replacing all direct
usages of .Release.Name with common.release macro which strips the
component specific part from the release name.
Issue-ID: OOM-2275
Change-Id: I3384bf30c663764339b0b41527ca4eb7168f0d49
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Here we have the ability to optionally disable AAF integration.
A global variable global.security.aaf.enabled=true
will turn on AAF security. with global.security.aaf.enabled=false
it will use spring.security to ensure backward compatibilty. updated
based on review comments
Issue-ID: SO-2452
Signed-off-by: Ramesh Parthasarathy(rp6768)<ramesh.parthasarathy@att.com>
Change-Id: Ia83622ad681cfd122ee906ccd1654b10b5e31fe4
|
|
When I did diff between deployment-primary and deployment-replica it
turned out that this is pretty much the same file apart from primary
and replica words.
To avoid making the same changes in both files, let's just introduce a
template that can be included with parameter.
Issue-ID: OOM-2246
Change-Id: Ia13b993b9f23008d6be6b3d0e8b745446048de4e
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
It looks like AAF issues masked my real mistakes of letting
some of oof services failing because of bad secret names.
Let's fix that quickly by just setting them to the corrent names
temporarly as later oof will be ported to use common secret template
anyway.
Issue-ID: OOM-2053
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I9de1804dbd5399df25a3ef98354f41d39d073bf7
|
|
File application.properties needs to be synced from time to time between oom charts and
original CDS code.
Issue-ID: CCSDK-1922
Change-Id: Id2a62ce92e8708b7352ca2d21b248b0887fcb5c8
Signed-off-by: Marek Szwalkiewicz <marek.szwalkiewicz@external.t-mobile.pl>
|
|
|
|
# Also adding AAF ready check for dr-node
Change-Id: I7e6fc29a7f5607cc168f9fd61642a40a9185c55b
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Issue-ID: DMAAP-1367
|
|
Issue-ID: MULTICLOUD-978
Signed-off-by: Bin Yang <bin.yang@windriver.com>
Change-Id: I128421b36def6e974cde12093717cfe9e78b5b5f
|
|
Change-Id: Icd3631e329b7834c716fd9299007e1644d139822
Issue-ID: OOM-2130
Signed-off-by: eHanan <eoin.hanan@est.tech>
|
|
|
|
|
|
Make use of msb iag with https as well
Issue-ID: MULTICLOUD-978
Signed-off-by: Bin Yang <bin.yang@windriver.com>
Change-Id: I79c988e2ac13f1c11be8ca5ac9ccd44c21418cb4
|
|
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Issue-ID: PORTAL-806
Change-Id: I9bd2cc1f01a13d198d705affe3cc56be96dd5ce0
|
|
Proposition of common templates to make service declaration and PV
declaration consistent accross OOM.
Propositions of templates for sub parties of resource definitions
such as metadatas, selector and containerPorts.
I've also made an example with cassandra.
Change-Id: I8b8aa8eb61dafba75e89add1979114a0eefce243
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
* Update kubernetes/aai from branch 'master'
to 1c9c9bba658057f6147276fba4f84e7db9117e70
- [ONAP-wide] Replace .Release.Name with common.release
ONAP is too big to be deployed using helm install so we need to
use a custom helm plugin helm deploy. This script deloys onap
component by component instead of deploying evrything at
once. Unfortunately this script also modifies the helm release by
appending component name to it.
As a result of this behavior our objects are called for example:
onap-mariadb-galera-mariadb-galera-0
instead of just being called onap-mariadb-galera-0.
This patch simplifies this naming convention by replacing all direct
usages of .Release.Name with common.release macro which strips the
component specific part from the release name.
Issue-ID: OOM-2275
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I450057f5b4a10842f09665ecccc58e4ed727cd89
|
|
|
|
|
|
This reverts commit 239bb3e18494584587ee1a6eb482f022b9e32d44.
Reason for revert: mandatory template functions not merged yet
Issue-ID: OOM-2252
Change-Id: I80444a7103e12aea4568f03ded08e348bba927fb
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
|
|
Make use of msb iag with https as well
Change-Id: I46320cb7a3012320091b8b802ed8531285b78b45
Issue-ID: MULTICLOUD-978
Signed-off-by: Bin Yang <bin.yang@windriver.com>
|
|
|
|
|
|
|
|
|