summaryrefslogtreecommitdiffstats
path: root/docs/sections/guides/deployment_guides
diff options
context:
space:
mode:
Diffstat (limited to 'docs/sections/guides/deployment_guides')
-rw-r--r--docs/sections/guides/deployment_guides/oom_customize_overrides.rst47
-rw-r--r--docs/sections/guides/deployment_guides/oom_dev_testing_local_deploy.rst6
-rw-r--r--docs/sections/guides/deployment_guides/oom_helm_testing_repo_deploy.rst2
3 files changed, 41 insertions, 14 deletions
diff --git a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst
index 90a20613fa..f3e3113ff5 100644
--- a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst
+++ b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst
@@ -32,7 +32,8 @@ Users can customize the override files to suit their required deployment.
Enabling/Disabling Components
-*****************************
+=============================
+
Here is an example of the nominal entries that need to be provided.
Different values files are available for different contexts.
@@ -43,20 +44,30 @@ Different values files are available for different contexts.
|
-(Optional) "ONAP on Service Mesh"
-*********************************
+ONAP "Production" Setup
+=======================
+
+The production setup deploys ONAP components exposing its external services
+via Ingress with TLS termination.
+Internal traffic encryption will be ensured by using Istio ServiceMesh.
+
+For external access we start to establish Authentication via Oauth2-proxy
+and Keycloak, which will be completed in the coming release.
+
+To enable both "ServiceMesh" and "Ingress" configuration entries need
+to be set before deployment.
-To enable "ONAP on Service Mesh" both "ServiceMesh" and "Ingress"
-configuration entries need to be configured before deployment.
+Service Mesh and Ingress configuration
+--------------------------------------
-Global settings relevant for ServiceMesh:
+Global settings relevant for ServiceMesh and Ingress:
.. code-block:: yaml
global:
ingress:
# generally enable ingress for ONAP components
- enabled: false
+ enabled: true
# enable all component's Ingress interfaces
enable_all: false
# default Ingress base URL
@@ -88,6 +99,7 @@ Global settings relevant for ServiceMesh:
tls: true
# be aware that linkerd is not well tested
engine: "istio" # valid value: istio or linkerd
+ ...
aafEnabled: false
cmpv2Enabled: false
tlsEnabled: false
@@ -118,5 +130,24 @@ Ingress settings:
- namespace: istio-ingress → (optional) overrides the namespace of the ingress gateway which is used for the created SSL certificate
.. note::
- For "ONAP on Istio" an example override file (`onap-all-ingress-istio.yaml`)
+ For the Ingress setup an example override file (`onap-all-ingress-istio.yaml`)
can be found in the `oom/kubernetes/onap/resources/overrides/` directory.
+
+External Authentication configuration
+-------------------------------------
+
+For enabling of external authentication via Oauth2-Proxy and Keycloak
+the following settings have to be done in the ONAP values override.
+It will enable the deployment of the ONAP Realm to Keycloak and
+installation and integration of the Oauth2-Proxy as external Auth-Provider.
+
+.. code-block:: yaml
+
+ platform:
+ enabled: true
+ cmpv2-cert-service:
+ enabled: false
+ keycloak-init:
+ enabled: true
+ oauth2-proxy:
+ enabled: true \ No newline at end of file
diff --git a/docs/sections/guides/deployment_guides/oom_dev_testing_local_deploy.rst b/docs/sections/guides/deployment_guides/oom_dev_testing_local_deploy.rst
index 50701dd597..b0deff0e2b 100644
--- a/docs/sections/guides/deployment_guides/oom_dev_testing_local_deploy.rst
+++ b/docs/sections/guides/deployment_guides/oom_dev_testing_local_deploy.rst
@@ -33,11 +33,7 @@ tools to host the updated helm charts.
Chart museum is required to host the helm charts locally when deploying in a development environment::
- > curl -LO https://s3.amazonaws.com/chartmuseum/release/latest/bin/linux/amd64/chartmuseum
-
- > chmod +x ./chartmuseum
-
- > mv ./chartmuseum /usr/local/bin
+ > curl https://raw.githubusercontent.com/helm/chartmuseum/main/scripts/get-chartmuseum | bash
**Step 4.** To setup a local Helm server to store the ONAP charts::
diff --git a/docs/sections/guides/deployment_guides/oom_helm_testing_repo_deploy.rst b/docs/sections/guides/deployment_guides/oom_helm_testing_repo_deploy.rst
index a0dafcef9b..e9312382b3 100644
--- a/docs/sections/guides/deployment_guides/oom_helm_testing_repo_deploy.rst
+++ b/docs/sections/guides/deployment_guides/oom_helm_testing_repo_deploy.rst
@@ -17,7 +17,7 @@ ONAP hosts the OOM `testing` helm charts in it's `ONAP helm testing repository`_
This is helm repo contains:
* The `latest` charts built from the head of the `OOM`_ project's master
- branch, tagged with the version number of the current development cycle (ie. 11.0.0).
+ branch, tagged with the version number of the current development cycle (ie. 12.0.0).
Add the OOM testing repo & Deploy