diff options
Diffstat (limited to 'docs/sections/guides')
6 files changed, 59 insertions, 214 deletions
diff --git a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst index f3e3113ff5..a5458f8562 100644 --- a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst +++ b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst @@ -23,7 +23,7 @@ See the `helm deploy`_ plugin usage section for more detail, or it the plugin ha Users can customize the override files to suit their required deployment. .. note:: - Standard and example override files (e.g. `onap-all.yaml`, `onap-all-ingress-istio.yaml`) + Standard and example override files (e.g. `onap-all.yaml`, `onap-all-ingress-gatewayapi.yaml`) can be found in the `oom/kubernetes/onap/resources/overrides/` directory. * Users can selectively enable or disable ONAP components by changing the ``enabled: true/false`` flags. @@ -70,6 +70,20 @@ Global settings relevant for ServiceMesh and Ingress: enabled: true # enable all component's Ingress interfaces enable_all: false + + # Provider: ingress, istio, gw-api + provider: gw-api + # Ingress class (only for provider "ingress"): e.g. nginx, traefik + ingressClass: + # Ingress Selector (only for provider "istio") to match with the + # ingress pod label "istio=ingress" + ingressSelector: ingress + # optional: common used Gateway (for Istio, GW-API) and listener names + commonGateway: + name: "" + httpListener: "" + httpsListener: "" + # default Ingress base URL # All http requests via ingress will be redirected virtualhost: @@ -119,6 +133,10 @@ Ingress settings: - enabled: true → enables Ingress using: Nginx (when SM disabled), Istio IngressGateway (when SM enabled) - enable_all: true → enables Ingress configuration in each component +- provider: "..." → sets the Ingress provider (ingress, istio, gw-api) +- ingressClass: "" → Ingress class (only for provider "ingress"): e.g. nginx, traefik +- ingressSelector: "" → Selector (only for provider "istio") to match with the ingress pod label "istio=ingress" +- commonGateway: "" → optional: common used Gateway (for Istio, GW-API) and http(s) listener names - virtualhost.baseurl: "simpledemo.onap.org" → sets globally the URL for all Interfaces set by the components, resulting in e.g. "aai-api.simpledemo.onap.org", can be overwritten in the component via: ingress.baseurlOverride - virtualhost.preaddr: "pre-" → sets globally a prefix for the Application name for all Interfaces set by the components, @@ -130,7 +148,7 @@ Ingress settings: - namespace: istio-ingress → (optional) overrides the namespace of the ingress gateway which is used for the created SSL certificate .. note:: - For the Ingress setup an example override file (`onap-all-ingress-istio.yaml`) + For the Ingress setup example override files (`onap-all-ingress-istio.yaml`, `onap-all-ingress-gatewayapi.yaml`) can be found in the `oom/kubernetes/onap/resources/overrides/` directory. External Authentication configuration diff --git a/docs/sections/guides/deployment_guides/oom_helm_release_repo_deploy.rst b/docs/sections/guides/deployment_guides/oom_helm_release_repo_deploy.rst index f932360e44..e7dc2f0a35 100644 --- a/docs/sections/guides/deployment_guides/oom_helm_release_repo_deploy.rst +++ b/docs/sections/guides/deployment_guides/oom_helm_release_repo_deploy.rst @@ -32,7 +32,7 @@ Add the repository: To customize what applications are deployed, see the :ref:`oom_customize_overrides` section for more details, to provide your own custom overrides yaml file. -- To deploy a release, execute the following, substituting the <version> tag with your preferred release (ie. 11.0.0):: +- To deploy a release, execute the following, substituting the <version> tag with your preferred release (ie. 13.0.0):: > helm deploy dev onap-release/onap --namespace onap --create-namespace --set global.masterPassword=myAwesomePasswordThatINeedToChange --version <version> -f oom/kubernetes/onap/resources/overrides/onap-all.yaml diff --git a/docs/sections/guides/infra_guides/oom_infra.rst b/docs/sections/guides/infra_guides/oom_infra.rst index ddc00b6115..5c1d1f1434 100644 --- a/docs/sections/guides/infra_guides/oom_infra.rst +++ b/docs/sections/guides/infra_guides/oom_infra.rst @@ -31,4 +31,3 @@ following documents: oom_infra_deployment_requirements.rst oom_infra_base_config_setup.rst oom_infra_optional_addons.rst - oom_infra_ingres_controller_setup.rst diff --git a/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst b/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst index 8f74ea987e..4c21217c23 100644 --- a/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst +++ b/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst @@ -65,14 +65,14 @@ Validate the installation:: :: NAME STATUS ROLES AGE VERSION - onap-control-1 Ready controlplane,etcd 3h53m v1.23.8 - onap-control-2 Ready controlplane,etcd 3h53m v1.23.8 - onap-k8s-1 Ready worker 3h53m v1.23.8 - onap-k8s-2 Ready worker 3h53m v1.23.8 - onap-k8s-3 Ready worker 3h53m v1.23.8 - onap-k8s-4 Ready worker 3h53m v1.23.8 - onap-k8s-5 Ready worker 3h53m v1.23.8 - onap-k8s-6 Ready worker 3h53m v1.23.8 + onap-control-1 Ready controlplane,etcd 3h53m v1.27.5 + onap-control-2 Ready controlplane,etcd 3h53m v1.27.5 + onap-k8s-1 Ready worker 3h53m v1.27.5 + onap-k8s-2 Ready worker 3h53m v1.27.5 + onap-k8s-3 Ready worker 3h53m v1.27.5 + onap-k8s-4 Ready worker 3h53m v1.27.5 + onap-k8s-5 Ready worker 3h53m v1.27.5 + onap-k8s-6 Ready worker 3h53m v1.27.5 Install & configure helm @@ -212,7 +212,7 @@ Istio Service Mesh ------------------ .. note:: - In London ONAP deployment supports the + The ONAP deployment supports the `ONAP Next Generation Security & Logging Structure`_ ONAP is currenty supporting Istio as default ServiceMesh platform. @@ -291,14 +291,35 @@ Ingress Controller Installation In the production setup 2 different Ingress setups are supported. -- Istio Gateway `Istio-Gateway`_ (currently tested, but in the future deprecated) -- Gateway API `Gateway-API`_ (in Alpha status, but will be standard in the future) +- Gateway API `Gateway-API`_ (recommended) +- Istio Gateway `Istio-Gateway`_ (alternative, but in the future deprecated) Depending on the solution, the ONAP helm values.yaml has to be configured. See the :ref:`OOM customized deployment<oom_customize_overrides>` section for more details. -Istio Gateway -^^^^^^^^^^^^^ +Gateway-API (recommended) +^^^^^^^^^^^^^^^^^^^^^^^^^ + +- Install the Gateway-API CRDs replacing the + <recommended-gwapi-version> with the version defined in + the :ref:`versions_table` table:: + + > kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/<recommended-gwapi-version>/experimental-install.yaml + +- Create a common Gateway instance named "common-gateway" + The following example uses provides listeners for HTTP(s), UDP and TCP + + .. collapse:: common-gateway.yaml + + .. include:: ../../resources/yaml/common-gateway.yaml + :code: yaml + +- Apply the change:: + + > kubectl apply -f common-gateway.yaml + +Istio Gateway (alternative) +^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Create a namespace istio-ingress for the Istio Ingress gateway and enable istio-injection:: @@ -323,18 +344,6 @@ Istio Gateway --version <recommended-istio-version> -f ingress-istio.yaml --wait -Gateway-API -^^^^^^^^^^^ - -- Install the Gateway-API CRDs replacing the - <recommended-gwapi-version> with the version defined in - the :ref:`versions_table` table:: - - > kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/<recommended-gwapi-version>/experimental-install.yaml - -- Create a common Gateway instance - TBD - Keycloak Installation --------------------- diff --git a/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst b/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst index e46bee1c04..3d824c7171 100644 --- a/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst +++ b/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst @@ -39,7 +39,7 @@ See the :ref:`OOM customized deployment<oom_customize_overrides>` section for mo .. rubric:: Software Requirements -The versions of software that are supported by OOM are as follows: +The versions of software that are supported and tested by OOM are as follows: .. _versions_table: @@ -50,7 +50,7 @@ The versions of software that are supported by OOM are as follows: ============== =========== ======= ======== ======== ============= ======== Kohn 1.23.8 3.8.2 1.23.8 20.10.x 1.8.0 0.32.0 London 1.23.8 3.8.2 1.23.x 20.10.x 1.12.2 0.35.0 - Montreal 1.23.8 3.10.2 1.23.x 20.10.x 1.12.2 0.35.0 + Montreal 1.27.5 3.12.3 1.27.x 20.10.x 1.13.2 0.36.1 ============== =========== ======= ======== ======== ============= ======== .. table:: OOM Software Requirements (production) @@ -59,7 +59,7 @@ The versions of software that are supported by OOM are as follows: Release Istio Gateway-API Keycloak ============== ====== ============ ============== London 1.17.2 v0.6.2 19.0.3-legacy - Montreal 1.17.2 v0.6.2 19.0.3-legacy + Montreal 1.19.3 v1.0.0 19.0.3-legacy ============== ====== ============ ============== .. table:: OOM Software Requirements (optional) @@ -69,5 +69,5 @@ The versions of software that are supported by OOM are as follows: ============== ================= ========== ================= Kohn 35.x London 45.x 1.6.1 - Montreal 45.x 1.9.1 0.21.0 + Montreal 45.x 1.10.2 0.23.1 ============== ================= ========== ================= diff --git a/docs/sections/guides/infra_guides/oom_infra_ingres_controller_setup.rst b/docs/sections/guides/infra_guides/oom_infra_ingres_controller_setup.rst deleted file mode 100644 index 3fb68f8b95..0000000000 --- a/docs/sections/guides/infra_guides/oom_infra_ingres_controller_setup.rst +++ /dev/null @@ -1,181 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 -.. International License. -.. http://creativecommons.org/licenses/by/4.0 -.. Copyright 2020, Samsung Electronics -.. Modification copyright (C) 2022 Nordix Foundation - -.. Links -.. _metallb Metal Load Balancer installation: https://metallb.universe.tf/installation/ - -.. _oom_setup_ingress_controller: - -OOM Ingress controller setup -============================ - -.. warning:: - This guide does not describe the Istio Ingress Gateway configuration - required for the ONAP Production Setup in London - The installation of Istio Ingress (and Gateway-API) is described in - :ref:`OOM Base Platform<oom_base_setup_guide>` - -This optional guide provides instruction how to setup experimental ingress controller -feature. For this, we are hosting our cluster on OpenStack VMs and using the -Rancher Kubernetes Engine (RKE) to deploy and manage our Kubernetes Cluster and -ingress controller - -.. contents:: - :backlinks: top - :depth: 1 - :local: -.. - -The result at the end of this tutorial will be: - -#. Customization of the cluster.yaml file for ingress controller support - -#. Installation and configuration test DNS server for ingress host resolution - on testing machines - -#. Installation and configuration MLB (Metal Load Balancer) required for - exposing ingress service - -#. Installation and configuration NGINX ingress controller - -#. Additional info how to deploy ONAP with services exposed via Ingress - controller - -Customize cluster.yml file --------------------------- - -Before setup cluster for ingress purposes DNS cluster IP and ingress provider -should be configured and following: - -.. code-block:: yaml - - --- - <...> - restore: - restore: false - snapshot_name: "" - ingress: - provider: none - dns: - provider: coredns - upstreamnameservers: - - <custer_dns_ip>:31555 - -Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE -node. - -For external load balancer purposes, minimum one of the worker node should be -configured with external IP address accessible outside the cluster. It can be -done using the following example node configuration: - -.. code-block:: yaml - - --- - <...> - - address: <external_ip> - internal_address: <internal_ip> - port: "22" - role: - - worker - hostname_override: "onap-worker-0" - user: ubuntu - ssh_key_path: "~/.ssh/id_rsa" - <...> - -Where the <external_ip> is external worker node IP address, and <internal_ip> -is internal node IP address if it is required. - - -DNS server configuration and installation ------------------------------------------ - -DNS server deployed on the Kubernetes cluster makes it easy to use services -exposed through ingress controller because it resolves all subdomain related to -the ONAP cluster to the load balancer IP. Testing ONAP cluster requires a lot -of entries on the target machines in the /etc/hosts. Adding many entries into -the configuration files on testing machines is quite problematic and error -prone. The better wait is to create central DNS server with entries for all -virtual host pointed to simpledemo.onap.org and add custom DNS server as a -target DNS server for testing machines and/or as external DNS for Kubernetes -cluster. - -DNS server has automatic installation and configuration script, so installation -is quite easy:: - - > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing - - > ./deploy\_dns.sh - -After DNS deploy you need to setup DNS entry on the target testing machine. -Because DNS listen on non standard port configuration require iptables rules -on the target machine. Please follow the configuration proposed by the deploy -scripts. -Example output depends on the IP address and example output looks like bellow:: - - DNS server already deployed: - 1. You can add the DNS server to the target machine using following commands: - sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555 - sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555 - sudo sysctl -w net.ipv4.conf.all.route_localnet=1 - sudo sysctl -w net.ipv4.ip_forward=1 - 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine - - -MetalLB Load Balancer installation and configuration ----------------------------------------------------- - -By default pure Kubernetes cluster requires external load balancer if we want -to expose external port using LoadBalancer settings. For this purpose MetalLB -can be used. Before installing the MetalLB you need to ensure that at least one -worker has assigned IP accessible outside the cluster. - -MetalLB Load balancer can be easily installed using automatic install script:: - - > cd kubernetes/contrib/metallb-loadbalancer-inst - - > ./install-metallb-on-cluster.sh - - -Configuration of the Nginx ingress controller ---------------------------------------------- - -After installation of the DNS server and ingress controller, we can install and -configure ingress controller. -It can be done using the following commands:: - - > cd kubernetes/contrib/ingress-nginx-post-inst - - > kubectl apply -f nginx_ingress_cluster_config.yaml - - > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml - -After deploying the NGINX ingress controller, you can ensure that the ingress port is -exposed as load balancer service with an external IP address:: - - > kubectl get svc -n ingress-nginx - NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE - default-http-backend ClusterIP 10.10.10.10 <none> 80/TCP 25h - ingress-nginx LoadBalancer 10.10.10.11 10.12.13.14 80:31308/TCP,443:30314/TCP 24h - - -ONAP with ingress exposed services ----------------------------------- - -If you want to deploy onap with services exposed through ingress controller you -can use full onap deploy yaml:: - - > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml - -Ingress also can be enabled on any onap setup override using following code: - -.. code-block:: yaml - - --- - <...> - global: - <...> - ingress: - enabled: true |