summaryrefslogtreecommitdiffstats
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/cluster.yml2
-rw-r--r--docs/index.rst1
-rw-r--r--docs/oom_cloud_setup_guide.rst2
-rw-r--r--docs/oom_hardcoded_certificates.rst6
-rw-r--r--docs/oom_quickstart_guide.rst4
-rw-r--r--docs/oom_setup_ingress_controller.rst159
-rw-r--r--docs/oom_setup_kubernetes_rancher.rst14
-rw-r--r--docs/oom_user_guide.rst1
-rw-r--r--docs/release-notes.rst76
9 files changed, 234 insertions, 31 deletions
diff --git a/docs/cluster.yml b/docs/cluster.yml
index d4962d3478..0757e15a28 100644
--- a/docs/cluster.yml
+++ b/docs/cluster.yml
@@ -144,7 +144,7 @@ ssh_agent_auth: false
authorization:
mode: rbac
ignore_docker_version: false
-kubernetes_version: "v1.13.5-rancher1-2"
+kubernetes_version: "v1.15.11-rancher1-2"
private_registries:
- url: nexus3.onap.org:10001
user: docker
diff --git a/docs/index.rst b/docs/index.rst
index c8048d142e..c933a726fb 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -16,3 +16,4 @@ OOM Documentation Repository
oom_cloud_setup_guide.rst
release-notes.rst
oom_setup_kubernetes_rancher.rst
+ oom_setup_ingress_controller.rst
diff --git a/docs/oom_cloud_setup_guide.rst b/docs/oom_cloud_setup_guide.rst
index 9b3e53467c..2c6eb9a5f8 100644
--- a/docs/oom_cloud_setup_guide.rst
+++ b/docs/oom_cloud_setup_guide.rst
@@ -54,7 +54,7 @@ The versions of Kubernetes that are supported by OOM are as follows:
casablanca 1.11.5 2.9.1 1.11.5 17.03.x
dublin 1.13.5 2.12.3 1.13.5 18.09.5
el alto 1.15.2 2.14.2 1.15.2 18.09.x
- frankfurt 1.15.9 2.16.3 1.15.9 18.09.x
+ frankfurt 1.15.9 2.16.6 1.15.11 18.09.x
============== =========== ====== ======== ========
Minimum Hardware Configuration
diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst
index 7706f2cd2d..9cf11c5b26 100644
--- a/docs/oom_hardcoded_certificates.rst
+++ b/docs/oom_hardcoded_certificates.rst
@@ -30,6 +30,12 @@ Here's the list of these certificates:
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.p12 |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | certInitializer | Yes | No | No | kubernetes/common/certInitializer/resources |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | MSB | Yes | No? | Yes | kubernetes/msb/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | MUSIC | Yes | No? | No? | kubernetes/common/music/charts/music/resources/keys/ |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| SDC | Yes | No? | No? | kubernetes/sdc/resources/cert |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| SO | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst
index 565c43f467..364f14e923 100644
--- a/docs/oom_quickstart_guide.rst
+++ b/docs/oom_quickstart_guide.rst
@@ -193,6 +193,10 @@ All override files may be customized (or replaced by other overrides) as per nee
`onap-all.yaml`
Enables the modules in the ONAP deployment. As ONAP is very modular, it is possible to customize ONAP and disable some components through this configuration file.
+`onap-all-ingress-nginx-vhost.yaml`
+ Alternative version of the `onap-all.yaml` but with global ingress controller enabled. It requires the cluster configured with the nginx ingress controller and load balancer.
+ Please use this file instad `onap-all.yaml` if you want to use experimental ingress controller feature.
+
`environment.yaml`
Includes configuration values specific to the deployment environment.
diff --git a/docs/oom_setup_ingress_controller.rst b/docs/oom_setup_ingress_controller.rst
new file mode 100644
index 0000000000..a4abc2b390
--- /dev/null
+++ b/docs/oom_setup_ingress_controller.rst
@@ -0,0 +1,159 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright 2020, Samsung Electronics
+
+.. Links
+.. _HELM Best Practices Guide: https://docs.helm.sh/chart_best_practices/#requirements
+.. _kubectl Cheat Sheet: https://kubernetes.io/docs/reference/kubectl/cheatsheet/
+.. _Kubernetes documentation for emptyDir: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
+.. _metallb Metal Load Balancer installation: https://metallb.universe.tf/installation/
+.. _http://cd.onap.info:30223/mso/logging/debug: http://cd.onap.info:30223/mso/logging/debug
+.. _Onboarding and Distributing a Vendor Software Product: https://wiki.onap.org/pages/viewpage.action?pageId=1018474
+.. _README.md: https://gerrit.onap.org/r/gitweb?p=oom.git;a=blob;f=kubernetes/README.md
+
+.. figure:: oomLogoV2-medium.png
+ :align: right
+
+.. _onap-on-kubernetes-with-rancher:
+
+
+Ingress controller setup on HA Kubernetes Cluster
+#################################################
+
+This guide provides instruction how to setup experimental ingress controller feature.
+For this, we are hosting our cluster on OpenStack VMs and using the Rancher Kubernetes Engine (RKE)
+to deploy and manage our Kubernetes Cluster and ingress controller
+
+.. contents::
+ :depth: 1
+ :local:
+..
+
+The result at the end of this tutorial will be:
+
+#. Customization of the cluster.yaml file for ingress controller support
+
+#. Installation and configuration test DNS server for ingress host resolution on testing machines
+
+#. Instalation and configuration MLB (Metal Load Balancer) required for exposing ingress service
+
+#. Instalation and configuration NGINX ingress controller
+
+#. Additional info howto deploy onap with services exposed via Ingress controller
+
+Customize cluster.yml file
+===========================
+Before setup cluster for ingress purposes DNS cluster IP and ingress provider should be configured and follwing:
+
+.. code-block:: yaml
+ <...>
+ restore:
+ restore: false
+ snapshot_name: ""
+ ingress:
+ provider: none
+ dns:
+ provider: coredns
+ upstreamnameservers:
+ - <custer_dns_ip>:31555
+
+Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE node.
+
+For external load balacer purposes minimum one of the worker node should be configured with external IP
+address accessible outside the cluster. It can be done using the following example node configuration:
+
+.. code-block:: yaml
+ <...>
+ - address: <external_ip>
+ internal_address: <internal_ip>
+ port: "22"
+ role:
+ - worker
+ hostname_override: "onap-worker-0"
+ user: ubuntu
+ ssh_key_path: "~/.ssh/id_rsa"
+ <...>
+
+Where the <external_ip> is external worker node IP address, and <internal_ip> is internal node IP address if it is required
+
+
+
+DNS server configuration and instalation
+========================
+DNS server deployed on the Kubernetes cluster makes it easy to use services exposed through ingress controller because it
+resolves all subdomain related to the onap cluster to the load balancer IP.
+Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts.
+Adding many entries into the configuration files on testing machines is quite problematic and error prone.
+The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster.
+
+DNS server has automatic instalation and configuration script, so instalation is quite easy::
+
+ > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing
+
+ > ./deploy\_dns.sh
+
+After DNS deploy you need to setup DNS entry on the target testing machine.
+Because DNS listen on non standard port configuration require iptables rules
+on the target machine. Please follow the configuation proposed by the deploy scripts
+Example output depends on the IP address and example output looks like bellow::
+
+
+ DNS server already deployed:
+ 1. You can add the DNS server to the target machine using following commands:
+ sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
+ sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
+ sudo sysctl -w net.ipv4.conf.all.route_localnet=1
+ sudo sysctl -w net.ipv4.ip_forward=1
+ 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
+
+
+MetalLB Load Balancer instalation and configuration
+====================================================
+
+By default pure Kubernetes cluster requires external load balancer if we want to expose
+external port using LoadBalancer settings. For this purpose MetalLB can be used.
+Before installing the MetalLB you need to ensure that at least one worker has assigned IP acessible outside the cluster.
+
+MetalLB Load balanancer can be easily installed using automatic install script::
+
+ > cd kubernetes/contrib/metallb-loadbalancer-inst
+
+ > ./install-metallb-on-cluster.sh
+
+
+Configuration NGINX ingress controller
+=======================================
+
+After installation DNS server and ingress controller we can install and configure ingress controller.
+It can be done using the following commands::
+
+ > cd kubernetes/contrib/ingress-nginx-post-inst
+
+ > kubectl apply -f nginx_ingress_cluster_config.yaml
+
+ > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml
+
+After deploy NGINX ingress controller you can ensure that the ingress port is exposed as load balancer service
+with external IP address::
+
+ > kubectl get svc -n ingress-nginx
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ default-http-backend ClusterIP 10.10.10.10 <none> 80/TCP 25h
+ ingress-nginx LoadBalancer 10.10.10.11 10.12.13.14 80:31308/TCP,443:30314/TCP 24h
+
+
+ONAP with ingress exposed services
+=====================================
+If you want to deploy onap with services exposed through ingress controller you can use full onap deploy script::
+ > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
+
+Ingress also can be enabled on any onap setup override using following code:
+
+.. code-block:: yaml
+ <...>
+ #ingress virtualhost based configuration
+ global:
+ <...>
+ ingress:
+ enabled: true
+
diff --git a/docs/oom_setup_kubernetes_rancher.rst b/docs/oom_setup_kubernetes_rancher.rst
index 1b5d6d1985..428fa59a4e 100644
--- a/docs/oom_setup_kubernetes_rancher.rst
+++ b/docs/oom_setup_kubernetes_rancher.rst
@@ -267,16 +267,12 @@ Configure Rancher Kubernetes Engine (RKE)
Install RKE
-----------
Download and install RKE on a VM, desktop or laptop.
-Binaries can be found here for Linux and Mac: https://github.com/rancher/rke/releases/tag/v0.2.1
+Binaries can be found here for Linux and Mac: https://github.com/rancher/rke/releases/tag/v1.0.6
RKE requires a *cluster.yml* as input. An example file is show below that
describes a Kubernetes cluster that will be mapped onto the OpenStack VMs
created earlier in this guide.
-Example: **cluster.yml**
-
-.. image:: images/rke/rke_1.png
-
Click :download:`cluster.yml <cluster.yml>` to download the
configuration file.
@@ -341,8 +337,8 @@ Install Kubectl
Download and install kubectl. Binaries can be found here for Linux and Mac:
-https://storage.googleapis.com/kubernetes-release/release/v1.15.2/bin/linux/amd64/kubectl
-https://storage.googleapis.com/kubernetes-release/release/v1.15.2/bin/darwin/amd64/kubectl
+https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/linux/amd64/kubectl
+https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/darwin/amd64/kubectl
You only need to install kubectl where you'll launch kubernetes command. This
can be any machines of the kubernetes cluster or a machine that has IP access
@@ -388,9 +384,9 @@ Install Helm
Example Helm client install on Linux::
- > wget http://storage.googleapis.com/kubernetes-helm/helm-v2.14.2-linux-amd64.tar.gz
+ > wget https://get.helm.sh/helm-v2.16.6-linux-amd64.tar.gz
- > tar -zxvf helm-v2.14.2-linux-amd64.tar.gz
+ > tar -zxvf helm-v2.16.6-linux-amd64.tar.gz
> sudo mv linux-amd64/helm /usr/local/bin/helm
diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst
index b0c5d6e49e..7340ddf7fd 100644
--- a/docs/oom_user_guide.rst
+++ b/docs/oom_user_guide.rst
@@ -404,6 +404,7 @@ below::
10.12.6.155 msb.api.simpledemo.onap.org
10.12.6.155 clamp.api.simpledemo.onap.org
10.12.6.155 so.api.simpledemo.onap.org
+ 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
Ensure you've disabled any proxy settings the browser you are using to access
the portal and then simply access now the new ssl-encrypted URL:
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 899ad2c11b..41e42b5cc4 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -5,14 +5,66 @@
.. reserved.
.. _release_notes:
-.. Links
-.. _release-notes-label:
-
ONAP Operations Manager Release Notes
=====================================
+Version 6.0.0 (Frankfurt Release)
+---------------------------------
+
+:Release Date: 2020-xx-xx
+
+Summary
+-------
+
+The focus of this release is to strengthen the foundation of OOM installer.
+A list of issues resolved in this release can be found here: https://jira.onap.org/projects/OOM/versions/10826
+
+**Software Requirements**
+
+* Upgraded to Kubernetes 1.15.x and Helm 2.16.x
+
+**Hardcoded Password removal**
+
+* All mariadb galera password are not hardcoded
+
+**New Features**
+
+* Ingress deployment is getting more and more usable
+* Use of dynamic Persistent Volume is available
+
+**Bug Fixes**
+
+**Known Issues**
+
+The following known issues will be addressed in a future release:
+
+* [`OOM-2075 <https://jira.onap.org/browse/OOM-2075>`_] - https://jira.onap.org/browse/OOM-2075
+
+**Security Notes**
+
+*Fixed Security Issues*
+
+* In default deployment OOM (consul-server-ui) exposes HTTP port 30270 outside of cluster. [`OJSI-134 <https://jira.onap.org/browse/OJSI-134>`_]
+* CVE-2019-12127 - OOM exposes unprotected API/UI on port 30270 [`OJSI-202 <https://jira.onap.org/browse/OJSI-202>`_]
+
+*Known Security Issues*
+
+* Hard coded password used for all oom deployments [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
+
+*Known Vulnerabilities in Used Modules*
+
+OOM code has been formally scanned during build time using NexusIQ and no
+Critical vulnerability was found.
+
+Quick Links:
+
+ - `OOM project page <https://wiki.onap.org/display/DW/ONAP+Operations+Manager+Project>`_
+
+ - `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_
+
+
Version 5.0.1 (El Alto Release)
-----------------------------------
+-------------------------------
:Release Date: 2019-10-10
@@ -62,22 +114,6 @@ Quick Links:
- `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_
-Version 6.0.0 (Frankfurt)
-----------------------------------
-
-:Release Date: 2020-05-14
-
-Summary
--------
-
-**Software Requirements**
-
-* Upgraded to Kubernetes 1.15.x and Helm 2.16.x
-
-**Hardcoded Password removal**
-
-* All mariadb galera password are not hardcoded
-
Version 5.0.0 (El Alto Early Drop)
----------------------------------