From 912aba36a7e406141a473ac18cfed787536f2aaf Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Mon, 19 Jun 2023 17:00:14 +0200 Subject: [DOC] Update the London OOM Guides Fix failures in the OOM documentation and add missing descriptions. Issue-ID: OOM-3179 Issue-ID: OOM-3149 Signed-off-by: Andreas Geissler Change-Id: Ie88fc4ffc3888371690a4f39c47a6cc76451047b --- .../deployment_guides/oom_customize_overrides.rst | 47 ++++++++++++++++++---- .../oom_dev_testing_local_deploy.rst | 6 +-- .../oom_helm_testing_repo_deploy.rst | 2 +- 3 files changed, 41 insertions(+), 14 deletions(-) (limited to 'docs/sections/guides/deployment_guides') diff --git a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst index 90a20613fa..f3e3113ff5 100644 --- a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst +++ b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst @@ -32,7 +32,8 @@ Users can customize the override files to suit their required deployment. Enabling/Disabling Components -***************************** +============================= + Here is an example of the nominal entries that need to be provided. Different values files are available for different contexts. @@ -43,20 +44,30 @@ Different values files are available for different contexts. | -(Optional) "ONAP on Service Mesh" -********************************* +ONAP "Production" Setup +======================= + +The production setup deploys ONAP components exposing its external services +via Ingress with TLS termination. +Internal traffic encryption will be ensured by using Istio ServiceMesh. + +For external access we start to establish Authentication via Oauth2-proxy +and Keycloak, which will be completed in the coming release. + +To enable both "ServiceMesh" and "Ingress" configuration entries need +to be set before deployment. -To enable "ONAP on Service Mesh" both "ServiceMesh" and "Ingress" -configuration entries need to be configured before deployment. +Service Mesh and Ingress configuration +-------------------------------------- -Global settings relevant for ServiceMesh: +Global settings relevant for ServiceMesh and Ingress: .. code-block:: yaml global: ingress: # generally enable ingress for ONAP components - enabled: false + enabled: true # enable all component's Ingress interfaces enable_all: false # default Ingress base URL @@ -88,6 +99,7 @@ Global settings relevant for ServiceMesh: tls: true # be aware that linkerd is not well tested engine: "istio" # valid value: istio or linkerd + ... aafEnabled: false cmpv2Enabled: false tlsEnabled: false @@ -118,5 +130,24 @@ Ingress settings: - namespace: istio-ingress → (optional) overrides the namespace of the ingress gateway which is used for the created SSL certificate .. note:: - For "ONAP on Istio" an example override file (`onap-all-ingress-istio.yaml`) + For the Ingress setup an example override file (`onap-all-ingress-istio.yaml`) can be found in the `oom/kubernetes/onap/resources/overrides/` directory. + +External Authentication configuration +------------------------------------- + +For enabling of external authentication via Oauth2-Proxy and Keycloak +the following settings have to be done in the ONAP values override. +It will enable the deployment of the ONAP Realm to Keycloak and +installation and integration of the Oauth2-Proxy as external Auth-Provider. + +.. code-block:: yaml + + platform: + enabled: true + cmpv2-cert-service: + enabled: false + keycloak-init: + enabled: true + oauth2-proxy: + enabled: true \ No newline at end of file diff --git a/docs/sections/guides/deployment_guides/oom_dev_testing_local_deploy.rst b/docs/sections/guides/deployment_guides/oom_dev_testing_local_deploy.rst index 50701dd597..b0deff0e2b 100644 --- a/docs/sections/guides/deployment_guides/oom_dev_testing_local_deploy.rst +++ b/docs/sections/guides/deployment_guides/oom_dev_testing_local_deploy.rst @@ -33,11 +33,7 @@ tools to host the updated helm charts. Chart museum is required to host the helm charts locally when deploying in a development environment:: - > curl -LO https://s3.amazonaws.com/chartmuseum/release/latest/bin/linux/amd64/chartmuseum - - > chmod +x ./chartmuseum - - > mv ./chartmuseum /usr/local/bin + > curl https://raw.githubusercontent.com/helm/chartmuseum/main/scripts/get-chartmuseum | bash **Step 4.** To setup a local Helm server to store the ONAP charts:: diff --git a/docs/sections/guides/deployment_guides/oom_helm_testing_repo_deploy.rst b/docs/sections/guides/deployment_guides/oom_helm_testing_repo_deploy.rst index a0dafcef9b..e9312382b3 100644 --- a/docs/sections/guides/deployment_guides/oom_helm_testing_repo_deploy.rst +++ b/docs/sections/guides/deployment_guides/oom_helm_testing_repo_deploy.rst @@ -17,7 +17,7 @@ ONAP hosts the OOM `testing` helm charts in it's `ONAP helm testing repository`_ This is helm repo contains: * The `latest` charts built from the head of the `OOM`_ project's master - branch, tagged with the version number of the current development cycle (ie. 11.0.0). + branch, tagged with the version number of the current development cycle (ie. 12.0.0). Add the OOM testing repo & Deploy -- cgit 1.2.3-korg