From e68c766712ed6c95aff054004335813952bf5ffa Mon Sep 17 00:00:00 2001
From: Andreas Geissler <andreas-geissler@telekom.de>
Date: Wed, 6 Dec 2023 10:02:43 +0100
Subject: [COMMON][DOC] Add documentation for Montral and GatewayAPI
Add override file to use GatewayAPI as Ingress provider
A precreated GW named "common-gateway" is used.
Added documentation for Montreal like release notes,
Infrastructure guides...
Issue-ID: OOM-3184
Issue-ID: OOM-3242
Change-Id: I18107bac52abf34dbc0b217fd8b7542ba51aab84
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
---
docs/sections/guides/infra_guides/oom_infra.rst | 1 -
.../infra_guides/oom_infra_base_config_setup.rst | 59 ++++---
.../oom_infra_deployment_requirements.rst | 8 +-
.../oom_infra_ingres_controller_setup.rst | 181 ---------------------
4 files changed, 38 insertions(+), 211 deletions(-)
delete mode 100644 docs/sections/guides/infra_guides/oom_infra_ingres_controller_setup.rst
(limited to 'docs/sections/guides/infra_guides')
diff --git a/docs/sections/guides/infra_guides/oom_infra.rst b/docs/sections/guides/infra_guides/oom_infra.rst
index ddc00b6115..5c1d1f1434 100644
--- a/docs/sections/guides/infra_guides/oom_infra.rst
+++ b/docs/sections/guides/infra_guides/oom_infra.rst
@@ -31,4 +31,3 @@ following documents:
oom_infra_deployment_requirements.rst
oom_infra_base_config_setup.rst
oom_infra_optional_addons.rst
- oom_infra_ingres_controller_setup.rst
diff --git a/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst b/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst
index 8f74ea987e..4c21217c23 100644
--- a/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst
+++ b/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst
@@ -65,14 +65,14 @@ Validate the installation::
::
NAME STATUS ROLES AGE VERSION
- onap-control-1 Ready controlplane,etcd 3h53m v1.23.8
- onap-control-2 Ready controlplane,etcd 3h53m v1.23.8
- onap-k8s-1 Ready worker 3h53m v1.23.8
- onap-k8s-2 Ready worker 3h53m v1.23.8
- onap-k8s-3 Ready worker 3h53m v1.23.8
- onap-k8s-4 Ready worker 3h53m v1.23.8
- onap-k8s-5 Ready worker 3h53m v1.23.8
- onap-k8s-6 Ready worker 3h53m v1.23.8
+ onap-control-1 Ready controlplane,etcd 3h53m v1.27.5
+ onap-control-2 Ready controlplane,etcd 3h53m v1.27.5
+ onap-k8s-1 Ready worker 3h53m v1.27.5
+ onap-k8s-2 Ready worker 3h53m v1.27.5
+ onap-k8s-3 Ready worker 3h53m v1.27.5
+ onap-k8s-4 Ready worker 3h53m v1.27.5
+ onap-k8s-5 Ready worker 3h53m v1.27.5
+ onap-k8s-6 Ready worker 3h53m v1.27.5
Install & configure helm
@@ -212,7 +212,7 @@ Istio Service Mesh
------------------
.. note::
- In London ONAP deployment supports the
+ The ONAP deployment supports the
`ONAP Next Generation Security & Logging Structure`_
ONAP is currenty supporting Istio as default ServiceMesh platform.
@@ -291,14 +291,35 @@ Ingress Controller Installation
In the production setup 2 different Ingress setups are supported.
-- Istio Gateway `Istio-Gateway`_ (currently tested, but in the future deprecated)
-- Gateway API `Gateway-API`_ (in Alpha status, but will be standard in the future)
+- Gateway API `Gateway-API`_ (recommended)
+- Istio Gateway `Istio-Gateway`_ (alternative, but in the future deprecated)
Depending on the solution, the ONAP helm values.yaml has to be configured.
See the :ref:`OOM customized deployment<oom_customize_overrides>` section for more details.
-Istio Gateway
-^^^^^^^^^^^^^
+Gateway-API (recommended)
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- Install the Gateway-API CRDs replacing the
+ <recommended-gwapi-version> with the version defined in
+ the :ref:`versions_table` table::
+
+ > kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/<recommended-gwapi-version>/experimental-install.yaml
+
+- Create a common Gateway instance named "common-gateway"
+ The following example uses provides listeners for HTTP(s), UDP and TCP
+
+ .. collapse:: common-gateway.yaml
+
+ .. include:: ../../resources/yaml/common-gateway.yaml
+ :code: yaml
+
+- Apply the change::
+
+ > kubectl apply -f common-gateway.yaml
+
+Istio Gateway (alternative)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Create a namespace istio-ingress for the Istio Ingress gateway
and enable istio-injection::
@@ -323,18 +344,6 @@ Istio Gateway
--version <recommended-istio-version> -f ingress-istio.yaml --wait
-Gateway-API
-^^^^^^^^^^^
-
-- Install the Gateway-API CRDs replacing the
- <recommended-gwapi-version> with the version defined in
- the :ref:`versions_table` table::
-
- > kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/<recommended-gwapi-version>/experimental-install.yaml
-
-- Create a common Gateway instance
- TBD
-
Keycloak Installation
---------------------
diff --git a/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst b/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst
index e46bee1c04..3d824c7171 100644
--- a/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst
+++ b/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst
@@ -39,7 +39,7 @@ See the :ref:`OOM customized deployment<oom_customize_overrides>` section for mo
.. rubric:: Software Requirements
-The versions of software that are supported by OOM are as follows:
+The versions of software that are supported and tested by OOM are as follows:
.. _versions_table:
@@ -50,7 +50,7 @@ The versions of software that are supported by OOM are as follows:
============== =========== ======= ======== ======== ============= ========
Kohn 1.23.8 3.8.2 1.23.8 20.10.x 1.8.0 0.32.0
London 1.23.8 3.8.2 1.23.x 20.10.x 1.12.2 0.35.0
- Montreal 1.23.8 3.10.2 1.23.x 20.10.x 1.12.2 0.35.0
+ Montreal 1.27.5 3.12.3 1.27.x 20.10.x 1.13.2 0.36.1
============== =========== ======= ======== ======== ============= ========
.. table:: OOM Software Requirements (production)
@@ -59,7 +59,7 @@ The versions of software that are supported by OOM are as follows:
Release Istio Gateway-API Keycloak
============== ====== ============ ==============
London 1.17.2 v0.6.2 19.0.3-legacy
- Montreal 1.17.2 v0.6.2 19.0.3-legacy
+ Montreal 1.19.3 v1.0.0 19.0.3-legacy
============== ====== ============ ==============
.. table:: OOM Software Requirements (optional)
@@ -69,5 +69,5 @@ The versions of software that are supported by OOM are as follows:
============== ================= ========== =================
Kohn 35.x
London 45.x 1.6.1
- Montreal 45.x 1.9.1 0.21.0
+ Montreal 45.x 1.10.2 0.23.1
============== ================= ========== =================
diff --git a/docs/sections/guides/infra_guides/oom_infra_ingres_controller_setup.rst b/docs/sections/guides/infra_guides/oom_infra_ingres_controller_setup.rst
deleted file mode 100644
index 3fb68f8b95..0000000000
--- a/docs/sections/guides/infra_guides/oom_infra_ingres_controller_setup.rst
+++ /dev/null
@@ -1,181 +0,0 @@
-.. This work is licensed under a Creative Commons Attribution 4.0
-.. International License.
-.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2020, Samsung Electronics
-.. Modification copyright (C) 2022 Nordix Foundation
-
-.. Links
-.. _metallb Metal Load Balancer installation: https://metallb.universe.tf/installation/
-
-.. _oom_setup_ingress_controller:
-
-OOM Ingress controller setup
-============================
-
-.. warning::
- This guide does not describe the Istio Ingress Gateway configuration
- required for the ONAP Production Setup in London
- The installation of Istio Ingress (and Gateway-API) is described in
- :ref:`OOM Base Platform<oom_base_setup_guide>`
-
-This optional guide provides instruction how to setup experimental ingress controller
-feature. For this, we are hosting our cluster on OpenStack VMs and using the
-Rancher Kubernetes Engine (RKE) to deploy and manage our Kubernetes Cluster and
-ingress controller
-
-.. contents::
- :backlinks: top
- :depth: 1
- :local:
-..
-
-The result at the end of this tutorial will be:
-
-#. Customization of the cluster.yaml file for ingress controller support
-
-#. Installation and configuration test DNS server for ingress host resolution
- on testing machines
-
-#. Installation and configuration MLB (Metal Load Balancer) required for
- exposing ingress service
-
-#. Installation and configuration NGINX ingress controller
-
-#. Additional info how to deploy ONAP with services exposed via Ingress
- controller
-
-Customize cluster.yml file
---------------------------
-
-Before setup cluster for ingress purposes DNS cluster IP and ingress provider
-should be configured and following:
-
-.. code-block:: yaml
-
- ---
- <...>
- restore:
- restore: false
- snapshot_name: ""
- ingress:
- provider: none
- dns:
- provider: coredns
- upstreamnameservers:
- - <custer_dns_ip>:31555
-
-Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE
-node.
-
-For external load balancer purposes, minimum one of the worker node should be
-configured with external IP address accessible outside the cluster. It can be
-done using the following example node configuration:
-
-.. code-block:: yaml
-
- ---
- <...>
- - address: <external_ip>
- internal_address: <internal_ip>
- port: "22"
- role:
- - worker
- hostname_override: "onap-worker-0"
- user: ubuntu
- ssh_key_path: "~/.ssh/id_rsa"
- <...>
-
-Where the <external_ip> is external worker node IP address, and <internal_ip>
-is internal node IP address if it is required.
-
-
-DNS server configuration and installation
------------------------------------------
-
-DNS server deployed on the Kubernetes cluster makes it easy to use services
-exposed through ingress controller because it resolves all subdomain related to
-the ONAP cluster to the load balancer IP. Testing ONAP cluster requires a lot
-of entries on the target machines in the /etc/hosts. Adding many entries into
-the configuration files on testing machines is quite problematic and error
-prone. The better wait is to create central DNS server with entries for all
-virtual host pointed to simpledemo.onap.org and add custom DNS server as a
-target DNS server for testing machines and/or as external DNS for Kubernetes
-cluster.
-
-DNS server has automatic installation and configuration script, so installation
-is quite easy::
-
- > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing
-
- > ./deploy\_dns.sh
-
-After DNS deploy you need to setup DNS entry on the target testing machine.
-Because DNS listen on non standard port configuration require iptables rules
-on the target machine. Please follow the configuration proposed by the deploy
-scripts.
-Example output depends on the IP address and example output looks like bellow::
-
- DNS server already deployed:
- 1. You can add the DNS server to the target machine using following commands:
- sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
- sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
- sudo sysctl -w net.ipv4.conf.all.route_localnet=1
- sudo sysctl -w net.ipv4.ip_forward=1
- 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
-
-
-MetalLB Load Balancer installation and configuration
-----------------------------------------------------
-
-By default pure Kubernetes cluster requires external load balancer if we want
-to expose external port using LoadBalancer settings. For this purpose MetalLB
-can be used. Before installing the MetalLB you need to ensure that at least one
-worker has assigned IP accessible outside the cluster.
-
-MetalLB Load balancer can be easily installed using automatic install script::
-
- > cd kubernetes/contrib/metallb-loadbalancer-inst
-
- > ./install-metallb-on-cluster.sh
-
-
-Configuration of the Nginx ingress controller
----------------------------------------------
-
-After installation of the DNS server and ingress controller, we can install and
-configure ingress controller.
-It can be done using the following commands::
-
- > cd kubernetes/contrib/ingress-nginx-post-inst
-
- > kubectl apply -f nginx_ingress_cluster_config.yaml
-
- > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml
-
-After deploying the NGINX ingress controller, you can ensure that the ingress port is
-exposed as load balancer service with an external IP address::
-
- > kubectl get svc -n ingress-nginx
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- default-http-backend ClusterIP 10.10.10.10 <none> 80/TCP 25h
- ingress-nginx LoadBalancer 10.10.10.11 10.12.13.14 80:31308/TCP,443:30314/TCP 24h
-
-
-ONAP with ingress exposed services
-----------------------------------
-
-If you want to deploy onap with services exposed through ingress controller you
-can use full onap deploy yaml::
-
- > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
-
-Ingress also can be enabled on any onap setup override using following code:
-
-.. code-block:: yaml
-
- ---
- <...>
- global:
- <...>
- ingress:
- enabled: true
--
cgit