From: Piotr Marcinkiewicz Date: Thu, 29 Apr 2021 11:29:02 +0000 (+0200) Subject: [PLATFORM] Remove certificate generation deployment X-Git-Tag: 9.0.0~271^2 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=commitdiff_plain;h=2ca8a4737653e6a5ba963aff53b2f4e0ebd6ce9d [PLATFORM] Remove certificate generation deployment - remove certificate generation deployment - change certificate secret for provider (from server to client) - correct documentation Issue-ID: OOM-2712 Signed-off-by: Piotr Marcinkiewicz Change-Id: I21a8e277e1fd5f5190c7b67fb6ef97c1b3355230 --- diff --git a/docs/oom_cloud_setup_guide.rst b/docs/oom_cloud_setup_guide.rst index 8431cf794a..033ba43fe4 100644 --- a/docs/oom_cloud_setup_guide.rst +++ b/docs/oom_cloud_setup_guide.rst @@ -46,9 +46,9 @@ The versions of Kubernetes that are supported by OOM are as follows: .. table:: OOM Software Requirements - ============== =========== ======= ======== ======== - Release Kubernetes Helm kubectl Docker - ============== =========== ======= ======== ======== + ============== =========== ======= ======== ======== ============ + Release Kubernetes Helm kubectl Docker Cert-Manager + ============== =========== ======= ======== ======== ============ amsterdam 1.7.x 2.3.x 1.7.x 1.12.x beijing 1.8.10 2.8.2 1.8.10 17.03.x casablanca 1.11.5 2.9.1 1.11.5 17.03.x @@ -57,7 +57,8 @@ The versions of Kubernetes that are supported by OOM are as follows: frankfurt 1.15.9 2.16.6 1.15.11 18.09.x guilin 1.15.11 2.16.10 1.15.11 18.09.x Honolulu 1.19.9 3.5.2 1.19.9 19.03.x - ============== =========== ======= ======== ======== + Istanbul 1.2.0 + ============== =========== ======= ======== ======== ============ .. note:: Guilin version also supports Kubernetes up to version 1.19.x and should work diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst index 2fedc091d8..d573c94bb0 100644 --- a/docs/oom_quickstart_guide.rst +++ b/docs/oom_quickstart_guide.rst @@ -33,13 +33,19 @@ where can be an official release tag, such as > cp -R ~/oom/kubernetes/helm/plugins/ ~/.local/share/helm/plugins > helm plugin install https://github.com/chartmuseum/helm-push.git -**Step 3** Install Chartmuseum:: +**Step 3.** Install Chartmuseum:: > curl -LO https://s3.amazonaws.com/chartmuseum/release/latest/bin/linux/amd64/chartmuseum > chmod +x ./chartmuseum > mv ./chartmuseum /usr/local/bin -**Step 4.** Customize the Helm charts like `oom/kubernetes/onap/values.yaml` or +**Step 4.** Install Cert-Manager:: + + > kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml + +More details can be found :doc:`here `. + +**Step 5.** Customize the Helm charts like `oom/kubernetes/onap/values.yaml` or an override file like `onap-all.yaml`, `onap-vfw.yaml` or `openstack.yaml` file to suit your deployment with items like the OpenStack tenant information. @@ -67,12 +73,6 @@ to suit your deployment with items like the OpenStack tenant information. -.. note:: - If you want to use CMPv2 certificate onboarding, Cert-Manager must be installed. - :doc:`Click here ` to see how to install Cert-Manager. - - - a. Enabling/Disabling Components: Here is an example of the nominal entries that need to be provided. We have different values file available for different contexts. @@ -154,7 +154,7 @@ Example Keystone v3 (required for Rocky and later releases) :language: yaml -**Step 5.** To setup a local Helm server to server up the ONAP charts:: +**Step 6.** To setup a local Helm server to server up the ONAP charts:: > chartmuseum --storage local --storage-local-rootdir ~/helm3-storage -port 8879 & @@ -163,13 +163,13 @@ follows:: > helm repo add local http://127.0.0.1:8879 -**Step 6.** Verify your Helm repository setup with:: +**Step 7.** Verify your Helm repository setup with:: > helm repo list NAME URL local http://127.0.0.1:8879 -**Step 7.** Build a local Helm repository (from the kubernetes directory):: +**Step 8.** Build a local Helm repository (from the kubernetes directory):: > make SKIP_LINT=TRUE [HELM_BIN=] all ; make SKIP_LINT=TRUE [HELM_BIN=] onap @@ -177,7 +177,7 @@ follows:: Sets the helm binary to be used. The default value use helm from PATH -**Step 8.** Display the onap charts that available to be deployed:: +**Step 9.** Display the onap charts that available to be deployed:: > helm repo update > helm search repo onap @@ -189,7 +189,7 @@ follows:: to your deployment charts or values be sure to use ``make`` to update your local Helm repository. -**Step 9.** Once the repo is setup, installation of ONAP can be done with a +**Step 10.** Once the repo is setup, installation of ONAP can be done with a single command .. note:: @@ -237,7 +237,7 @@ needs. you want to use to deploy VNFs from ONAP and/or additional parameters for the embedded tests. -**Step 10.** Verify ONAP installation +**Step 11.** Verify ONAP installation Use the following to monitor your deployment and determine when ONAP is ready for use:: @@ -251,7 +251,7 @@ for use:: > ~/oom/kubernetes/robot/ete-k8s.sh onap health -**Step 11.** Undeploy ONAP +**Step 12.** Undeploy ONAP :: > helm undeploy dev diff --git a/docs/oom_setup_paas.rst b/docs/oom_setup_paas.rst index 258a4eeadf..845fd473e0 100644 --- a/docs/oom_setup_paas.rst +++ b/docs/oom_setup_paas.rst @@ -9,11 +9,11 @@ .. _oom_setup_paas: -ONAP PaaS set-up (optional) -########################### +ONAP PaaS set-up +################ Starting from Honolulu release, Cert-Manager and Prometheus Stack are a part -of k8s PaaS for ONAP operations and can be optionally installed to provide +of k8s PaaS for ONAP operations and can be installed to provide additional functionality for ONAP engineers. The versions of PaaS compoents that are supported by OOM are as follows: @@ -63,8 +63,8 @@ Installation can be as simple as:: > kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml -Prometheus Stack -================ +Prometheus Stack (optional) +=========================== Prometheus is an open-source systems monitoring and alerting toolkit with an active ecosystem. diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst index 02f5c483b5..3a707e25ea 100644 --- a/docs/oom_user_guide.rst +++ b/docs/oom_user_guide.rst @@ -55,8 +55,8 @@ ONAP with a few simple commands. Pre-requisites -------------- -Your environment must have both the Kubernetes `kubectl` and Helm setup as a -one time activity. +Your environment must have the Kubernetes `kubectl` with Cert-Manager +and Helm setup as a one time activity. Install Kubectl ~~~~~~~~~~~~~~~ @@ -78,6 +78,11 @@ Verify that the Kubernetes config is correct:: At this point you should see Kubernetes pods running. +Install Cert-Manager +~~~~~~~~~~~~~~~~~~~~ +Details on how to install Cert-Manager can be found +:doc:`here `. + Install Helm ~~~~~~~~~~~~ Helm is used by OOM for package and configuration management. To install Helm, diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml index c34ebad982..fd34b1ef28 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml @@ -73,7 +73,7 @@ cmpv2issuer: certEndpoint: v1/certificate caName: RA certSecretRef: - name: oom-cert-service-server-tls-secret + name: oom-cert-service-client-tls-secret certRef: tls.crt keyRef: tls.key cacertRef: ca.crt diff --git a/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml deleted file mode 100644 index ba12874eb6..0000000000 --- a/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* - # Copyright © 2020, Nokia - # - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. -*/}} - -{{- if .Values.global.offlineDeploymentBuild }} -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: {{- include "common.selectors" . | nindent 4 }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - containers: - - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.certificateGenerationImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{ end -}} diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index 829d3a01d1..2e149683d7 100644 --- a/kubernetes/platform/components/oom-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -22,7 +22,6 @@ global: # Standard OOM pullPolicy: "Always" repository: "nexus3.onap.org:10001" - offlineDeploymentBuild: false # Service configuration @@ -33,9 +32,6 @@ service: port: 8443 port_protocol: http -# Certificates generation configuration -certificateGenerationImage: onap/integration-java11:7.2.0 - # Deployment configuration repository: "nexus3.onap.org:10001" image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3