Restore overwritten documents

Document changes made by other commits [1][2] have been overwritten in the commit [3]. This patch restores the contents that were overwritten and lost. [1] Ie5e080a20cba3ba0ed514ede7955eb16729d797c [2] Ia833ced5ea22bb7d62100487c202e35ef8082783 [3] I95df17a29afc6aa425f93235ac006e14719e2b0b Change-Id: Id05d0b4f7d902cb564d41cb2c9a9859505924221
2023-02-09 05:29:32 +00:00
parent 72f227262c
commit 68b8a71c00
2 changed files with 104 additions and 16 deletions
--- a/doc/source/user/etsi_containerized_vnf_usage_guide.rst
+++ b/doc/source/user/etsi_containerized_vnf_usage_guide.rst
@@ -51,6 +51,21 @@ parameters that can be obtained from the Kubernetes Master-node.
 For specific methods of obtaining "bearer_token" and "ssl_ca_cert",
 please refer to [#first]_.

+By using ``extra`` field, we can register VIM with Helm installed as
+the control target of Tacker.
+
+.. note::
+
+    * ``extra`` is an optional parameter.
+    * For VIM using Helm, the following preconditions need to be met:
+
+      * Use the specified user to login through ssh to execute the CLI
+        command of Helm.
+      * The specified user has sudo execution permissions for the
+        mkdir/chown/rm commands and does not require a password.
+      * Create the /var/tacker/helm directory on VIM as the transfer
+        destination for Helm chart files.
+
 .. code-block:: console

    $ cat vim-k8s.yaml
@@ -75,6 +90,72 @@ please refer to [#first]_.
    2ZrqgOcTmyFzFh9h2dj1DJWvCvExybRmzWK1e8JMzTb40MEApyY=
    -----END CERTIFICATE-----"
    type: "kubernetes"
+    extra:
+      helm_info:
+        masternode_ip:
+        - "192.168.33.100"
+        masternode_username: "helm_user"
+        masternode_password: "helm_pass"
+
+In addition to using ``bearer_token`` to authenticate with Kubernetes ,
+OpenID token [#sixth]_ is also supported. The following sample specifies
+``oidc_token_url``, ``client_id``, ``client_secret``, ``username``, ``password``
+instead of ``bearer_token`` for OpenID token authentication.
+
+Before using OpenID token authentication, additional settings are required.
+Please refer to [#seventh]_, and how to get the values of the ``oidc_token_url``,
+``client_id``, ``client_secret``, ``username``, ``password`` and ``ssl_ca_cert``
+parameters is documented.
+
+The SSL certificates of Kubernetes and OpenID provider are concatenated
+in ``ssl_ca_cert``.
+
+.. code-block:: console
+
+   $ cat vim-k8s.yaml
+   auth_url: "https://192.168.33.100:6443"
+   project_name: "default"
+   oidc_token_url: "https://192.168.33.100:8443/realms/oidc/protocol/openid-connect/token"
+   client_id: "tacker"
+   client_secret: "A93HfOUpySm6BjPug9PJdJumjEGUJMhc"
+   username: "end-user"
+   password: "end-user"
+   ssl_ca_cert: "-----BEGIN CERTIFICATE-----
+   MIICwjCCAaqgAwIBAgIBADANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDEwdrdWJl
+   LWNhMB4XDTIwMDgyNjA5MzIzMVoXDTMwMDgyNDA5MzIzMVowEjEQMA4GA1UEAxMH
+   a3ViZS1jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxkeE16lPAd
+   pfJj5GJMvZJFcX/CD6EB/LUoKwGmqVoOUQPd3b/NGy+qm+3bO9EU73epUPsVaWk2
+   Lr+Z1ua7u+iib/OMsfsSXMZ5OEPgd8ilrTGhXOH8jDkif9w1NtooJxYSRcHEwxVo
+   +aXdIJhqKdw16NVP/elS9KODFdRZDfQ6vU5oHSg3gO49kgv7CaxFdkF7QEHbchsJ
+   0S1nWMPAlUhA5b8IAx0+ecPlMYUGyGQIQgjgtHgeawJebH3PWy32UqfPhkLPzxsy
+   TSxk6akiXJTg6mYelscuxPLSe9UqNvHRIUoad3VnkF3+0CJ1z0qvfWIrzX3w92/p
+   YsDBZiP6vi8CAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMB
+   Af8wDQYJKoZIhvcNAQELBQADggEBAIbv2ulEcQi019jKz4REy7ZyH8+ExIUBBuIz
+   InAkfxNNxV83GkdyA9amk+LDoF/IFLMltAMM4b033ZKO5RPrHoDKO+xCA0yegYqU
+   BViaUiEXIvi/CcDpT9uh2aNO8wX5T/B0WCLfWFyiK+rr9qcosFYxWSdU0kFeg+Ln
+   YAaeFY65ZWpCCyljGpr2Vv11MAq1Tws8rEs3rg601SdKhBmkgcTAcCzHWBXR1P8K
+   rfzd6h01HhIomWzM9xrP2/2KlYRvExDLpp9qwOdMSanrszPDuMs52okXgfWnEqlB
+   2ZrqgOcTmyFzFh9h2dj1DJWvCvExybRmzWK1e8JMzTb40MEApyY=
+   -----END CERTIFICATE-----
+   -----BEGIN CERTIFICATE-----
+   MIIC7TCCAdWgAwIBAgIUQK2k5uNvlRLx43LI/t3a2/A/3iQwDQYJKoZIhvcNAQEL
+   BQAwFTETMBEGA1UEAxMKa3ViZXJuZXRlczAeFw0yMjA4MDQwNjIwNTFaFw0yMzA4
+   MDQwNjIwNTFaMBMxETAPBgNVBAMMCEtleWNsb2FrMIIBIjANBgkqhkiG9w0BAQEF
+   AAOCAQ8AMIIBCgKCAQEAni7HWLn2IpUImGO1sbBf/XuqATkXSeIIRuQuFymwYPoX
+   BP7RowzrbfF9KUwdIKlz9IXjqb1hplumiqNy1Sc7MmrTY9Fj87MNAMlnCIvyWkjE
+   XVXWxGef49mqc85P2K1iuAsr2R7sDrv7SC0ch+lHclOjGDmCjKOk8qF3kD1LATWg
+   zf42aXb4nNF9kyIOPEbI+jX4PWhAQpEz5nIG+xIRjTHGfacjpeg0+XOK21wLAuQB
+   fqebJ6GxX4OzB37ZtLLgrKyBYWaWuYkWbexVRM3wEvQu8ENkvhV017iPuPHSxNWx
+   Y8z072XMs9j8XRQD65EVqObXyizotPRJF4slEJ9qMQIDAQABozcwNTAJBgNVHRME
+   AjAAMAsGA1UdDwQEAwIF4DAbBgNVHREEFDAShwR/AAABhwTAqAIhhwQKCgCMMA0G
+   CSqGSIb3DQEBCwUAA4IBAQBebjmNHd8sJXjvPQc3uY/3KSDpk9AYfYzhUZvcvLNg
+   z0llFqXHaFlMqHTsz1tOH4Ns4PDKKoRT0JIKC1FkvjzqgL+X2jWFS0NRoNyd3W3B
+   yHLEL7MdQqDR+tZX02EGfaGXjuy8GHIU4J2hXhohmpn6ntfiRONfY8jaEjIecPFS
+   IwZWXNhsDESa1zuDe0PatES/Ati8bAUpN2rb/7rsE/AeM5GXpQfOKV0XxdIeBZ82
+   Vf5cUDWPipvq2Q9KS+yrTvEObGtA6gKhQ4bpz3MieU3N8AtQpEKtROH7mJWMHyl2
+   roD1k8KeJlfvR/XcVTGFcgIdNLfKIdd99Xfi4gSaIKuw
+   -----END CERTIFICATE-----"
+   type: "kubernetes"

 2. Register Kubernetes VIM
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -124,6 +205,7 @@ the [1. Create a config file] chapter.
    | auth_url       | https://192.168.33.100:6443                                                                                     |
    | created_at     | 2020-10-19 08:08:12.116040                                                                                      |
    | description    |                                                                                                                 |
+    | extra          | helm_info=masternode_ip=['192.168.33.100'], masternode_password=helm_user, masternode_username=helm_pass        |
    | id             | 8d8373fe-6977-49ff-83ac-7756572ed186                                                                            |
    | is_default     | True                                                                                                            |
    | name           | test-vim-k8s                                                                                                    |
@@ -158,6 +240,9 @@ Also we can check if the status of VIM is REACHABLE by

 Prepare VNF Package
 ===================
+
+If we want to deploy CNF through helm, we can refer to `Prepare VNF Package`_.
+
 1. Create Directories of VNF Package
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 TOSCA YAML CSAR file is an archive file using the ZIP file format whose
@@ -649,6 +734,9 @@ After the command is executed, the generated ID is ``VNF instance ID``.

 Instantiate VNF
 ===============
+
+If we want to deploy CNF through helm, we can refer to `Instantiate VNF`_.
+
 1. Set the Value to the Request Parameter File
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Get the ID of target VIM.
@@ -876,3 +964,7 @@ References
 .. [#third] https://specs.openstack.org/openstack/tacker-specs/specs/victoria/container-network-function.html#kubernetes-resource-kind-support
 .. [#fourth] https://docs.openstack.org/tacker/latest/user/vnfd-sol001.html
 .. [#fifth] https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names
+.. [#sixth] https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens
+.. [#seventh] https://docs.openstack.org/tacker/latest/reference/kubernetes_openid_token_auth_usage_guide.html
+.. _Prepare VNF Package : https://docs.openstack.org/tacker/latest/user/mgmt_driver_deploy_k8s_and_cnf_with_helm.html#prepare-vnf-package
+.. _Instantiate VNF : https://docs.openstack.org/tacker/latest/user/mgmt_driver_deploy_k8s_and_cnf_with_helm.html#instantiate-vnf
--- a/doc/source/user/mgmt_driver_deploy_k8s_and_cnf_with_helm.rst
+++ b/doc/source/user/mgmt_driver_deploy_k8s_and_cnf_with_helm.rst
@@ -223,28 +223,22 @@ Deployment`_.

 Prepare Kubernetes VIM
 ^^^^^^^^^^^^^^^^^^^^^^
-The following change is required from original section `Prepare Kubernetes
-VIM`_:
-
-* Skip the VIM registration procedure
+First, you need to prepare a server with Kubernetes and Helm installed.
+If the server is deployed by :ref:`Deploy Kubernetes Cluster by helm`,
+you can skip steps 1 and 2 below.

 1. Create a Config File
 ~~~~~~~~~~~~~~~~~~~~~~~
-This step is not required because it is performed in conjunction with the VIM
-registration during the Helm installation procedure.
-After completing the procedures in this chapter, execute the following
-:ref:`Register Kubernetes VIM by helm charts` instead of conventional procedure
-(`2. Register Kubernetes VIM`_).
-
-.. _Register Kubernetes VIM by helm charts:
+You can refer to the `Create a Config File`_ section to create a config file.

 2. Register Kubernetes VIM
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
-If Helm is used, no new registration is required because
-:ref:`Deploy Kubernetes Cluster by helm` registers VIM when Kubernetes Cluster
-is deployed.
-For the registered VIM information, confirm that the VIM registered in
-:ref:`Deploy Kubernetes Cluster by helm` exists and the Status is "REACHABLE".
+You can refer to the `Register Kubernetes VIM`_ section to register VIM.
+
+3. Confirm VIM status
+~~~~~~~~~~~~~~~~~~~~~
+For the registered VIM information, confirm that the VIM exists and
+the Status is "REACHABLE".

 .. code-block:: console

@@ -528,6 +522,8 @@ Reference
 .. _Instantiate VNF : https://docs.openstack.org/tacker/latest/user/etsi_containerized_vnf_usage_guide.html#set-the-value-to-the-request-parameter-file
 .. _1. Set the Value to the Request Parameter File : https://docs.openstack.org/tacker/latest/user/etsi_containerized_vnf_usage_guide.html#set-the-value-to-the-request-parameter-file
 .. _4. Check the Deployment in Kubernetes : https://docs.openstack.org/tacker/latest/user/etsi_containerized_vnf_usage_guide.html#check-the-deployment-in-kubernetes
+.. _Create a Config File : https://docs.openstack.org/tacker/latest/user/etsi_containerized_vnf_usage_guide.html#create-a-config-file
+.. _Register Kubernetes VIM : https://docs.openstack.org/tacker/latest/user/etsi_containerized_vnf_usage_guide.html#register-kubernetes-vim

 .. [#Helm-Create] : https://helm.sh/docs/helm/helm_create/
 .. [#Helm-Package] : https://helm.sh/docs/helm/helm_package/