From 68b8a71c00df4e0934c6795a18e0cc398d0d5ba1 Mon Sep 17 00:00:00 2001 From: Ayumu Ueha Date: Thu, 9 Feb 2023 05:29:32 +0000 Subject: [PATCH] Restore overwritten documents Document changes made by other commits [1][2] have been overwritten in the commit [3]. This patch restores the contents that were overwritten and lost. [1] Ie5e080a20cba3ba0ed514ede7955eb16729d797c [2] Ia833ced5ea22bb7d62100487c202e35ef8082783 [3] I95df17a29afc6aa425f93235ac006e14719e2b0b Change-Id: Id05d0b4f7d902cb564d41cb2c9a9859505924221 --- .../etsi_containerized_vnf_usage_guide.rst | 92 +++++++++++++++++++ ...mt_driver_deploy_k8s_and_cnf_with_helm.rst | 28 +++--- 2 files changed, 104 insertions(+), 16 deletions(-) diff --git a/doc/source/user/etsi_containerized_vnf_usage_guide.rst b/doc/source/user/etsi_containerized_vnf_usage_guide.rst index da6b6e738..33c3d40dd 100644 --- a/doc/source/user/etsi_containerized_vnf_usage_guide.rst +++ b/doc/source/user/etsi_containerized_vnf_usage_guide.rst @@ -51,6 +51,21 @@ parameters that can be obtained from the Kubernetes Master-node. For specific methods of obtaining "bearer_token" and "ssl_ca_cert", please refer to [#first]_. +By using ``extra`` field, we can register VIM with Helm installed as +the control target of Tacker. + +.. note:: + + * ``extra`` is an optional parameter. + * For VIM using Helm, the following preconditions need to be met: + + * Use the specified user to login through ssh to execute the CLI + command of Helm. + * The specified user has sudo execution permissions for the + mkdir/chown/rm commands and does not require a password. + * Create the /var/tacker/helm directory on VIM as the transfer + destination for Helm chart files. + .. code-block:: console $ cat vim-k8s.yaml @@ -75,6 +90,72 @@ please refer to [#first]_. 2ZrqgOcTmyFzFh9h2dj1DJWvCvExybRmzWK1e8JMzTb40MEApyY= -----END CERTIFICATE-----" type: "kubernetes" + extra: + helm_info: + masternode_ip: + - "192.168.33.100" + masternode_username: "helm_user" + masternode_password: "helm_pass" + +In addition to using ``bearer_token`` to authenticate with Kubernetes , +OpenID token [#sixth]_ is also supported. The following sample specifies +``oidc_token_url``, ``client_id``, ``client_secret``, ``username``, ``password`` +instead of ``bearer_token`` for OpenID token authentication. + +Before using OpenID token authentication, additional settings are required. +Please refer to [#seventh]_, and how to get the values of the ``oidc_token_url``, +``client_id``, ``client_secret``, ``username``, ``password`` and ``ssl_ca_cert`` +parameters is documented. + +The SSL certificates of Kubernetes and OpenID provider are concatenated +in ``ssl_ca_cert``. + +.. code-block:: console + + $ cat vim-k8s.yaml + auth_url: "https://192.168.33.100:6443" + project_name: "default" + oidc_token_url: "https://192.168.33.100:8443/realms/oidc/protocol/openid-connect/token" + client_id: "tacker" + client_secret: "A93HfOUpySm6BjPug9PJdJumjEGUJMhc" + username: "end-user" + password: "end-user" + ssl_ca_cert: "-----BEGIN CERTIFICATE----- + MIICwjCCAaqgAwIBAgIBADANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDEwdrdWJl + LWNhMB4XDTIwMDgyNjA5MzIzMVoXDTMwMDgyNDA5MzIzMVowEjEQMA4GA1UEAxMH + a3ViZS1jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxkeE16lPAd + pfJj5GJMvZJFcX/CD6EB/LUoKwGmqVoOUQPd3b/NGy+qm+3bO9EU73epUPsVaWk2 + Lr+Z1ua7u+iib/OMsfsSXMZ5OEPgd8ilrTGhXOH8jDkif9w1NtooJxYSRcHEwxVo + +aXdIJhqKdw16NVP/elS9KODFdRZDfQ6vU5oHSg3gO49kgv7CaxFdkF7QEHbchsJ + 0S1nWMPAlUhA5b8IAx0+ecPlMYUGyGQIQgjgtHgeawJebH3PWy32UqfPhkLPzxsy + TSxk6akiXJTg6mYelscuxPLSe9UqNvHRIUoad3VnkF3+0CJ1z0qvfWIrzX3w92/p + YsDBZiP6vi8CAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMB + Af8wDQYJKoZIhvcNAQELBQADggEBAIbv2ulEcQi019jKz4REy7ZyH8+ExIUBBuIz + InAkfxNNxV83GkdyA9amk+LDoF/IFLMltAMM4b033ZKO5RPrHoDKO+xCA0yegYqU + BViaUiEXIvi/CcDpT9uh2aNO8wX5T/B0WCLfWFyiK+rr9qcosFYxWSdU0kFeg+Ln + YAaeFY65ZWpCCyljGpr2Vv11MAq1Tws8rEs3rg601SdKhBmkgcTAcCzHWBXR1P8K + rfzd6h01HhIomWzM9xrP2/2KlYRvExDLpp9qwOdMSanrszPDuMs52okXgfWnEqlB + 2ZrqgOcTmyFzFh9h2dj1DJWvCvExybRmzWK1e8JMzTb40MEApyY= + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIC7TCCAdWgAwIBAgIUQK2k5uNvlRLx43LI/t3a2/A/3iQwDQYJKoZIhvcNAQEL + BQAwFTETMBEGA1UEAxMKa3ViZXJuZXRlczAeFw0yMjA4MDQwNjIwNTFaFw0yMzA4 + MDQwNjIwNTFaMBMxETAPBgNVBAMMCEtleWNsb2FrMIIBIjANBgkqhkiG9w0BAQEF + AAOCAQ8AMIIBCgKCAQEAni7HWLn2IpUImGO1sbBf/XuqATkXSeIIRuQuFymwYPoX + BP7RowzrbfF9KUwdIKlz9IXjqb1hplumiqNy1Sc7MmrTY9Fj87MNAMlnCIvyWkjE + XVXWxGef49mqc85P2K1iuAsr2R7sDrv7SC0ch+lHclOjGDmCjKOk8qF3kD1LATWg + zf42aXb4nNF9kyIOPEbI+jX4PWhAQpEz5nIG+xIRjTHGfacjpeg0+XOK21wLAuQB + fqebJ6GxX4OzB37ZtLLgrKyBYWaWuYkWbexVRM3wEvQu8ENkvhV017iPuPHSxNWx + Y8z072XMs9j8XRQD65EVqObXyizotPRJF4slEJ9qMQIDAQABozcwNTAJBgNVHRME + AjAAMAsGA1UdDwQEAwIF4DAbBgNVHREEFDAShwR/AAABhwTAqAIhhwQKCgCMMA0G + CSqGSIb3DQEBCwUAA4IBAQBebjmNHd8sJXjvPQc3uY/3KSDpk9AYfYzhUZvcvLNg + z0llFqXHaFlMqHTsz1tOH4Ns4PDKKoRT0JIKC1FkvjzqgL+X2jWFS0NRoNyd3W3B + yHLEL7MdQqDR+tZX02EGfaGXjuy8GHIU4J2hXhohmpn6ntfiRONfY8jaEjIecPFS + IwZWXNhsDESa1zuDe0PatES/Ati8bAUpN2rb/7rsE/AeM5GXpQfOKV0XxdIeBZ82 + Vf5cUDWPipvq2Q9KS+yrTvEObGtA6gKhQ4bpz3MieU3N8AtQpEKtROH7mJWMHyl2 + roD1k8KeJlfvR/XcVTGFcgIdNLfKIdd99Xfi4gSaIKuw + -----END CERTIFICATE-----" + type: "kubernetes" 2. Register Kubernetes VIM ~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -124,6 +205,7 @@ the [1. Create a config file] chapter. | auth_url | https://192.168.33.100:6443 | | created_at | 2020-10-19 08:08:12.116040 | | description | | + | extra | helm_info=masternode_ip=['192.168.33.100'], masternode_password=helm_user, masternode_username=helm_pass | | id | 8d8373fe-6977-49ff-83ac-7756572ed186 | | is_default | True | | name | test-vim-k8s | @@ -158,6 +240,9 @@ Also we can check if the status of VIM is REACHABLE by Prepare VNF Package =================== + +If we want to deploy CNF through helm, we can refer to `Prepare VNF Package`_. + 1. Create Directories of VNF Package ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TOSCA YAML CSAR file is an archive file using the ZIP file format whose @@ -649,6 +734,9 @@ After the command is executed, the generated ID is ``VNF instance ID``. Instantiate VNF =============== + +If we want to deploy CNF through helm, we can refer to `Instantiate VNF`_. + 1. Set the Value to the Request Parameter File ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get the ID of target VIM. @@ -876,3 +964,7 @@ References .. [#third] https://specs.openstack.org/openstack/tacker-specs/specs/victoria/container-network-function.html#kubernetes-resource-kind-support .. [#fourth] https://docs.openstack.org/tacker/latest/user/vnfd-sol001.html .. [#fifth] https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names +.. [#sixth] https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens +.. [#seventh] https://docs.openstack.org/tacker/latest/reference/kubernetes_openid_token_auth_usage_guide.html +.. _Prepare VNF Package : https://docs.openstack.org/tacker/latest/user/mgmt_driver_deploy_k8s_and_cnf_with_helm.html#prepare-vnf-package +.. _Instantiate VNF : https://docs.openstack.org/tacker/latest/user/mgmt_driver_deploy_k8s_and_cnf_with_helm.html#instantiate-vnf diff --git a/doc/source/user/mgmt_driver_deploy_k8s_and_cnf_with_helm.rst b/doc/source/user/mgmt_driver_deploy_k8s_and_cnf_with_helm.rst index bdbbb60ae..4b957c997 100644 --- a/doc/source/user/mgmt_driver_deploy_k8s_and_cnf_with_helm.rst +++ b/doc/source/user/mgmt_driver_deploy_k8s_and_cnf_with_helm.rst @@ -223,28 +223,22 @@ Deployment`_. Prepare Kubernetes VIM ^^^^^^^^^^^^^^^^^^^^^^ -The following change is required from original section `Prepare Kubernetes -VIM`_: - -* Skip the VIM registration procedure +First, you need to prepare a server with Kubernetes and Helm installed. +If the server is deployed by :ref:`Deploy Kubernetes Cluster by helm`, +you can skip steps 1 and 2 below. 1. Create a Config File ~~~~~~~~~~~~~~~~~~~~~~~ -This step is not required because it is performed in conjunction with the VIM -registration during the Helm installation procedure. -After completing the procedures in this chapter, execute the following -:ref:`Register Kubernetes VIM by helm charts` instead of conventional procedure -(`2. Register Kubernetes VIM`_). - -.. _Register Kubernetes VIM by helm charts: +You can refer to the `Create a Config File`_ section to create a config file. 2. Register Kubernetes VIM ~~~~~~~~~~~~~~~~~~~~~~~~~~ -If Helm is used, no new registration is required because -:ref:`Deploy Kubernetes Cluster by helm` registers VIM when Kubernetes Cluster -is deployed. -For the registered VIM information, confirm that the VIM registered in -:ref:`Deploy Kubernetes Cluster by helm` exists and the Status is "REACHABLE". +You can refer to the `Register Kubernetes VIM`_ section to register VIM. + +3. Confirm VIM status +~~~~~~~~~~~~~~~~~~~~~ +For the registered VIM information, confirm that the VIM exists and +the Status is "REACHABLE". .. code-block:: console @@ -528,6 +522,8 @@ Reference .. _Instantiate VNF : https://docs.openstack.org/tacker/latest/user/etsi_containerized_vnf_usage_guide.html#set-the-value-to-the-request-parameter-file .. _1. Set the Value to the Request Parameter File : https://docs.openstack.org/tacker/latest/user/etsi_containerized_vnf_usage_guide.html#set-the-value-to-the-request-parameter-file .. _4. Check the Deployment in Kubernetes : https://docs.openstack.org/tacker/latest/user/etsi_containerized_vnf_usage_guide.html#check-the-deployment-in-kubernetes +.. _Create a Config File : https://docs.openstack.org/tacker/latest/user/etsi_containerized_vnf_usage_guide.html#create-a-config-file +.. _Register Kubernetes VIM : https://docs.openstack.org/tacker/latest/user/etsi_containerized_vnf_usage_guide.html#register-kubernetes-vim .. [#Helm-Create] : https://helm.sh/docs/helm/helm_create/ .. [#Helm-Package] : https://helm.sh/docs/helm/helm_package/