2 # ============LICENSE_START=======================================================
3 # Copyright (C) 2022 Nordix Foundation.
4 # ================================================================================
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
17 # SPDX-License-Identifier: Apache-2.0
18 # ============LICENSE_END=========================================================
20 This collection of files represent rapp service exposure prototyping in O-RAN.
21 Prerequisites: Istio should be installed on your cluster with the demo profile. You may need to add istioctl to you $PATH variable.
22 istioctl install --set profile=demo
23 Please refer to the istio documentation for more information.
24 You will also need cfssl installed on your system: sudo apt install golang-cfssl
25 Please refer to the K8s documentation: Manage TLS Certificates in a Cluster
26 The deployments have been implemented and tested using minikube.
27 If you are not using minikube, references to "minikube ip" should be changed to the appropiate value for you host.
28 To replicate these tests you will need to setup the various host path referenced in the yaml files on your own machine.
30 chartmuseum.yaml: path: /var/chartmuseum/charts
31 keycloak.yaml: path: /var/keycloak/certs
32 postgres.yaml: path: "/var/keycloak/data2"
33 rapps-keycloak-mgr.yaml: path: /var/rapps/certs
34 rapps-webhook.yaml: "-hostPath", "/var/rapps/certs"
36 or change them to match your own setup.
38 The certs directory contains 3 shell scripts for creating the server, client and webhook certs: server_certs.sh, client_certs.sh and webhook_certs.sh
39 Certs generated by the server_certs.sh script: rootCA.crt, tls.crt and tls.key go in the "/var/keycloak/certs" directory
40 Certs generated by the client_certs.sh script: client.crt, client.key and rootCA.crt go in the "/var/rapps/certs" directory
41 The webhook_certs.sh script generates certs for use in the MutatingWebhookConfiguration.yaml and the rapps-webhook.yaml files.
42 To configure MutatingWebhookConfiguration.yaml run the following commands:
43 1. ca_pem_b64="$(openssl base64 -A <"./certs/ca.pem")"
44 2. sed -i 's/${CA_PEM_B64}/'"$ca_pem_b64"'/g' MutatingWebhookConfiguration.yaml
46 To configure rapps-webhook.yaml append the rapps-webhook-tls.yaml file to the end of it
47 1. cat rapps-webhook.yaml ./certs/rapps-webhook-tls.yaml >> rapps-webhook.yaml.tmp
48 2. mv rapps-webhook.yaml.tmp rapps-webhook.yaml
50 Create the istio-nonrtric namespace and enable it for istio injection
52 kubectl create ns istio-nonrtric
54 kubectl label namespace istio-nonrtric istio-injection=enabled
57 All go programs need to be built prior to running the Dockerfiles
59 go build rapps-helm-installer.go
60 go build rapps-keycloak-mgr.go
61 go build rapps-istio-mgr.go
62 go build rapps-webhook.go
64 go build rapps-rapp-helloworld-provider.go
65 go build rapps-rapp-helloworld-invoker1.go
66 go build rapps-rapp-helloworld-invoker2.go
68 Once the go programs have been compile you then need to build a docker image for each of them.
70 docker build -f Dockerfile_rim . -t <tag prefix>/rapps-istio-mgr
71 docker build -f Dockerfile_rkm . -t <tag prefix>/rapps-keycloak-mgr
72 docker build -f Dockerfile_rhi . -t <tag prefix>/rapps-helm-installer
73 docker build -f Dockerfile_wh . -t <tag prefix>/rapps-webhook
74 docker build -f Dockerfile_jwt . -t <tag prefix>/rapps-jwt
75 docker build -f Dockerfile_rhwp . -t <tag prefix>/rapps-rapp-helloworld-provider
76 docker build -f Dockerfile_rhwi1 . -t <tag prefix>/rapps-rapp-helloworld-invoker1
77 docker build -f Dockerfile_rhwi2 . -t <tag prefix>/rapps-rapp-helloworld-invoker2
79 Image references in the yaml files/helm charts should be changed to match your own tagged images.
81 You will need to package your rapp charts and copy them to the /var/chartmuseum/charts directory before starting.
84 helm package rapp-helloworld-provider
85 scp -i $(minikube ssh-key) rapp-helloworld-provider-0.1.0.tgz docker@$(minikube ip):/var/chartmuseum/charts
87 helm package rapp-helloworld-invoker1
88 scp -i $(minikube ssh-key) rapp-helloworld-invoker1-0.1.0.tgz docker@$(minikube ip):/var/chartmuseum/charts
90 helm package rapp-helloworld-invoker2
91 scp -i $(minikube ssh-key) rapp-helloworld-invoker2-0.1.0.tgz docker@$(minikube ip):/var/chartmuseum/charts
94 Start keycloak and postgres in the default namespace with istio injection:
96 Run ./keycloak.sh deploy
98 To start the management pods run:
102 Once all pods have been started a list of running pods is displayed at the end of the script:
103 NAME READY STATUS RESTARTS AGE
104 chartmuseum-deployment-7b8cd4c9d4-nd7dk 1/1 Running 0 9s
105 jwt-proxy-admission-controller-deployment-66797fb6df-mlk8t 1/1 Running 0 8s
106 keycloak-846ff979bc-ndvdf 2/2 Running 0 2m16s
107 postgres-78b4b9d95-nqjkj 2/2 Running 0 2m29s
108 rapps-helm-installer-deployment-67476694-n5r24 1/1 Running 0 8s
109 rapps-istio-mgr-deployment-67c67647b6-p5s2k 1/1 Running 0 8s
110 rapps-keycloak-mgr-deployment-7464f87575-54h9x 1/1 Running 0 8s
113 Once these pods are up and running use the following command to install the rapps:
115 ./deploy_rapp.sh rapp-helloworld-provider
117 ./deploy_rapp.sh rapp-helloworld-invoker1
119 ./deploy_rapp.sh rapp-helloworld-invoker2
121 Note: The line export host= should be changed to the appropaite ip for the host you are running on.
123 This will setup keycloak realm + client, istio policies and deploy your chart.
125 You should install both the provider and the invoker to see the pods communicating.
127 Check the invoker logs to see the test message:
129 kubectl logs rapp-helloworld-invoker1-758468d7d4-njmdn -n istio-nonrtric
130 Received response for rapp-helloworld-provider get request - Hello World!
132 If you want to test using the rp_test.sh file, the client_secret field needs be changed to match the secret for you keycloak client.
133 You can find this in the keycloak-mgr log.
135 To uninstall the management pods and and rapps run:
138 You can also uninstall individual rapp using the undeploy_rapp.sh script.
139 e.g. ./undeploy_rapp.sh rapp-helloworld-provider
141 Remove postgres and keycloak with the following commands:
142 ./keycloak.sh undeploy