+#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
This collection of files represent rapp service exposure prototyping in O-RAN.
-Prerequisites: Istio should be installed on your cluster with the demo profile (istioctl install --set profile=demo). Please refer to the istio documentation for more information.
+Prerequisites: Istio should be installed on your cluster with the demo profile.
+ istioctl install --set profile=demo
+Please refer to the istio documentation for more information.
The deployments have been implemented and tested using minikube.
+If you are not using minikube, references to "minikube ip" should be changed to the appropiate value for you host.
To replicate these tests you will need to setup the various host path referenced in the yaml files on your own machine.
chartmuseum.yaml: path: /var/chartmuseum/charts
or change them to match your own setup.
+The certs directory contains 2 shell scripts for creating the server and client certs: server_certs.sh and client_certs.sh
+Certs generated by the server_certs.sh script: rootCA.crt, tls.crt and tls.key go in the "/var/keycloak/certs" directory
+Certs generated by the client_certs.sh script: client.crt, client.key, client_pub.key and rootCA.crt go in the "/var/rapps/certs" directory
+
Create the istio-nonrtric namespace and enable it for istio injection
- kubectl create ns istio-nonrtric
+ kubectl create ns istio-nonrtric
kubectl label namespace istio-nonrtric istio-injection=enabled
All go programs need to be built prior to running the Dockerfiles
- go build rapps-helm-installer.go
- go build rapps-keycloak-mgr.go
- go build rapps-istio-mgr.go
+ go build rapps-helm-installer.go
+ go build rapps-keycloak-mgr.go
+ go build rapps-istio-mgr.go
go build rapps-rapp-provider.go
go build rapps-rapp-invoker.go
+ go build rapps-webhook.go
+ go build rapps-jwt.go
+ go build rapps-rapp-helloworld-provider.go
+ go build rapps-rapp-helloworld-invoker1.go
+ go build rapps-rapp-helloworld-invoker2.go
Once the go programs have been compile you then need to build a docker image for each of them.
docker build -f Dockerfile_rim . -t <tag prefix>/rapps-istio-mgr
docker build -f Dockerfile_rkm . -t <tag prefix>/rapps-keycloak-mgr
docker build -f Dockerfile_rhi . -t <tag prefix>/rapps-helm-installer
- docker build -f Dockerfile_rri . -t <tag prefix>/rapps-rapp-invoker
- docker build -f Dockerfile_rrp . -t <tag prefix>/rapps-rapp-provider
+ docker build -f Dockerfile_wh . -t <tag prefix>/rapps-webhook
+ docker build -f Dockerfile_jwt . -t <tag prefix>/rapps-jwt
+ docker build -f Dockerfile_rhwp . -t <tag prefix>/rapps-rapp-helloworld-provider
+ docker build -f Dockerfile_rhwi1 . -t <tag prefix>/rapps-rapp-helloworld-invoker1
+ docker build -f Dockerfile_rhwi2 . -t <tag prefix>/rapps-rapp-helloworld-invoker2
-Image references in the yaml files/helm charts should be changed to match your own tagged images.
+Image references in the yaml files/helm charts should be changed to match your own tagged images.
You will need to package your rapp charts and copy them to the /var/chartmuseum/charts directory before starting.
istioctl kube-inject -f postgres.yaml | kubectl apply -f -
istioctl kube-inject -f keycloak.yaml | kubectl apply -f -
+or use the keycloak.sh deploy script
-To start the management pods run:
+To start the management pods run:
start_pods.sh
-Run:
- kubectl get pods to ensure all managements pods are up and running
- NAME READY STATUS RESTARTS AGE
- chartmuseum-deployment-7b8cd4c9d4-tpmhl 1/1 Running 0 8s
- keycloak-bc6f78f88-zmxlt 2/2 Running 0 2m20s
- postgres-6fb4cc8db6-bbhg9 2/2 Running 0 2m34s
- rapps-helm-installer-deployment-67476694-sxb2d 1/1 Running 0 6s
- rapps-istio-mgr-deployment-67c67647b6-scmqc 1/1 Running 0 7s
- rapps-keycloak-mgr-deployment-7464f87575-trvmx 1/1 Running 0 7s
+Once all pods have been started a list of running pods is displayed at the end of the script:
+NAME READY STATUS RESTARTS AGE
+chartmuseum-deployment-7b8cd4c9d4-nd7dk 1/1 Running 0 9s
+jwt-proxy-admission-controller-deployment-66797fb6df-mlk8t 1/1 Running 0 8s
+keycloak-846ff979bc-ndvdf 2/2 Running 0 2m16s
+postgres-78b4b9d95-nqjkj 2/2 Running 0 2m29s
+rapps-helm-installer-deployment-67476694-n5r24 1/1 Running 0 8s
+rapps-istio-mgr-deployment-67c67647b6-p5s2k 1/1 Running 0 8s
+rapps-keycloak-mgr-deployment-7464f87575-54h9x 1/1 Running 0 8s
Get the node port for the helm installer that corresponds to port 80
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
rapps-helm-installer NodePort 10.96.58.211 <none> 80:31570/TCP 8m9s
-Once these pods are up and running run:
- curl http://<minikube ip>:<helm installer node port>/install?chart=<rapp chart name>
+Once these pods are up and running run:
+ curl http://<minikube ip>:<helm installer node port>/install?chart=<rapp chart name>
to install your rapp
- e.g. curl http://192.168.49.2:31570/install?chart=rapp-provider
+ e.g. curl http://192.168.49.2:31570/install?chart=rapp-hello-world-provider
Successfully installed release: rapp-provider
+ Alternativley use the deploy_rapp.sh script
+ e.g. ./deploy_rapp.sh rapp-helloworld-provider
+ Note: The line export host= should be changed to the appropaite ip for the host you are running on.
+
This will setup keycloak realm + client, istio policies and deploy your chart.
You should install both the provider and the invoker to see the pods communicating.
If you want to test using the rp_test.sh file, the client_secret field needs be changed to match the secret for you keycloak client.
You can find this in the keycloak-mgr log.
-To uninstall run:
+To uninstall run:
curl http://<minikube ip>:<helm installer node port>/uninstall?chart=<rapp chart name>
e.g. curl http://192.168.49.2:31570/uninstall?chart=rapp-invoker
Successfully uninstalled release: rapp-invoker
-To stop the management pods run:
+ Alternativley use the undeploy_rapp.sh script
+ e.g. ./undeploy_rapp.sh rapp-helloworld-provider
+
+To stop the management pods and provider/invoker pods at the same time run:
stop_pods.sh
Remove postgres and keycloak with the following commands:
kubectl delete -f keycloak.yaml
kubectl delete -f postgres.yaml
+
+ or use ./keycloak.sh undeploy
Code Review / nonrtric.git / blobdiff