2 # ============LICENSE_START=======================================================
3 # Copyright (C) 2022-2023 Nordix Foundation.
4 # ================================================================================
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
17 # SPDX-License-Identifier: Apache-2.0
18 # ============LICENSE_END=========================================================
20 This collection of files represent rapp service exposure prototyping in O-RAN.
21 Prerequisites: Istio should be installed on your cluster with the demo profile. You may need to add istioctl to you $PATH variable.
22 istioctl install --set profile=demo
23 Please refer to the istio documentation for more information.
24 Please refer to the K8s documentation: Manage TLS Certificates in a Cluster
25 The deployments have been implemented and tested using minikube.
26 If you are not using minikube, references to "minikube ip" should be changed to the appropiate value for you host.
27 The ipAddresses field in cluster-issuer.yaml not referring to the generic localhost ip should be changed to your own ip.
28 To replicate these tests you will need to setup the various host path referenced in the yaml files on your own machine.
30 chartmuseum.yaml: path: /var/chartmuseum/charts
31 postgres.yaml: path: "/var/keycloak/data2"
33 or change them to match your own setup.
35 Create the istio-nonrtric namespace and enable it for istio injection
37 kubectl create ns istio-nonrtric
39 kubectl label namespace istio-nonrtric istio-injection=enabled
42 All go programs need to be built prior to running the Dockerfiles
44 go build rapps-helm-installer.go
45 go build rapps-keycloak-mgr.go
46 go build rapps-istio-mgr.go
47 go build rapps-webhook.go
49 go build rapps-rapp-helloworld-provider.go
50 go build rapps-rapp-helloworld-invoker1.go
51 go build rapps-rapp-helloworld-invoker2.go
53 Once the go programs have been compile you then need to build a docker image for each of them.
55 docker build -f Dockerfile_rim . -t <tag prefix>/rapps-istio-mgr
56 docker build -f Dockerfile_rkm . -t <tag prefix>/rapps-keycloak-mgr
57 docker build -f Dockerfile_rhi . -t <tag prefix>/rapps-helm-installer
58 docker build -f Dockerfile_wh . -t <tag prefix>/rapps-webhook
59 docker build -f Dockerfile_jwt . -t <tag prefix>/rapps-jwt
60 docker build -f Dockerfile_rhwp . -t <tag prefix>/rapps-rapp-helloworld-provider
61 docker build -f Dockerfile_rhwi1 . -t <tag prefix>/rapps-rapp-helloworld-invoker1
62 docker build -f Dockerfile_rhwi2 . -t <tag prefix>/rapps-rapp-helloworld-invoker2
64 Image references in the yaml files/helm charts should be changed to match your own tagged images.
66 You will need to package your rapp charts and copy them to the /var/chartmuseum/charts directory before starting.
69 helm package rapp-helloworld-provider
70 scp -i $(minikube ssh-key) rapp-helloworld-provider-0.1.0.tgz docker@$(minikube ip):/var/chartmuseum/charts
72 helm package rapp-helloworld-invoker1
73 scp -i $(minikube ssh-key) rapp-helloworld-invoker1-0.1.0.tgz docker@$(minikube ip):/var/chartmuseum/charts
75 helm package rapp-helloworld-invoker2
76 scp -i $(minikube ssh-key) rapp-helloworld-invoker2-0.1.0.tgz docker@$(minikube ip):/var/chartmuseum/charts
78 Start cert-manager using the following command:
79 ./cert-manager.sh deploy
81 Copy keycloak client certs into the istio-nonrtric namespace by running:
82 ./copy_tls_secret.sh -n cm-keycloak-client-certs -s default -d istio-nonrtric
84 Start keycloak and postgres in the default namespace with istio injection by running:
88 To start the management pods run:
92 Once all pods have been started a list of running pods is displayed at the end of the script:
93 NAME READY STATUS RESTARTS AGE
94 chartmuseum-deployment-7b8cd4c9d4-nd7dk 1/1 Running 0 9s
95 jwt-proxy-admission-controller-deployment-66797fb6df-mlk8t 1/1 Running 0 8s
96 keycloak-846ff979bc-ndvdf 2/2 Running 0 2m16s
97 postgres-78b4b9d95-nqjkj 2/2 Running 0 2m29s
98 rapps-helm-installer-deployment-67476694-n5r24 1/1 Running 0 8s
99 rapps-istio-mgr-deployment-67c67647b6-p5s2k 1/1 Running 0 8s
100 rapps-keycloak-mgr-deployment-7464f87575-54h9x 1/1 Running 0 8s
103 Once these pods are up and running use the following command to install the rapps:
105 ./deploy_rapp.sh rapp-helloworld-provider
107 ./deploy_rapp.sh rapp-helloworld-invoker1
109 ./deploy_rapp.sh rapp-helloworld-invoker2
111 Note: The line export host= should be changed to the appropaite ip for the host you are running on.
113 This will setup keycloak realm + client, istio policies and deploy your chart.
115 You should install both the provider and the invoker to see the pods communicating.
117 Check the invoker logs to see the test message:
119 kubectl logs rapp-helloworld-invoker1-758468d7d4-njmdn -n istio-nonrtric
120 Received response for rapp-helloworld-provider get request - Hello World!
122 If you want to test using the rp_test.sh file, the client_secret field needs be changed to match the secret for you keycloak client.
123 You can find this in the keycloak-mgr log.
125 To uninstall the management pods and and rapps run:
128 You can also uninstall individual rapp using the undeploy_rapp.sh script.
129 e.g. ./undeploy_rapp.sh rapp-helloworld-provider
131 Remove postgres and keycloak with the following command:
132 ./keycloak.sh undeploy
134 Remove cert-manager with the following command:
135 ./cert-manager.sh undeploy
Code Review / nonrtric.git / blob