diff --git a/helm/README.md b/helm/README.md new file mode 100644 index 0000000000000000000000000000000000000000..9589ed90f914e632ab861418fc086a2580af9570 --- /dev/null +++ b/helm/README.md @@ -0,0 +1,252 @@ +# Open Operator Platform (OOP) + +## KIND Deployment via Helm + +--- + +## 1. Introduction + +This repository provides a **Helm-based reference deployment of the Open Operator Platform (OOP)** on a **local Kubernetes-in-Docker (KIND) cluster**. + +The deployment enables **fast, reproducible installation** of core OOP components for: + +* Local development +* Integration testing +* API experimentation +* Research and demonstrations + +This setup is for development and testing only and MUST NOT be used in production environments. + +You can deploy the charts and in non-kind environments + +This is work in progress. + + +## 2. Deployed Components + +The solution deploys the following components inside a single KIND cluster: + +* **Open Exposure Gateway (OEG)** + + * Northbound API entry point for tenants/applications + * Handles application onboarding and exposure workflows + * Acts as the main entry point to the Operator Platform + * Backed by MongoDB + +* **Service Resource Manager (SRM)** + + * Manages application artefacts and lifecycle + * Interfaces with edge/cloud resources + * Supports southbound orchestration workflows + * Backed by MongoDB with PV/PVC support + +* **Federation Manager (FM)** + + * Manages inter-operator federation workflows + * Handles partner Operator (OP) discovery and onboarding + * Supports federated artefact creation and exchange + * Enables cross-domain and multi-operator edge deployments + * Backed by MongoDB + +--- + +## 3. Prerequisites + +### 3.1 Required Software + +| Tool | Minimum Version | +|---|---| +| Docker | 20.x | +| KIND | 0.20 | +| kubectl | 1.25 | +| Helm | v3+ | +| Bash | 4+ | + +### 3.2 Verify Installation + +```bash +docker --version +kind --version +kubectl version --client +helm version +```` + +--- + +## 4. Deployment Methods + +Two deployment approaches are supported: + +1. **Automatic deployment** (recommended) +2. **Manual step-by-step deployment** + +--- + +## 5. Automatic Deployment (Recommended) + +### 5.1 Description + +The automatic deployment method: + +* Creates a KIND cluster +* Configures Kubernetes networking +* Installs all OOP components via Helm + +All steps are executed by a single script. + +### 5.2 Steps + +```bash +chmod +x deploy-on-kind.sh +./deploy-on-kind.sh +``` + +### 5.3 What This Script Does + +1. Creates a KIND cluster using `kind-oop-config.yaml` +2. Configures `kubectl` context +3. Deploys the umbrella Helm chart (`oop-platform-chart`) +4. Waits for core services to start + +--- + +## 6. Manual Deployment (Step-by-Step) + +### 6.1 Create the KIND Cluster + +```bash +kind create cluster \ + --name oop \ + --config kind-oop-config.yaml +``` + +Verify cluster: + +```bash +kubectl cluster-info +``` + +--- + +### 6.2 Deploy OOP Using Helm + +From the repository root: + +```bash +helm install oop-platform ./oop-platform-chart +``` + +To upgrade an existing deployment: + +```bash +helm upgrade oop-platform ./oop-platform-chart +``` + +--- + +### 6.3 Verify Deployment + +```bash +kubectl get pods -A +kubectl get svc -A +``` + +All pods should reach `Running` or `Completed` state. + +--- + +## 7. Configuration + +All configuration parameters are centralized in: + +``` +oop-platform-chart/values.yaml +``` + +Supported configuration options include: + +* Container images and tags +* Service ports +* MongoDB configuration +* Ingress enablement +* Resource limits and requests + +After modifying values: + +```bash +helm upgrade oop-platform ./oop-platform-chart +``` + +--- + +## 8. Accessing Services + +Services are exposed via Kubernetes `Service` objects. + +Typical access methods: + +* `kubectl port-forward` +* Ingress (if enabled) +* NodePort (local testing) --> current deployment + + +--- + +## 9. Verification & Health Checks + +```bash +kubectl get deployments -A +kubectl get statefulsets -A +kubectl describe pod +``` + +Refer to: + +``` +oop-platform-chart/VERIFICATION.txt +``` + +--- + +## 10. Cleanup + +### 10.1 Remove Helm Deployment + +```bash +helm uninstall oop-platform +``` + +### 10.2 Delete KIND Cluster + +```bash +kind delete cluster --name oop +``` + +--- + +## 11. Troubleshooting + +### Pods Not Starting + +```bash +kubectl logs +kubectl describe pod +``` + +### Helm Errors + +```bash +helm status oop-platform +``` + +### Reset Everything + +```bash +kind delete cluster --name oop +./deploy-on-kind.sh +``` + +--- + + + diff --git a/helm/deploy-on-kind.sh b/helm/deploy-on-kind.sh new file mode 100644 index 0000000000000000000000000000000000000000..949c1d78e3cb3304f7cae2c7de0814484a7644c6 --- /dev/null +++ b/helm/deploy-on-kind.sh @@ -0,0 +1,109 @@ +#!/bin/bash + +# ==================================================================== +# Deploy Open Operator Platform (OOP) on kind +# ==================================================================== + +set -e + +echo "OOP Platform Deployment on kind" +echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" +echo "" + +# Check prerequisites +echo " Checking prerequisites..." + +if ! command -v kind &> /dev/null; then + echo " kind is not installed" + echo " Install: https://kind.sigs.k8s.io/" + exit 1 +fi + +if ! command -v kubectl &> /dev/null; then + echo " kubectl is not installed" + exit 1 +fi + +if ! command -v helm &> /dev/null; then + echo " helm is not installed" + exit 1 +fi + +echo " All prerequisites met" +echo "" + +# Step 1: Create storage directories +echo " Step 1/5: Creating storage directories..." +sudo mkdir -p /tmp/kind-oop/mongodb_srm /tmp/kind-oop/mongodb_oeg 2>/dev/null || true +sudo chmod -R 777 /tmp/kind-oop/ 2>/dev/null || true +echo " Storage directories ready" +echo "" + +# Step 2: Create kind cluster +echo " Step 2/5: Creating kind cluster..." + +if kind get clusters | grep -q "oop-cluster"; then + echo " Cluster 'oop-cluster' already exists" + read -p " Delete and recreate? (y/N) " -n 1 -r + echo + if [[ $REPLY =~ ^[Yy]$ ]]; then + kind delete cluster --name oop-cluster + else + echo " Using existing cluster" + fi +fi + +if ! kind get clusters | grep -q "oop-cluster"; then + kind create cluster --config kind-oop-config.yaml + echo " Cluster created" +else + echo " Using existing cluster" +fi + +# Set context +kubectl config use-context kind-oop-cluster +echo "" + +# Step 3: Wait for cluster ready +echo " Step 3/5: Waiting for cluster to be ready..." +kubectl wait --for=condition=Ready nodes --all --timeout=120s +echo " Cluster ready" +echo "" + +# Step 4: Deploy OOP platform +echo " Step 4/5: Deploying OOP Platform..." + +if [ -d "oop-platform-chart" ]; then + cd oop-platform-chart + ./deploy.sh +else + echo " oop-platform-chart directory not found" + echo " Please extract oop-platform-chart.zip first" + exit 1 +fi + +echo "" + +# Step 5: Show access information +echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" +echo "Access URLs (via localhost)" +echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" +echo "" +echo " SRM Dashboard: http://localhost:32415" +echo " Artifact Manager: http://localhost:30080" +echo " OEG API: http://localhost:32263/oeg/1.0.0/docs/" +echo " Keycloak: http://localhost:30081" +echo " Keycloak Admin: http://localhost:30081/admin" +echo " (Username: admin / Password: admin)" +echo " Federation Manager: http://localhost:30989" +echo "" +echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" +echo "" +echo "Deployment complete!" +echo "" +echo "Useful commands:" +echo " kubectl get pods -n oop" +echo " kubectl get pods -n federation-manager" +echo " kubectl logs -f deployment/srmcontroller -n oop" +echo " kind delete cluster --name oop-cluster # To cleanup" +echo "" diff --git a/helm/kind-oop-config.yaml b/helm/kind-oop-config.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f81abb3d49b0ff5caaca293e303ff9628232d9f2 --- /dev/null +++ b/helm/kind-oop-config.yaml @@ -0,0 +1,34 @@ +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +name: oop-cluster +nodes: +- role: control-plane + + # Port mappings for accessing services from host via localhost + extraPortMappings: + + # Core Platform Services (oop namespace) + - containerPort: 32415 # SRM Dashboard + hostPort: 32415 + protocol: TCP + - containerPort: 30080 # Artifact Manager + hostPort: 30080 + protocol: TCP + - containerPort: 32263 # OEG API + hostPort: 32263 + protocol: TCP + + # Federation Services (federation-manager namespace) + - containerPort: 30081 # Keycloak + hostPort: 30081 + protocol: TCP + - containerPort: 30989 # Federation Manager + hostPort: 30989 + protocol: TCP + + # Storage volumes for MongoDB persistence + extraMounts: + - hostPath: /tmp/kind-oop/mongodb_srm + containerPath: /mnt/data/mongodb_srm + - hostPath: /tmp/kind-oop/mongodb_oeg + containerPath: /mnt/data/mongodb_oeg diff --git a/helm/oop-platform-chart/.helmignore b/helm/oop-platform-chart/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..6366171ac5ba17aff675f7e00213b87e5bc3acb1 --- /dev/null +++ b/helm/oop-platform-chart/.helmignore @@ -0,0 +1,11 @@ +# Patterns to ignore when packaging +.DS_Store +.git/ +.gitignore +*.swp +*.bak +*.tmp +*~ +.vscode/ +.idea/ +QUICK_DEPLOY.md diff --git a/helm/oop-platform-chart/.zip b/helm/oop-platform-chart/.zip new file mode 100644 index 0000000000000000000000000000000000000000..be5f3c9fbc0f29037686e6978820b3bbfb2908aa Binary files /dev/null and b/helm/oop-platform-chart/.zip differ diff --git a/helm/oop-platform-chart/Chart.yaml b/helm/oop-platform-chart/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..e122d5e9a6cf51fb827b525199f71ef7a570bc38 --- /dev/null +++ b/helm/oop-platform-chart/Chart.yaml @@ -0,0 +1,36 @@ +apiVersion: v2 +name: oop-platform +description: Open Operator Platform - Complete 6G platform deployment (SRM, OEG, and Federation Manager) +type: application +version: 1.0.0 +appVersion: "1.0.1" + +keywords: + - oop + - open-operator-platform + - sunrise + - 6g + - srm + - oeg + - federation-manager + +maintainers: + - name: Open Operator Platform Team + +home: https://labs.etsi.org/rep/oop/code/open-exposure-gateway +sources: + - https://labs.etsi.org/rep/oop + +icon: https://labs.etsi.org/rep/uploads/-/system/project/avatar/4685/logo.png + +# Subchart dependencies +dependencies: + - name: srm + version: "1.0.0" + condition: srm.enabled + - name: oeg + version: "1.0.0" + condition: oeg.enabled + - name: federation-manager + version: "1.0.0" + condition: federationManager.enabled diff --git a/helm/oop-platform-chart/QUICK_DEPLOY.md b/helm/oop-platform-chart/QUICK_DEPLOY.md new file mode 100644 index 0000000000000000000000000000000000000000..dd7326e7a5c439ac6a5da8551b26591c5db8a81c --- /dev/null +++ b/helm/oop-platform-chart/QUICK_DEPLOY.md @@ -0,0 +1,145 @@ +# 🚀 Quick Deployment Guide - Open Operator Platform + +## One-Command Deployment + +Deploy the complete Open Operator Platform with a single command! + +--- + +## Step-by-Step (5 Minutes) + +### Step 1: Prepare (2 minutes) + +```bash +# Create namespace +kubectl create namespace oop + +# Create storage +sudo mkdir -p /mnt/data/mongodb_{srm,oeg} +sudo chmod 777 /mnt/data/mongodb_{srm,oeg} + +# Create service account +kubectl create serviceaccount oop-user -n oop +kubectl create clusterrolebinding oop-user-binding \ + --clusterrole=cluster-admin \ + --serviceaccount=oop:oop-user + +# Get token and copy it +kubectl create token oop-user -n oop --duration=87600h +``` + +--- + +### Step 2: Configure (1 minute) + +```bash +# Edit values.yaml +nano values.yaml + +# Find this line (around line 69): +# kubernetesMasterToken: "YOUR_KUBERNETES_TOKEN_HERE" + +# Replace with your token from Step 1 + +# Save: Ctrl+X, Y, Enter +``` + +--- + +### Step 3: Deploy (1 minute) + +```bash +# Deploy complete platform! +helm install oop-platform . -n oop + +# Watch it start +kubectl get pods -n oop -w +``` + +Wait for all 5 pods to show `Running` (1/1) + +Press `Ctrl+C` when done. + +--- + +### Step 4: Access (1 minute) + +```bash +# Get node IP +NODE_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[0].address}') + +# Show URLs +echo "✅ Open Operator Platform Deployed!" +echo "" +echo "🌐 Access URLs:" +echo " SRM: http://$NODE_IP:32415" +echo " Artifact Manager: http://$NODE_IP:30080" +echo " OEG: http://$NODE_IP:32263/oeg/1.0.0/docs/" +``` + +--- + +## ✅ Verification + +```bash +# Check everything is running +kubectl get pods -n oop +kubectl get svc -n oop + +# Test access +curl http://$NODE_IP:32415 +``` + +--- + +## 🎯 Expected Result + +``` +NAME READY STATUS RESTARTS AGE +artefact-manager-xxx 1/1 Running 0 2m +mongosrm-xxx 1/1 Running 0 2m +srmcontroller-xxx 1/1 Running 0 2m +oegmongo-xxx 1/1 Running 0 2m +oegcontroller-xxx 1/1 Running 0 2m +``` + +**All 5 pods Running = Success!** 🎉 + +--- + +## 🔧 Common Issues + +### Token error +```bash +# Generate new token +kubectl create token oop-user -n oop --duration=87600h +# Update values.yaml and redeploy +``` + +### Storage error +```bash +# Check directories exist +ls -la /mnt/data/ +# Fix permissions +sudo chmod 777 /mnt/data/mongodb_* +``` + +### Pod pending +```bash +# Check what's wrong +kubectl describe pod -n oop +``` + +--- + +## 🗑️ Clean Up + +```bash +# Remove everything +helm uninstall oop-platform -n oop +kubectl delete namespace oop +``` + +--- + +**That's it! Your Open Operator Platform is ready!** 🚀 diff --git a/helm/oop-platform-chart/QUICK_REFERENCE.txt b/helm/oop-platform-chart/QUICK_REFERENCE.txt new file mode 100644 index 0000000000000000000000000000000000000000..3b9b1708e54976c13b4b7fd7f561f568f0362933 --- /dev/null +++ b/helm/oop-platform-chart/QUICK_REFERENCE.txt @@ -0,0 +1,180 @@ +╔════════════════════════════════════════════════════════════════╗ +║ OPEN OPERATOR PLATFORM - QUICK REFERENCE CARD ║ +╚════════════════════════════════════════════════════════════════╝ + +📦 ONE-COMMAND DEPLOYMENT +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +cd oop-platform-chart +./deploy.sh + +That's it! Everything is automated. + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +🔧 MANUAL DEPLOYMENT (5 steps) +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +1. kubectl create namespace oop + +2. sudo mkdir -p /mnt/data/mongodb_{srm,oeg} + sudo chmod 777 /mnt/data/mongodb_{srm,oeg} + +3. kubectl create serviceaccount oop-user -n oop + kubectl create clusterrolebinding oop-user-binding \ + --clusterrole=cluster-admin \ + --serviceaccount=oop:oop-user + kubectl create token oop-user -n oop --duration=87600h + +4. nano values.yaml + # Update: kubernetesMasterToken: "YOUR_TOKEN" + +5. helm install oop-platform . -n oop + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +📊 CHECK STATUS +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +kubectl get pods -n oop +kubectl get svc -n oop +helm status oop-platform -n oop + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +📝 VIEW LOGS +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +kubectl logs -f deployment/srmcontroller -n oop +kubectl logs -f deployment/oegcontroller -n oop +kubectl logs -f deployment/artefact-manager -n oop + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +🌐 ACCESS URLs (after deployment) +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +NODE_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[0].address}') + +SRM: http://$NODE_IP:32415 +Artifact Manager: http://$NODE_IP:30080 +OEG: http://$NODE_IP:32263/oeg/1.0.0/docs/ + +For kind: Replace $NODE_IP with localhost + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +🎯 SELECTIVE DEPLOYMENT +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +# Only SRM +helm install srm-only . -n oop --set oeg.enabled=false + +# Only OEG +helm install oeg-only . -n oop --set srm.enabled=false + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +🔄 UPGRADE +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +# Update values.yaml, then: +helm upgrade oop-platform . -n oop + +# Or upgrade specific component +helm upgrade oop-platform . -n oop \ + --set srm.srmcontroller.image.tag=1.0.2 + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +📈 SCALE +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +helm upgrade oop-platform . -n oop \ + --set srm.srmcontroller.replicaCount=3 \ + --set oeg.oegcontroller.replicaCount=2 + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +↩️ ROLLBACK +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +helm history oop-platform -n oop +helm rollback oop-platform -n oop + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +🗑️ UNINSTALL +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +helm uninstall oop-platform -n oop +kubectl delete namespace oop + +# Optional: Clean storage +sudo rm -rf /mnt/data/mongodb_srm /mnt/data/mongodb_oeg + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +🐛 TROUBLESHOOTING +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +# Pod not starting +kubectl describe pod -n oop + +# Check events +kubectl get events -n oop --sort-by='.lastTimestamp' + +# PVC not binding +kubectl get pvc -n oop +ls -la /mnt/data/ +sudo chmod 777 /mnt/data/mongodb_* + +# Service not accessible +kubectl get endpoints -n oop + +# Token issues +kubectl create token oop-user -n oop --duration=87600h +# Update values.yaml and: helm upgrade oop-platform . -n oop + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +📦 COMPONENTS DEPLOYED +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +Namespace: oop + +5 Pods: + • mongosrm MongoDB for SRM + • srmcontroller SRM Controller + • artefact-manager Artifact Manager + • oegmongo MongoDB for OEG + • oegcontroller OEG Controller + +5 Services: + • mongosrm:27017 (ClusterIP) + • srm:8080 (NodePort :32415) + • artefact-manager:8000 (NodePort :30080) + • oegmongo:27017 (ClusterIP) + • oeg:80 (NodePort :32263) + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +📁 FILES +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +oop-platform-chart/ + Chart.yaml Chart metadata + values.yaml Configuration + README.md Full documentation + QUICK_DEPLOY.md Quick start guide + deploy.sh Automated deployment + VERIFICATION.txt Verification checklist + QUICK_REFERENCE.txt This file + charts/srm/ SRM subchart + charts/oeg/ OEG subchart + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +✨ QUICK TIPS +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +• Use ./deploy.sh for easiest deployment +• Check README.md for detailed documentation +• All components share the 'oop' namespace +• Ready to add Federation Manager when manifest is available +• Use --dry-run to test before deploying: + helm install oop-platform . -n oop --dry-run + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +🚀 YOU'RE READY TO GO! + +Run: ./deploy.sh +Wait: ~2 minutes for all pods to start +Access: Check the URLs displayed at the end diff --git a/helm/oop-platform-chart/README.md b/helm/oop-platform-chart/README.md new file mode 100644 index 0000000000000000000000000000000000000000..b1b4b273a659dd9a1cfaeb2b3466891a718d0b44 --- /dev/null +++ b/helm/oop-platform-chart/README.md @@ -0,0 +1,536 @@ +# Open Operator Platform (OOP) Helm Chart + +**Complete deployment of the Open Operator Platform for 6G networks** + +## 🌟 Overview + +This Helm chart deploys the complete Open Operator Platform (OOP), including: + +- **SRM (Service Resource Manager)** - Manages service resources and lifecycle +- **OEG (Open Exposure Gateway)** - Provides standardized API exposure +- **Federation Manager** - Manages federation across multiple operators *(to be added)* + +## 📋 Components + +### Currently Deployed + +## 📋 Components + +### Deployed in `oop` namespace + +| Component | Description | Pods | Services | +|-----------|-------------|------|----------| +| **SRM** | Service Resource Manager | srmcontroller | srm:32415 | +| | MongoDB for SRM | mongosrm | mongosrm:27017 | +| | Artifact Manager | artefact-manager | artefact-manager:30080 | +| **OEG** | Open Exposure Gateway | oegcontroller | oeg:32263 | +| | MongoDB for OEG | oegmongo | oegmongo:27017 | + +**Total in `oop` namespace:** 5 pods, 5 services + +### Deployed in `federation-manager` namespace + +| Component | Description | Pods | Services | +|-----------|-------------|------|----------| +| **Federation Manager** | Federation management | federation-manager | federation-manager:30989 | +| **Keycloak** | OAuth2/OIDC authentication | keycloak | keycloak:30081 | + +**Total in `federation-manager` namespace:** 2 pods, 2 services + +### Complete Platform +**Total across all namespaces:** 7 pods, 7 services in 2 namespaces + +## 🚀 Quick Start + +### Prerequisites + +- **Kubernetes** 1.19+ (MicroK8s, kind, k3s, or standard Kubernetes) +- **Helm** 3.x +- **kubectl** configured and working +- **Storage** directories for persistent data + +### 1. Prepare Environment + +```bash +# Create namespace +kubectl create namespace oop + +# Create storage directories +sudo mkdir -p /mnt/data/mongodb_srm +sudo mkdir -p /mnt/data/mongodb_oeg +sudo chmod 777 /mnt/data/mongodb_srm /mnt/data/mongodb_oeg + +# For kind, use /tmp/kind-storage instead +``` + +### 2. Create Service Account and Get Token + +```bash +# Create service account +kubectl create serviceaccount oop-user -n oop + +# Create cluster role binding +kubectl create clusterrolebinding oop-user-binding \ + --clusterrole=cluster-admin \ + --serviceaccount=oop:oop-user + +# Get token (save this!) +kubectl create token oop-user -n oop --duration=87600h +``` + +### 3. Configure the Platform + +```bash +# Edit values.yaml +nano values.yaml +``` + +**Update the Kubernetes token:** + +```yaml +srm: + srmcontroller: + env: + kubernetesMasterToken: "PASTE_YOUR_TOKEN_HERE" +``` + +### 4. Deploy Complete Platform + +```bash +# Deploy everything with one command! +helm install oop-platform . -n oop + +# Watch deployment +kubectl get pods -n oop -w +``` + +Press `Ctrl+C` when all 5 pods show `Running` status. + +### 5. Verify Deployment + +```bash +# Check all pods across both namespaces +kubectl get pods -n oop +kubectl get pods -n federation-manager + +# Expected output in oop namespace: +# NAME READY STATUS RESTARTS AGE +# mongosrm-xxx 1/1 Running 0 2m +# srmcontroller-xxx 1/1 Running 0 2m +# artefact-manager-xxx 1/1 Running 0 2m +# oegmongo-xxx 1/1 Running 0 2m +# oegcontroller-xxx 1/1 Running 0 2m + +# Expected output in federation-manager namespace: +# NAME READY STATUS RESTARTS AGE +# keycloak-xxx 1/1 Running 0 2m +# federation-manager-xxx 1/1 Running 0 2m + +# Check services +kubectl get svc -n oop +``` + +### 6. Access the Platform + +```bash +# Get your node IP +NODE_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[0].address}') + +# Display access URLs +echo "🌐 Open Operator Platform Access URLs:" +echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" +echo "📊 SRM Dashboard: http://$NODE_IP:32415" +echo "📦 Artifact Manager: http://$NODE_IP:30080" +echo "🔌 OEG API: http://$NODE_IP:32263/oeg/1.0.0/docs/" +echo "🔐 Keycloak: http://$NODE_IP:30081" +echo "🌐 Federation Manager: http://$NODE_IP:30989" +``` + +**For kind users:** Replace `$NODE_IP` with `localhost` + +--- + +## ⚙️ Configuration + +### Essential Configuration + +```yaml +# Global settings +global: + namespace: oop + +# Enable/disable components +srm: + enabled: true +oeg: + enabled: true + +# Kubernetes token (REQUIRED) +srm: + srmcontroller: + env: + kubernetesMasterToken: "YOUR_TOKEN" +``` + +### Storage Configuration + +#### For MicroK8s / k3s (hostPath) +```yaml +mongodb: + persistence: + storageClass: manual + hostPath: + enabled: true + path: /mnt/data/mongodb_srm +``` + +#### For kind (Docker volumes) +```yaml +mongodb: + persistence: + storageClass: manual + hostPath: + enabled: true + path: /mnt/data/mongodb_srm # Mapped from /tmp/kind-storage +``` + +#### For Cloud Providers (dynamic provisioning) +```yaml +mongodb: + persistence: + storageClass: standard # or gp2, pd-ssd, etc. + hostPath: + enabled: false + createPV: false +``` + +### Resource Configuration + +```yaml +# Adjust resources based on your needs +srmcontroller: + resources: + limits: + cpu: 2000m + memory: 2Gi + requests: + cpu: 1000m + memory: 1Gi +``` + +### Service Types + +```yaml +# Change service types +srmcontroller: + service: + type: LoadBalancer # Instead of NodePort for cloud +``` + +--- + +## 🎯 Selective Deployment + +### Deploy Only SRM + +```bash +helm install srm-only . -n oop --set oeg.enabled=false +``` + +### Deploy Only OEG + +```bash +helm install oeg-only . -n oop --set srm.enabled=false +``` + +### Deploy with Custom Resources + +```bash +helm install oop-platform . -n oop \ + --set srm.srmcontroller.replicaCount=3 \ + --set oeg.oegcontroller.replicaCount=2 +``` + +--- + +## 🔄 Operations + +### Upgrade Platform + +```bash +# Update values.yaml, then: +helm upgrade oop-platform . -n oop + +# Or upgrade specific component +helm upgrade oop-platform . -n oop --set srm.srmcontroller.image.tag=1.0.2 +``` + +### Check Status + +```bash +# Helm release status +helm status oop-platform -n oop + +# Pod status +kubectl get pods -n oop + +# Service status +kubectl get svc -n oop + +# Check logs +kubectl logs -f deployment/srmcontroller -n oop +kubectl logs -f deployment/oegcontroller -n oop +``` + +### Scale Components + +```bash +# Scale SRM +helm upgrade oop-platform . -n oop --set srm.srmcontroller.replicaCount=3 + +# Scale OEG +helm upgrade oop-platform . -n oop --set oeg.oegcontroller.replicaCount=2 +``` + +### Rollback + +```bash +# View history +helm history oop-platform -n oop + +# Rollback to previous version +helm rollback oop-platform -n oop + +# Rollback to specific revision +helm rollback oop-platform 2 -n oop +``` + +--- + +## 🐛 Troubleshooting + +### Pods Not Starting + +```bash +# Describe the pod +kubectl describe pod -n oop + +# Check events +kubectl get events -n oop --sort-by='.lastTimestamp' + +# View logs +kubectl logs -n oop +kubectl logs -n oop --previous # Previous crash +``` + +### PVC Not Binding + +```bash +# Check PVC status +kubectl get pvc -n oop +kubectl describe pvc -n oop + +# Ensure directories exist +ls -la /mnt/data/ +sudo chmod 777 /mnt/data/mongodb_* +``` + +### Service Connection Issues + +```bash +# Check service endpoints +kubectl get endpoints -n oop + +# Test connectivity from within cluster +kubectl run test-pod --image=curlimages/curl -it --rm --restart=Never -n oop -- \ + curl http://srm:8080 +``` + +### Token Issues + +If you see authentication errors: + +```bash +# Generate new token +kubectl create token oop-user -n oop --duration=87600h + +# Update values.yaml and upgrade +helm upgrade oop-platform . -n oop +``` + +--- + +## 🗑️ Uninstall + +### Remove Platform + +```bash +# Uninstall Helm release +helm uninstall oop-platform -n oop + +# Delete namespace (removes all resources) +kubectl delete namespace oop + +# Clean up persistent volumes (optional) +kubectl delete pv mongodb-pv-volume mongodb-oeg-pv-volume + +# Remove storage directories (optional) +sudo rm -rf /mnt/data/mongodb_srm /mnt/data/mongodb_oeg +``` + +--- + +## 📊 Architecture + +``` +┌─────────────────────────────────────────────────────┐ +│ Open Operator Platform (OOP) │ +│ Namespace: oop │ +├─────────────────────────────────────────────────────┤ +│ │ +│ ┌──────────────────────────────────────────────┐ │ +│ │ SRM (Service Resource Manager) │ │ +│ │ ├─ MongoDB (mongosrm) :27017 │ │ +│ │ ├─ SRM Controller :8080 (NodePort :32415) │ │ +│ │ └─ Artifact Manager :8000 (NodePort :30080)│ │ +│ └──────────────────────────────────────────────┘ │ +│ │ +│ ┌──────────────────────────────────────────────┐ │ +│ │ OEG (Open Exposure Gateway) │ │ +│ │ ├─ MongoDB (oegmongo) :27017 │ │ +│ │ └─ OEG Controller :8080 (NodePort :32263) │ │ +│ └──────────────────────────────────────────────┘ │ +│ │ +│ ┌──────────────────────────────────────────────┐ │ +│ │ Federation Manager (Coming Soon) │ │ +│ │ └─ To be added │ │ +│ └──────────────────────────────────────────────┘ │ +└─────────────────────────────────────────────────────┘ +``` + +--- + +## 🔐 Security Considerations + +### Production Deployments + +1. **Use Secrets for Tokens** + ```bash + kubectl create secret generic oop-secrets \ + --from-literal=k8s-token=YOUR_TOKEN \ + -n oop + ``` + +2. **Enable TLS/HTTPS** + ```yaml + ingress: + enabled: true + tls: + enabled: true + ``` + +3. **Use Specific Image Tags** + ```yaml + image: + tag: "1.0.1" # Not "latest" + ``` + +4. **Set Resource Limits** + ```yaml + resources: + limits: + cpu: 1000m + memory: 1Gi + ``` + +--- + +## 🌐 Multi-Cluster Deployment + +This chart can be deployed to multiple clusters: + +```bash +# Cluster 1 +kubectl config use-context cluster1 +helm install oop-platform . -n oop + +# Cluster 2 +kubectl config use-context cluster2 +helm install oop-platform . -n oop +``` + +--- + +## 📈 Monitoring + +### Prometheus Integration (Optional) + +```yaml +# Add to values.yaml +monitoring: + enabled: true + serviceMonitor: + enabled: true +``` + +### Basic Monitoring + +```bash +# Watch resource usage +kubectl top pods -n oop +kubectl top nodes + +# Check pod restarts +kubectl get pods -n oop -o wide +``` + +--- + +## 🤝 Contributing + +To contribute to this Helm chart: + +1. Fork the repository +2. Make your changes +3. Test thoroughly +4. Submit a merge request + +--- + +## 📞 Support + +For issues and questions: +- **Repository:** https://labs.etsi.org/rep/oop/code/open-exposure-gateway +- **Issues:** Create an issue in the repository +- **Documentation:** See docs/ directory + +--- + +## 📝 License + +[Your License Here] + +--- + +## 🎉 Quick Reference + +```bash +# Deploy +helm install oop-platform . -n oop + +# Upgrade +helm upgrade oop-platform . -n oop + +# Status +kubectl get pods -n oop + +# Logs +kubectl logs -f deployment/srmcontroller -n oop + +# Uninstall +helm uninstall oop-platform -n oop +``` + +--- + +**Open Operator Platform - Empowering 6G Network Innovation** 🚀 diff --git a/helm/oop-platform-chart/VERIFICATION.txt b/helm/oop-platform-chart/VERIFICATION.txt new file mode 100644 index 0000000000000000000000000000000000000000..a2ea869bbcf12af1947623db671819d1b9fae137 --- /dev/null +++ b/helm/oop-platform-chart/VERIFICATION.txt @@ -0,0 +1,238 @@ +╔════════════════════════════════════════════════════════════════╗ +║ OOP PLATFORM CHART - VERIFICATION CHECKLIST ║ +╚════════════════════════════════════════════════════════════════╝ + +✅ CHART STRUCTURE VERIFICATION +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +Root Files: + ✅ Chart.yaml - Chart metadata with dependencies + ✅ values.yaml - Unified configuration (6.1 KB) + ✅ README.md - Complete documentation (11.4 KB) + ✅ QUICK_DEPLOY.md - 5-minute deployment guide + ✅ deploy.sh - Automated deployment script + ✅ .helmignore - Package exclusions + +Subchart: SRM + ✅ charts/srm/Chart.yaml - SRM chart metadata + ✅ charts/srm/values.yaml - SRM configuration (namespace: oop) + ✅ charts/srm/README.md - SRM documentation + ✅ charts/srm/templates/ - 9 Kubernetes templates + ✅ _helpers.tpl + ✅ artifactmanager-deployment.yaml + ✅ artifactmanager-service.yaml + ✅ mongodb-deployment.yaml + ✅ mongodb-pv.yaml + ✅ mongodb-pvc.yaml + ✅ mongodb-service.yaml + ✅ srmcontroller-deployment.yaml + ✅ srmcontroller-service.yaml + +Subchart: OEG + ✅ charts/oeg/Chart.yaml - OEG chart metadata + ✅ charts/oeg/values.yaml - OEG configuration (namespace: oop) + ✅ charts/oeg/README.md - OEG documentation + ✅ charts/oeg/templates/ - 7 Kubernetes templates + ✅ _helpers.tpl + ✅ ingress.yaml + ✅ mongodb-deployment.yaml + ✅ mongodb-pv.yaml + ✅ mongodb-pvc.yaml + ✅ mongodb-service.yaml + ✅ oegcontroller-deployment.yaml + ✅ oegcontroller-service.yaml + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +✅ CONFIGURATION VERIFICATION +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +Global Settings: + ✅ Namespace: oop (configured) + ✅ Platform labels: set + ✅ Common annotations: set + +SRM Configuration: + ✅ Enabled: true + ✅ MongoDB persistence: /mnt/data/mongodb_srm + ✅ SRM Controller image: ghcr.io/sunriseopenoperatorplatform/srm/srm:1.0.1 + ✅ Service: NodePort :32415 + ✅ Artifact Manager: NodePort :30080 + ✅ K8s namespace: oop + ⚠️ Token: Needs to be updated (placeholder present) + +OEG Configuration: + ✅ Enabled: true + ✅ MongoDB persistence: /mnt/data/mongodb_oeg + ✅ OEG Controller image: ghcr.io/sunriseopenoperatorplatform/oeg/oeg:1.0.1 + ✅ Service: NodePort :32263 + ✅ SRM connection: http://srm:8080/srm/1.0.0 + ✅ Ingress: disabled (as expected) + +Resources: + ✅ CPU/Memory limits configured + ✅ CPU/Memory requests configured + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +✅ DEPLOYMENT READINESS +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +Prerequisites Checklist: + ☐ Kubernetes cluster available (MicroK8s/kind/k3s/standard) + ☐ Helm 3.x installed + ☐ kubectl configured and working + ☐ Storage directories to be created: /mnt/data/mongodb_{srm,oeg} + +Before Deployment: + ☐ Create namespace: kubectl create namespace oop + ☐ Create service account and get token + ☐ Update values.yaml with token + ☐ Run deploy.sh OR helm install command + +Expected Results After Deployment: + ☐ 5 pods running in 'oop' namespace + - mongosrm + - srmcontroller + - artefact-manager + - oegmongo + - oegcontroller + ☐ 5 services created + ☐ 2 PersistentVolumes created + ☐ 2 PersistentVolumeClaims bound + +Access URLs: + ☐ SRM: http://:32415 + ☐ Artifact Manager: http://:30080 + ☐ OEG: http://:32263/oeg/1.0.0/docs/ + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +✅ DEPLOYMENT METHODS +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +Method 1: Automated Script (Recommended) + ✅ Script created: deploy.sh + ✅ Executable permissions: set + Usage: ./deploy.sh + Features: + - Creates namespace automatically + - Creates storage automatically + - Generates token automatically + - Updates values.yaml automatically + - Deploys platform + - Shows access URLs + +Method 2: Manual Helm Install + ✅ values.yaml ready for editing + Usage: helm install oop-platform . -n oop + Requires: Manual token update in values.yaml + +Method 3: Selective Deployment + ✅ Component flags configured + Usage: helm install oop-platform . -n oop --set oeg.enabled=false + Options: + - Deploy only SRM: --set oeg.enabled=false + - Deploy only OEG: --set srm.enabled=false + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +✅ FEDERATION MANAGER READINESS +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +Chart Structure: + ✅ Chart.yaml prepared for Federation Manager dependency + ✅ values.yaml section commented out and ready + ✅ OEG configured with Federation Manager host placeholder + +Next Steps When FM Manifest Received: + 1. Create charts/federation-manager/ directory + 2. Add Chart.yaml, values.yaml, templates/ + 3. Uncomment FM section in root Chart.yaml + 4. Uncomment FM section in root values.yaml + 5. Update OEG FM connection endpoint + 6. Test deployment with all 3 components + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +✅ DOCUMENTATION VERIFICATION +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +README.md Contents: + ✅ Overview and component list + ✅ Quick start guide (complete) + ✅ Configuration options (detailed) + ✅ Selective deployment examples + ✅ Operations (upgrade, rollback, scale) + ✅ Troubleshooting section + ✅ Uninstall instructions + ✅ Architecture diagram + ✅ Security considerations + ✅ Monitoring guidance + +QUICK_DEPLOY.md Contents: + ✅ 5-minute deployment guide + ✅ Step-by-step instructions + ✅ Expected results + ✅ Common issues and fixes + ✅ Cleanup instructions + +deploy.sh Script: + ✅ Automated deployment flow + ✅ Error handling + ✅ Progress indicators + ✅ Final status display + ✅ Access URL display + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +✅ FINAL VERIFICATION SUMMARY +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +Chart Completeness: ✅ 100% +Documentation: ✅ Complete +Deployment Scripts: ✅ Ready +Configuration: ⚠️ Token needs update +Namespace: ✅ oop (configured) +Federation Manager: ✅ Ready for integration +Subcharts: ✅ SRM + OEG ready + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +🎯 READY TO DEPLOY! +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +The Open Operator Platform chart is complete and ready for deployment! + +Three deployment options available: + 1. ./deploy.sh (Fully automated) + 2. helm install (Manual configuration) + 3. Follow QUICK_DEPLOY.md (Step-by-step guide) + +All files are in: oop-platform-chart/ + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +📋 DEPLOYMENT COMMAND EXAMPLES +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +Full Platform: + cd oop-platform-chart + ./deploy.sh + +OR manually: + helm install oop-platform . -n oop + +Only SRM: + helm install srm-only . -n oop --set oeg.enabled=false + +Only OEG: + helm install oeg-only . -n oop --set srm.enabled=false + +With custom resources: + helm install oop-platform . -n oop \ + --set srm.srmcontroller.replicaCount=3 + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +✅ ALL SYSTEMS GO! Ready for Federation Manager integration! diff --git a/helm/oop-platform-chart/charts/federation-manager/Chart.yaml b/helm/oop-platform-chart/charts/federation-manager/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c937e098b1d66583b87e8fd8ec8dc17c3018ff30 --- /dev/null +++ b/helm/oop-platform-chart/charts/federation-manager/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v2 +name: federation-manager +description: Federation Manager with Keycloak for Open Operator Platform +type: application +version: 1.0.0 +appVersion: "0.0.1" + +keywords: + - federation-manager + - keycloak + - oop + - federation + +maintainers: + - name: Open Operator Platform Team + +home: https://labs.etsi.org/rep/oop diff --git a/helm/oop-platform-chart/charts/federation-manager/README.md b/helm/oop-platform-chart/charts/federation-manager/README.md new file mode 100644 index 0000000000000000000000000000000000000000..ff7017c04d99a387c600db205f0f0b04399081fe --- /dev/null +++ b/helm/oop-platform-chart/charts/federation-manager/README.md @@ -0,0 +1,362 @@ +# Federation Manager Helm Chart + +Helm chart for deploying Federation Manager with Keycloak authentication for the Open Operator Platform. + +## Components + +This chart deploys: + +- **Federation Manager** - Manages federation across multiple operators +- **Keycloak** - OAuth2/OpenID Connect authentication server +- **OpenVPN Sidecar** (Optional) - For remote federation connections + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.x +- kubectl configured + +## Installation + +### Quick Install + +```bash +# Install with default values +helm install federation-manager . -n federation-manager --create-namespace +``` + +### Custom Installation + +```bash +# Create custom values file +cat > my-values.yaml << EOF +federationManager: + config: + mongodb: + host: "mongodb.oop.svc.cluster.local" # Update if using external MongoDB + + op_data: + partnerOPFederationId: "your-federation-id" + partnerOPCountryCode: "US" + # ... customize other settings +EOF + +# Install with custom values +helm install federation-manager . -n federation-manager -f my-values.yaml +``` + +## Configuration + +### Keycloak Configuration + +The default Keycloak realm configuration includes: + +- **Realm**: `federation` +- **Admin User**: `admin` / `admin` (change in production!) +- **Client ID**: `originating-op-1` +- **Client Secret**: `dd7vNwFqjNpYwaghlEwMbw10g0klWDHb` + +#### ⚠️ About Keycloak Credentials + +The default client credentials provided are **generic OAuth2 credentials** and can be used for testing. However, for production deployments: + +**Option 1: Keep defaults** (for testing/development) +- The provided credentials will work out of the box +- Quick to get started + +**Option 2: Generate new credentials** (recommended for production) + +1. Deploy with defaults first +2. Access Keycloak UI at `http://:30081` +3. Login with admin/admin +4. Navigate to: Realm Settings → Clients → originating-op-1 +5. Regenerate secret under "Credentials" tab +6. Update `values.yaml` with new secret: + ```yaml + keycloak: + realm: + client: + secret: "your-new-secret" + + federationManager: + config: + keycloak: + client1_secret: "your-new-secret" + ``` +7. Upgrade the deployment: + ```bash + helm upgrade federation-manager . -n federation-manager + ``` + +### Federation Manager Configuration + +Key configuration sections: + +```yaml +federationManager: + config: + # Keycloak OAuth2 settings + keycloak: + client1_id: "originating-op-1" + client1_secret: "dd7vNwFqjNpYwaghlEwMbw10g0klWDHb" + scope: "fed-mgmt" + + # MongoDB connection + mongodb: + host: "mongodb.mongodb.svc.cluster.local" + port: "27017" + + # Operator data + op_data: + partnerOPFederationId: "your-federation-id" + partnerOPCountryCode: "US" + # ... other settings + + # Partner operator settings + partner_op: + role: "partner_op" # or "originating_op" + host: "127.0.0.1" + server: "/operatorplatform/federation/v1" + port: "8992" +``` + +### OpenVPN Configuration (Optional) + +To enable VPN connectivity for remote federation: + +1. Create VPN secret: + ```bash + kubectl create secret generic partner-ovpn \ + --from-file=icom-client-1.ovpn=your-vpn-config.ovpn \ + --from-file=auth.txt=your-vpn-auth.txt \ + -n federation-manager + ``` + +2. Enable in values.yaml: + ```yaml + openvpn: + enabled: true + secretName: partner-ovpn + configFile: icom-client-1.ovpn + authFile: auth.txt + ``` + +3. Upgrade deployment: + ```bash + helm upgrade federation-manager . -n federation-manager + ``` + +## Access + +After deployment: + +```bash +# Get node IP +NODE_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[0].address}') + +# Access URLs +echo "Federation Manager: http://$NODE_IP:30989" +echo "Keycloak: http://$NODE_IP:30081" +echo "Keycloak Admin: http://$NODE_IP:30081/admin (admin/admin)" +``` + +## Common Operations + +### Check Status + +```bash +kubectl get pods -n federation-manager +kubectl get svc -n federation-manager +``` + +### View Logs + +```bash +# Federation Manager logs +kubectl logs -f deployment/federation-manager -c federation-manager -n federation-manager + +# Keycloak logs +kubectl logs -f deployment/keycloak -n federation-manager + +# OpenVPN logs (if enabled) +kubectl logs -f deployment/federation-manager -c openvpn -n federation-manager +``` + +### Update Configuration + +```bash +# Edit values.yaml +nano values.yaml + +# Upgrade deployment +helm upgrade federation-manager . -n federation-manager +``` + +### Scale + +```bash +# Scale Federation Manager +helm upgrade federation-manager . -n federation-manager --set federationManager.replicaCount=2 + +# Scale Keycloak +helm upgrade federation-manager . -n federation-manager --set keycloak.replicaCount=2 +``` + +## Integration with OOP Platform + +To integrate with the main OOP platform: + +### Option 1: Add as Subchart + +1. Copy this chart to OOP platform: + ```bash + cp -r federation-manager-chart oop-platform-chart/charts/federation-manager + ``` + +2. Update OOP platform `Chart.yaml`: + ```yaml + dependencies: + - name: federation-manager + version: "1.0.0" + condition: federationManager.enabled + ``` + +3. Add to OOP platform `values.yaml`: + ```yaml + federationManager: + enabled: true + # ... federation manager configuration + ``` + +4. Deploy complete platform: + ```bash + helm install oop-platform . -n oop + ``` + +### Option 2: Deploy Separately + +Deploy Federation Manager in its own namespace but configure to connect to OOP services: + +```yaml +federationManager: + config: + mongodb: + host: "mongosrm.oop.svc.cluster.local" # Connect to SRM MongoDB +``` + +## Troubleshooting + +### Keycloak Not Starting + +```bash +# Check logs +kubectl logs deployment/keycloak -n federation-manager + +# Common issues: +# - Realm import failed: Check ConfigMap +# - Port conflict: Ensure port 8080 is available +``` + +### Federation Manager Configuration Issues + +```bash +# Check secret +kubectl get secret federation-manager-config -n federation-manager -o yaml + +# Decode config +kubectl get secret federation-manager-config -n federation-manager \ + -o jsonpath='{.data.config\.cfg}' | base64 -d + +# Check logs +kubectl logs deployment/federation-manager -c federation-manager -n federation-manager +``` + +### OpenVPN Connection Issues + +```bash +# Check VPN secret exists +kubectl get secret partner-ovpn -n federation-manager + +# Check OpenVPN logs +kubectl logs deployment/federation-manager -c openvpn -n federation-manager + +# Check tun0 interface +kubectl exec -it deployment/federation-manager -c openvpn -n federation-manager -- ip a +``` + +## Security Considerations + +### Production Deployment + +1. **Change Keycloak Admin Password** + ```yaml + keycloak: + admin: + username: admin + password: "StrongPassword123!" + ``` + +2. **Regenerate Client Secrets** (see Keycloak Configuration section above) + +3. **Use Secrets for Sensitive Data** + ```bash + kubectl create secret generic keycloak-admin \ + --from-literal=username=admin \ + --from-literal=password=secure-password \ + -n federation-manager + ``` + +4. **Enable TLS/HTTPS** + ```yaml + keycloak: + ingress: + enabled: true + tls: + - secretName: keycloak-tls + hosts: + - keycloak.yourdomain.com + ``` + +5. **Resource Limits** + - Already configured with appropriate limits + - Adjust based on your workload + +## Uninstall + +```bash +# Uninstall chart +helm uninstall federation-manager -n federation-manager + +# Delete namespace (removes all resources) +kubectl delete namespace federation-manager + +# Delete VPN secret (if created separately) +kubectl delete secret partner-ovpn -n federation-manager +``` + +## Values Reference + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `keycloak.enabled` | Enable Keycloak deployment | `true` | +| `keycloak.service.nodePort` | NodePort for Keycloak | `30081` | +| `keycloak.admin.username` | Keycloak admin username | `admin` | +| `keycloak.admin.password` | Keycloak admin password | `admin` | +| `keycloak.realm.client.secret` | OAuth2 client secret | (see values.yaml) | +| `federationManager.enabled` | Enable Federation Manager | `true` | +| `federationManager.service.nodePort` | NodePort for Federation Manager | `30989` | +| `federationManager.config.partner_op.role` | Role: `partner_op` or `originating_op` | `partner_op` | +| `openvpn.enabled` | Enable OpenVPN sidecar | `false` | +| `openvpn.secretName` | Name of VPN secret | `partner-ovpn` | + +For complete values reference, see `values.yaml`. + +## Support + +For issues and questions: +- **Repository**: https://labs.etsi.org/rep/oop +- **Issues**: Create an issue in the repository + +## License + +[Your License Here] diff --git a/helm/oop-platform-chart/charts/federation-manager/templates/_helpers.tpl b/helm/oop-platform-chart/charts/federation-manager/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..ba9492b26eecae26a90976173bc96e2f2059121a --- /dev/null +++ b/helm/oop-platform-chart/charts/federation-manager/templates/_helpers.tpl @@ -0,0 +1,89 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "federation-manager.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +*/}} +{{- define "federation-manager.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "federation-manager.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "federation-manager.labels" -}} +helm.sh/chart: {{ include "federation-manager.chart" . }} +{{ include "federation-manager.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.commonLabels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "federation-manager.selectorLabels" -}} +app.kubernetes.io/name: {{ include "federation-manager.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Keycloak labels +*/}} +{{- define "federation-manager.keycloak.labels" -}} +{{ include "federation-manager.labels" . }} +app: keycloak +{{- end }} + +{{/* +Keycloak selector labels +*/}} +{{- define "federation-manager.keycloak.selectorLabels" -}} +app: keycloak +{{- end }} + +{{/* +Federation Manager labels +*/}} +{{- define "federation-manager.fm.labels" -}} +{{ include "federation-manager.labels" . }} +app: federation-manager +{{- end }} + +{{/* +Federation Manager selector labels +*/}} +{{- define "federation-manager.fm.selectorLabels" -}} +app: federation-manager +{{- end }} + +{{/* +Namespace +*/}} +{{- define "federation-manager.namespace" -}} +{{- default .Values.global.namespace .Release.Namespace }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/federation-manager/templates/federation-manager-deployment.yaml b/helm/oop-platform-chart/charts/federation-manager/templates/federation-manager-deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f84be3b16fa82e5a56ea834404e70a2da0c5472a --- /dev/null +++ b/helm/oop-platform-chart/charts/federation-manager/templates/federation-manager-deployment.yaml @@ -0,0 +1,144 @@ +{{- if .Values.federationManager.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.federationManager.name }} + namespace: {{ include "federation-manager.namespace" . }} + labels: + {{- include "federation-manager.fm.labels" . | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.federationManager.replicaCount }} + selector: + matchLabels: + {{- include "federation-manager.fm.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "federation-manager.fm.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.federationManager.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + containers: + + ##################################################################### + # 1) KEYCLOAK CONTAINER (runs INSIDE the federation-manager pod) + ##################################################################### + - name: keycloak + image: "{{ .Values.keycloak.image.repository }}:{{ .Values.keycloak.image.tag }}" + imagePullPolicy: {{ .Values.keycloak.image.pullPolicy }} + args: + - start-dev + - --import-realm + env: + - name: KC_BOOTSTRAP_ADMIN_USERNAME + value: {{ .Values.keycloak.admin.username | quote }} + - name: KC_BOOTSTRAP_ADMIN_PASSWORD + value: {{ .Values.keycloak.admin.password | quote }} + - name: KC_IMPORT + value: /opt/keycloak/data/import/realm-import.json + ports: + - name: http + containerPort: 8080 + protocol: TCP + volumeMounts: + - name: realm-import + mountPath: /opt/keycloak/data/import/ + + ##################################################################### + # 2) FEDERATION MANAGER MAIN CONTAINER + ##################################################################### + - name: federation-manager + image: "{{ .Values.federationManager.image.repository }}:{{ .Values.federationManager.image.tag }}" + imagePullPolicy: {{ .Values.federationManager.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.federationManager.service.targetPort }} + protocol: TCP + volumeMounts: + - name: config + readOnly: false + mountPath: /usr/app/src/conf/ + resources: + {{- toYaml .Values.federationManager.resources | nindent 12 }} + + ##################################################################### + # 3) OPENVPN SIDECAR CONTAINER + ##################################################################### + {{- if .Values.openvpn.enabled }} + - name: openvpn + image: "{{ .Values.openvpn.image.repository }}:{{ .Values.openvpn.image.tag }}" + imagePullPolicy: {{ .Values.openvpn.image.pullPolicy }} + command: + - /bin/sh + - -c + args: + - | + apk add --no-cache openvpn iproute2 bind-tools \ + && echo "Starting OpenVPN..." \ + && openvpn --config /vpn/{{ .Values.openvpn.configFile }} \ + --auth-user-pass /vpn/{{ .Values.openvpn.authFile }} \ + --verb 3 \ + --writepid /var/run/openvpn.pid + + {{- if .Values.openvpn.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + ip link show dev tun0 >/dev/null 2>&1 || exit 1 + ip route | grep -q 'tun0' || exit 1 + initialDelaySeconds: {{ .Values.openvpn.readinessProbe.delay }} + timeoutSeconds: {{ .Values.openvpn.readinessProbe.timeout }} + periodSeconds: {{ .Values.openvpn.readinessProbe.period }} + failureThreshold: {{ .Values.openvpn.readinessProbe.failureThreshold }} + {{- end }} + + volumeMounts: + - name: ovpn + mountPath: /vpn + readOnly: true + - name: dev-net-tun + mountPath: /dev/net/tun + + securityContext: + capabilities: + add: + - NET_ADMIN + {{- end }} + + ####################################################################### + # VOLUME DEFINITIONS + ####################################################################### + volumes: + # Mount federation-manager config.yml + - name: config + secret: + secretName: federation-manager-config + defaultMode: 420 + + # Keycloak realm import ConfigMap + - name: realm-import + configMap: + name: keycloak-config + + {{- if .Values.openvpn.enabled }} + - name: ovpn + secret: + secretName: {{ .Values.openvpn.secretName }} + + - name: dev-net-tun + hostPath: + path: /dev/net/tun + type: CharDevice + {{- end }} + +{{- end }} diff --git a/helm/oop-platform-chart/charts/federation-manager/templates/federation-manager-secret.yaml b/helm/oop-platform-chart/charts/federation-manager/templates/federation-manager-secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..7eab9f9a2e8349bf5142add7b04b298328edce54 --- /dev/null +++ b/helm/oop-platform-chart/charts/federation-manager/templates/federation-manager-secret.yaml @@ -0,0 +1,16 @@ +{{- if .Values.federationManager.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: federation-manager-config + namespace: {{ include "federation-manager.namespace" . }} + labels: + {{- include "federation-manager.fm.labels" . | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +type: Opaque +data: + config.cfg: {{ printf "[keycloak]\nclient1_id = %s\nclient1_secret = %s\nclient2_id = %s\nclient2_secret = %s\nscope = %s\n\n[server]\nhost = %s\nport = %s\nprefix = %s\nversion = %s\nprotocol = %s\n\n[mongodb]\nhost = %s\nport = %s\n\n[i2edge]\nhost = %s\nport = %s\n\n[op_data]\npartnerOPFederationId = %s\npartnerOPCountryCode = %s\npartnerOPMobileNetworkCode_MCC = %s\npartnerOPMobileNetworkCode_MNC = %s\npartnerOPFixedNetworkCode = %s\nplatformCaps = %s\nedgeDiscoveryServiceEndPoint_port = %s\nedgeDiscoveryServiceEndPoint_fqdn = %s\nedgeDiscoveryServiceEndPoint_ipv4Addresses = %s\nedgeDiscoveryServiceEndPoint_ipv6Addresses = %s\nlcmServiceEndPoint_port = %s\nlcmServiceEndPoint_fqdn = %s\nlcmServiceEndPoint_ipv4Addresses = %s\nlcmServiceEndPoint_ipv6Addresses = %s\n\n[partner_op]\npartner_op_host = %s\npartner_op_server = %s\npartner_op_port = %s\nrole = %s\n" .Values.federationManager.config.keycloak.client1_id .Values.federationManager.config.keycloak.client1_secret .Values.federationManager.config.keycloak.client2_id .Values.federationManager.config.keycloak.client2_secret .Values.federationManager.config.keycloak.scope .Values.federationManager.config.server.host .Values.federationManager.config.server.port .Values.federationManager.config.server.prefix .Values.federationManager.config.server.version .Values.federationManager.config.server.protocol .Values.federationManager.config.mongodb.host .Values.federationManager.config.mongodb.port .Values.federationManager.config.i2edge.host .Values.federationManager.config.i2edge.port .Values.federationManager.config.op_data.partnerOPFederationId .Values.federationManager.config.op_data.partnerOPCountryCode .Values.federationManager.config.op_data.partnerOPMobileNetworkCode_MCC .Values.federationManager.config.op_data.partnerOPMobileNetworkCode_MNC .Values.federationManager.config.op_data.partnerOPFixedNetworkCode .Values.federationManager.config.op_data.platformCaps .Values.federationManager.config.op_data.edgeDiscoveryServiceEndPoint_port .Values.federationManager.config.op_data.edgeDiscoveryServiceEndPoint_fqdn .Values.federationManager.config.op_data.edgeDiscoveryServiceEndPoint_ipv4Addresses .Values.federationManager.config.op_data.edgeDiscoveryServiceEndPoint_ipv6Addresses .Values.federationManager.config.op_data.lcmServiceEndPoint_port .Values.federationManager.config.op_data.lcmServiceEndPoint_fqdn .Values.federationManager.config.op_data.lcmServiceEndPoint_ipv4Addresses .Values.federationManager.config.op_data.lcmServiceEndPoint_ipv6Addresses .Values.federationManager.config.partner_op.host .Values.federationManager.config.partner_op.server .Values.federationManager.config.partner_op.port .Values.federationManager.config.partner_op.role | b64enc }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/federation-manager/templates/federation-manager-service.yaml b/helm/oop-platform-chart/charts/federation-manager/templates/federation-manager-service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..35d7cffaf69d8a97a903db4ca9a761b35ced9db1 --- /dev/null +++ b/helm/oop-platform-chart/charts/federation-manager/templates/federation-manager-service.yaml @@ -0,0 +1,25 @@ +{{- if .Values.federationManager.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.federationManager.service.name }} + namespace: {{ include "federation-manager.namespace" . }} + labels: + {{- include "federation-manager.fm.labels" . | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.federationManager.service.type }} + ports: + - name: http + protocol: TCP + port: {{ .Values.federationManager.service.port }} + targetPort: {{ .Values.federationManager.service.targetPort }} + {{- if and (eq .Values.federationManager.service.type "NodePort") .Values.federationManager.service.nodePort }} + nodePort: {{ .Values.federationManager.service.nodePort }} + {{- end }} + selector: + {{- include "federation-manager.fm.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/federation-manager/templates/keycloak-configmap.yaml b/helm/oop-platform-chart/charts/federation-manager/templates/keycloak-configmap.yaml new file mode 100644 index 0000000000000000000000000000000000000000..5bd824b19225119a802312239caabd6d908cf9e3 --- /dev/null +++ b/helm/oop-platform-chart/charts/federation-manager/templates/keycloak-configmap.yaml @@ -0,0 +1,41 @@ +{{- if .Values.keycloak.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: keycloak-config + namespace: {{ include "federation-manager.namespace" . }} + labels: + {{- include "federation-manager.keycloak.labels" . | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +data: + realm-import.json: | + { + "realm": "{{ .Values.keycloak.realm.name }}", + "enabled": {{ .Values.keycloak.realm.enabled }}, + "clientScopes": [ + { + "id": "{{ .Values.keycloak.realm.clientScope.id }}", + "name": "{{ .Values.keycloak.realm.clientScope.name }}", + "protocol": "{{ .Values.keycloak.realm.clientScope.protocol }}", + "description": "{{ .Values.keycloak.realm.clientScope.description }}" + } + ], + "clients": [ + { + "clientId": "{{ .Values.keycloak.realm.client.clientId }}", + "enabled": {{ .Values.keycloak.realm.client.enabled }}, + "clientAuthenticatorType": "client-secret", + "secret": "{{ .Values.keycloak.realm.client.secret }}", + "redirectUris": {{ .Values.keycloak.realm.client.redirectUris | toJson }}, + "publicClient": {{ .Values.keycloak.realm.client.publicClient }}, + "directAccessGrantsEnabled": {{ .Values.keycloak.realm.client.directAccessGrantsEnabled }}, + "serviceAccountsEnabled": {{ .Values.keycloak.realm.client.serviceAccountsEnabled }}, + "defaultClientScopes": {{ .Values.keycloak.realm.client.defaultClientScopes | toJson }}, + "webOrigins": {{ .Values.keycloak.realm.client.webOrigins | toJson }} + } + ] + } +{{- end }} diff --git a/helm/oop-platform-chart/charts/federation-manager/templates/keycloak-deployment.yaml b/helm/oop-platform-chart/charts/federation-manager/templates/keycloak-deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..7a1462b2cb7014bd80906ad196d05c7118b1a4be --- /dev/null +++ b/helm/oop-platform-chart/charts/federation-manager/templates/keycloak-deployment.yaml @@ -0,0 +1,50 @@ +{{- if .Values.keycloak.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.keycloak.name }} + namespace: {{ include "federation-manager.namespace" . }} + labels: + {{- include "federation-manager.keycloak.labels" . | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.keycloak.replicaCount }} + selector: + matchLabels: + {{- include "federation-manager.keycloak.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "federation-manager.keycloak.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: keycloak + image: "{{ .Values.keycloak.image.repository }}:{{ .Values.keycloak.image.tag }}" + imagePullPolicy: {{ .Values.keycloak.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.keycloak.service.targetPort }} + protocol: TCP + args: + - "start-dev" + - "--import-realm" + env: + - name: KC_BOOTSTRAP_ADMIN_USERNAME + value: {{ .Values.keycloak.admin.username | quote }} + - name: KC_BOOTSTRAP_ADMIN_PASSWORD + value: {{ .Values.keycloak.admin.password | quote }} + - name: KC_IMPORT + value: "/opt/keycloak/data/import/realm-import.json" + volumeMounts: + - name: realm-import + mountPath: /opt/keycloak/data/import/ + resources: + {{- toYaml .Values.keycloak.resources | nindent 12 }} + volumes: + - name: realm-import + configMap: + name: keycloak-config +{{- end }} diff --git a/helm/oop-platform-chart/charts/federation-manager/templates/keycloak-ingress.yaml b/helm/oop-platform-chart/charts/federation-manager/templates/keycloak-ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..dcabb2582835ffa991e7c28d706f8666b247661b --- /dev/null +++ b/helm/oop-platform-chart/charts/federation-manager/templates/keycloak-ingress.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.keycloak.enabled .Values.keycloak.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: keycloak-ingress + namespace: {{ include "federation-manager.namespace" . }} + labels: + {{- include "federation-manager.keycloak.labels" . | nindent 4 }} + annotations: + {{- with .Values.keycloak.ingress.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ingressClassName: {{ .Values.keycloak.ingress.className }} + rules: + - host: {{ .Values.keycloak.ingress.host }} + http: + paths: + - path: {{ .Values.keycloak.ingress.path }} + pathType: {{ .Values.keycloak.ingress.pathType }} + backend: + service: + name: {{ .Values.keycloak.service.name }} + port: + number: {{ .Values.keycloak.service.port }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/federation-manager/templates/keycloak-service.yaml b/helm/oop-platform-chart/charts/federation-manager/templates/keycloak-service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4d5960f44a89f786e9f617497a9bd55271a67c9c --- /dev/null +++ b/helm/oop-platform-chart/charts/federation-manager/templates/keycloak-service.yaml @@ -0,0 +1,25 @@ +{{- if .Values.keycloak.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.keycloak.service.name }} + namespace: {{ include "federation-manager.namespace" . }} + labels: + {{- include "federation-manager.keycloak.labels" . | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.keycloak.service.type }} + ports: + - name: http + protocol: TCP + port: {{ .Values.keycloak.service.port }} + targetPort: {{ .Values.keycloak.service.targetPort }} + {{- if and (eq .Values.keycloak.service.type "NodePort") .Values.keycloak.service.nodePort }} + nodePort: {{ .Values.keycloak.service.nodePort }} + {{- end }} + selector: + {{- include "federation-manager.keycloak.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/federation-manager/templates/mongodb-deployment.yaml b/helm/oop-platform-chart/charts/federation-manager/templates/mongodb-deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..cd4b4a88af9e16bff006939b51f7ac5d636271e6 --- /dev/null +++ b/helm/oop-platform-chart/charts/federation-manager/templates/mongodb-deployment.yaml @@ -0,0 +1,34 @@ +{{- if .Values.mongodb.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.mongodb.name }} + namespace: {{ include "federation-manager.namespace" . }} + labels: + app: {{ .Values.mongodb.name }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.mongodb.name }} + template: + metadata: + labels: + app: {{ .Values.mongodb.name }} + spec: + containers: + - name: mongodb + image: "{{ .Values.mongodb.image.repository }}:{{ .Values.mongodb.image.tag }}" + imagePullPolicy: {{ .Values.mongodb.image.pullPolicy }} + ports: + - containerPort: {{ .Values.mongodb.service.port }} + resources: + {{- toYaml .Values.mongodb.resources | nindent 12 }} + volumeMounts: + - name: mongo-data + mountPath: /data/db + volumes: + - name: mongo-data + persistentVolumeClaim: + claimName: {{ .Values.mongodb.name }}-pvc +{{- end }} diff --git a/helm/oop-platform-chart/charts/federation-manager/templates/mongodb-pv.yaml b/helm/oop-platform-chart/charts/federation-manager/templates/mongodb-pv.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6ebc6b770b0d7301a829e6aefb5cbb00cadbe1ab --- /dev/null +++ b/helm/oop-platform-chart/charts/federation-manager/templates/mongodb-pv.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.mongodb.enabled .Values.mongodb.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ .Values.mongodb.name }}-pv + labels: + app: {{ .Values.mongodb.name }} +spec: + capacity: + storage: {{ .Values.mongodb.persistence.size | quote }} + accessModes: + - {{ .Values.mongodb.persistence.accessMode }} + persistentVolumeReclaimPolicy: Retain + storageClassName: {{ .Values.mongodb.persistence.storageClass | default "mongodb-fm-storage" }} + hostPath: + path: {{ .Values.mongodb.persistence.hostPath | default "/mnt/data/mongodb_fm" }} + type: DirectoryOrCreate +{{- end }} diff --git a/helm/oop-platform-chart/charts/federation-manager/templates/mongodb-pvc.yaml b/helm/oop-platform-chart/charts/federation-manager/templates/mongodb-pvc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..247136f012a09ae14c8f17411095840b6efc13b0 --- /dev/null +++ b/helm/oop-platform-chart/charts/federation-manager/templates/mongodb-pvc.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.mongodb.enabled .Values.mongodb.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Values.mongodb.name }}-pvc + namespace: {{ include "federation-manager.namespace" . }} + labels: + app: {{ .Values.mongodb.name }} +spec: + accessModes: + - {{ .Values.mongodb.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.mongodb.persistence.size }} + storageClassName: {{ .Values.mongodb.persistence.storageClass | default "mongodb-fm-storage" }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/federation-manager/templates/mongodb-service.yaml b/helm/oop-platform-chart/charts/federation-manager/templates/mongodb-service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..68ddfd3593345ca0309e001468717a9e8fd336f3 --- /dev/null +++ b/helm/oop-platform-chart/charts/federation-manager/templates/mongodb-service.yaml @@ -0,0 +1,17 @@ +{{- if .Values.mongodb.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.mongodb.name }} + namespace: {{ include "federation-manager.namespace" . }} + labels: + app: {{ .Values.mongodb.name }} +spec: + type: ClusterIP + ports: + - port: {{ .Values.mongodb.service.port }} + targetPort: {{ .Values.mongodb.service.port }} + selector: + app: {{ .Values.mongodb.name }} +{{- end }} + diff --git a/helm/oop-platform-chart/charts/federation-manager/values.yaml b/helm/oop-platform-chart/charts/federation-manager/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..87fd831091369b3e39597377157916231e548fe9 --- /dev/null +++ b/helm/oop-platform-chart/charts/federation-manager/values.yaml @@ -0,0 +1,215 @@ +# Federation Manager Helm Chart Configuration +# ==================================================================== + +# IMPORTANT: +# This namespace is used ONLY for the federation-manager chart. +# It MUST NOT inherit the umbrella chart's .Values.global.namespace (which is "oop"). +namespace: federation-manager + +global: + namespace: federation-manager + +# ==================================================================== +# Keycloak Configuration +# ==================================================================== +keycloak: + enabled: true + name: keycloak + replicaCount: 1 + + image: + repository: quay.io/keycloak/keycloak + tag: 26.1.4 + pullPolicy: IfNotPresent + + service: + name: keycloak + type: NodePort + port: 8080 + targetPort: 8080 + nodePort: 30081 + + admin: + username: admin + password: admin + + realm: + name: federation + enabled: true + + clientScope: + id: "439d9c71-8a8a-469c-9280-058016000cc2" + name: "fed-mgmt" + protocol: "openid-connect" + description: "fed-mgmt" + + client: + clientId: "originating-op-1" + enabled: true + secret: "dd7vNwFqjNpYwaghlEwMbw10g0klWDHb" + redirectUris: + - "http://localhost:8080/*" + publicClient: false + directAccessGrantsEnabled: true + serviceAccountsEnabled: true + defaultClientScopes: + - "fed-mgmt" + webOrigins: + - "*" + + ingress: + enabled: false + className: traefik + host: isiath.duckdns.org + path: / + pathType: Prefix + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: web + + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 500m + memory: 512Mi + +# ==================================================================== +# MongoDB for Federation Manager +# ==================================================================== +mongodb: + enabled: true + name: mongodb + + image: + repository: mongo + tag: latest + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 27017 + + persistence: + enabled: true + accessMode: ReadWriteOnce + size: 1Gi + storageClass: "mongodb-fm-storage" + hostPath: /mnt/data/mongodb_fm + + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 250m + memory: 256Mi + +# ==================================================================== +# Federation Manager Config +# ==================================================================== +federationManager: + enabled: true + name: federation-manager + replicaCount: 1 + + image: + repository: ghcr.io/sunriseopenoperatorplatform/federation-manager + tag: "0.0.1" + pullPolicy: Always + + service: + name: federation-manager + type: NodePort + port: 8989 + targetPort: 8989 + nodePort: 30989 + + resources: + requests: + cpu: "2" + memory: "4Gi" + limits: + cpu: "4" + memory: "6Gi" + + config: + keycloak: + client1_id: "originating-op-1" + client1_secret: "dd7vNwFqjNpYwaghlEwMbw10g0klWDHb" + client2_id: "originating-op-2" + client2_secret: "2mhznERfWclLDuVojY77Lp4Qd2r4e8Ms" + scope: "fed-mgmt" + + server: + host: "127.0.0.1" + port: "8989" + prefix: "api" + version: "v1.0" + protocol: "http" + + mongodb: + # Connect to the LOCAL federation-manager MongoDB + host: "mongodb" + port: "27017" + + i2edge: + host: "192.168.123.237" + port: "30760" + + op_data: + partnerOPFederationId: "i2cat" + partnerOPCountryCode: "ES" + partnerOPMobileNetworkCode_MCC: "001" + partnerOPMobileNetworkCode_MNC: "01" + partnerOPFixedNetworkCode: "34" + platformCaps: "homeRouting" + edgeDiscoveryServiceEndPoint_port: "" + edgeDiscoveryServiceEndPoint_fqdn: "discovery.operator1.com" + edgeDiscoveryServiceEndPoint_ipv4Addresses: "" + edgeDiscoveryServiceEndPoint_ipv6Addresses: "" + lcmServiceEndPoint_port: "8989" + lcmServiceEndPoint_fqdn: "" + lcmServiceEndPoint_ipv4Addresses: "127.0.0.1" + lcmServiceEndPoint_ipv6Addresses: "" + + partner_op: + role: "partner_op" + host: "127.0.0.1" + server: "/operatorplatform/federation/v1" + port: "8992" + + imagePullSecrets: [] + +# ==================================================================== +# OpenVPN Sidecar +# ==================================================================== +openvpn: + enabled: false + + image: + repository: alpine + tag: "3.20" + pullPolicy: IfNotPresent + + secretName: partner-ovpn + configFile: icom-client-1.ovpn + authFile: auth.txt + + readinessProbe: + enabled: true + delay: 5 + timeout: 1 + period: 5 + failureThreshold: 3 + +# ==================================================================== +# Labels & Annotations +# ==================================================================== +commonLabels: + platform: oop + component: federation-manager + +commonAnnotations: + platform: "Open Operator Platform" + component: "federation-manager" diff --git a/helm/oop-platform-chart/charts/oeg/Chart.yaml b/helm/oop-platform-chart/charts/oeg/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..01473beb31df9a19df2c3f8b729c220cc9716439 --- /dev/null +++ b/helm/oop-platform-chart/charts/oeg/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +name: oeg +description: A Helm chart for OEG Controller with MongoDB +type: application +version: 1.0.0 +appVersion: "1.0.1" +keywords: + - oeg + - mongodb + - controller +maintainers: + - name: DevOps Team +home: https://github.com/sunriseopenoperatorplatform/oeg +sources: + - https://github.com/sunriseopenoperatorplatform/oeg diff --git a/helm/oop-platform-chart/charts/oeg/Makefile b/helm/oop-platform-chart/charts/oeg/Makefile new file mode 100644 index 0000000000000000000000000000000000000000..b7b5fbb68f6f8b80e2355d75dba9b851610c32ef --- /dev/null +++ b/helm/oop-platform-chart/charts/oeg/Makefile @@ -0,0 +1,101 @@ +.PHONY: help install-dev install-staging install-prod upgrade-dev upgrade-staging upgrade-prod uninstall-dev uninstall-staging uninstall-prod template lint test clean + +CHART_NAME := oeg +NAMESPACE_DEV := sunrise6g-dev +NAMESPACE_STAGING := sunrise6g-staging +NAMESPACE_PROD := sunrise6g + +help: ## Show this help message + @echo 'Usage: make [target]' + @echo '' + @echo 'Available targets:' + @awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf " %-20s %s\n", $$1, $$2}' $(MAKEFILE_LIST) + +lint: ## Lint the Helm chart + helm lint . + +template: ## Render templates with default values + helm template $(CHART_NAME) . --debug + +template-dev: ## Render templates with dev values + helm template $(CHART_NAME)-dev . -f values-dev.yaml --debug + +template-staging: ## Render templates with staging values + helm template $(CHART_NAME)-staging . -f values-staging.yaml --debug + +template-prod: ## Render templates with prod values + helm template $(CHART_NAME)-prod . -f values-prod.yaml --debug + +install-dev: ## Install chart in dev environment + helm install $(CHART_NAME)-dev . -f values-dev.yaml -n $(NAMESPACE_DEV) --create-namespace + +install-staging: ## Install chart in staging environment + helm install $(CHART_NAME)-staging . -f values-staging.yaml -n $(NAMESPACE_STAGING) --create-namespace + +install-prod: ## Install chart in production environment + helm install $(CHART_NAME)-prod . -f values-prod.yaml -n $(NAMESPACE_PROD) --create-namespace + +upgrade-dev: ## Upgrade dev deployment + helm upgrade $(CHART_NAME)-dev . -f values-dev.yaml -n $(NAMESPACE_DEV) + +upgrade-staging: ## Upgrade staging deployment + helm upgrade $(CHART_NAME)-staging . -f values-staging.yaml -n $(NAMESPACE_STAGING) + +upgrade-prod: ## Upgrade production deployment + helm upgrade $(CHART_NAME)-prod . -f values-prod.yaml -n $(NAMESPACE_PROD) + +uninstall-dev: ## Uninstall dev deployment + helm uninstall $(CHART_NAME)-dev -n $(NAMESPACE_DEV) + +uninstall-staging: ## Uninstall staging deployment + helm uninstall $(CHART_NAME)-staging -n $(NAMESPACE_STAGING) + +uninstall-prod: ## Uninstall production deployment + helm uninstall $(CHART_NAME)-prod -n $(NAMESPACE_PROD) + +status-dev: ## Show status of dev deployment + helm status $(CHART_NAME)-dev -n $(NAMESPACE_DEV) + +status-staging: ## Show status of staging deployment + helm status $(CHART_NAME)-staging -n $(NAMESPACE_STAGING) + +status-prod: ## Show status of production deployment + helm status $(CHART_NAME)-prod -n $(NAMESPACE_PROD) + +test-dev: ## Test dev installation + helm test $(CHART_NAME)-dev -n $(NAMESPACE_DEV) + +dry-run-dev: ## Dry run dev installation + helm install $(CHART_NAME)-dev . -f values-dev.yaml -n $(NAMESPACE_DEV) --dry-run --debug + +dry-run-staging: ## Dry run staging installation + helm install $(CHART_NAME)-staging . -f values-staging.yaml -n $(NAMESPACE_STAGING) --dry-run --debug + +dry-run-prod: ## Dry run production installation + helm install $(CHART_NAME)-prod . -f values-prod.yaml -n $(NAMESPACE_PROD) --dry-run --debug + +package: ## Package the chart + helm package . + +clean: ## Clean packaged charts + rm -f *.tgz + +validate: lint template ## Run validation checks + +pods-dev: ## Show pods in dev namespace + kubectl get pods -n $(NAMESPACE_DEV) + +pods-staging: ## Show pods in staging namespace + kubectl get pods -n $(NAMESPACE_STAGING) + +pods-prod: ## Show pods in production namespace + kubectl get pods -n $(NAMESPACE_PROD) + +logs-controller-dev: ## Show controller logs in dev + kubectl logs -f deployment/oegcontroller -n $(NAMESPACE_DEV) + +logs-mongo-dev: ## Show mongo logs in dev + kubectl logs -f deployment/oegmongo -n $(NAMESPACE_DEV) + +port-forward-dev: ## Port forward to dev service + kubectl port-forward svc/oeg 8080:80 -n $(NAMESPACE_DEV) diff --git a/helm/oop-platform-chart/charts/oeg/README.md b/helm/oop-platform-chart/charts/oeg/README.md new file mode 100644 index 0000000000000000000000000000000000000000..48371ada163e6225d288b0744179ac46b41b9d1b --- /dev/null +++ b/helm/oop-platform-chart/charts/oeg/README.md @@ -0,0 +1,298 @@ +# OEG Helm Chart + +A production-ready Helm chart for deploying OEG Controller with MongoDB on Kubernetes. + +## Overview + +This Helm chart deploys: +- **OEG Controller**: Main application server +- **MongoDB**: Database for OEG Controller +- **Ingress**: External access configuration +- **PersistentVolume/PersistentVolumeClaim**: Data persistence + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.0+ +- Traefik ingress controller (or modify for your ingress) +- StorageClass configured (for dynamic provisioning) + +## Installation + +### Quick Start + +```bash +# Add the chart repository (if published) +helm repo add oeg https://your-repo-url +helm repo update + +# Install with default values +helm install oeg ./oeg-chart -n sunrise6g --create-namespace + +# Or install with specific environment values +helm install oeg ./oeg-chart -f values-dev.yaml -n sunrise6g-dev --create-namespace +``` + +### Installation Commands by Environment + +**Development:** +```bash +helm install oeg-dev ./oeg-chart \ + -f values-dev.yaml \ + -n sunrise6g-dev \ + --create-namespace +``` + +**Staging:** +```bash +helm install oeg-staging ./oeg-chart \ + -f values-staging.yaml \ + -n sunrise6g-staging \ + --create-namespace +``` + +**Production:** +```bash +helm install oeg-prod ./oeg-chart \ + -f values-prod.yaml \ + -n sunrise6g \ + --create-namespace +``` + +## Configuration + +### Key Configuration Parameters + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `global.namespace` | Kubernetes namespace | `sunrise6g` | +| `mongodb.enabled` | Enable MongoDB deployment | `true` | +| `mongodb.image.tag` | MongoDB image tag | `latest` | +| `mongodb.persistence.size` | PVC storage size | `50Mi` | +| `mongodb.persistence.storageClass` | Storage class name | `manual` | +| `mongodb.persistence.createPV` | Create PersistentVolume | `true` | +| `oegcontroller.enabled` | Enable OEG Controller | `true` | +| `oegcontroller.replicaCount` | Number of replicas | `1` | +| `oegcontroller.image.tag` | Controller image tag | `1.0.1` | +| `oegcontroller.env.mongoUri` | MongoDB connection URI | `mongodb://oegmongo:27017` | +| `ingress.enabled` | Enable ingress | `true` | +| `ingress.host` | Ingress hostname | `isiath.duckdns.org` | +| `ingress.path` | Ingress path | `/oeg` | + +### Environment Variables + +The following environment variables can be configured for the OEG Controller: + +- `MONGO_URI`: MongoDB connection string +- `SRM_HOST`: SRM service host URL +- `FEDERATION_MANAGER_HOST`: Federation manager service URL +- `PARTNER_API_ROOT`: Partner API root URL +- `TOKEN_ENDPOINT`: OAuth token endpoint URL + +## Storage Configuration + +### Local Development (hostPath) + +For local development with minikube or kind: + +```yaml +mongodb: + persistence: + hostPath: + enabled: true + path: /mnt/data/mongodb_oeg + createPV: true +``` + +### Cloud Environments (Dynamic Provisioning) + +For cloud providers (AWS, GCP, Azure): + +```yaml +mongodb: + persistence: + storageClass: standard # or gp2, pd-standard, etc. + hostPath: + enabled: false + createPV: false +``` + +## Upgrading + +```bash +# Upgrade with new values +helm upgrade oeg ./oeg-chart -f values-prod.yaml -n sunrise6g + +# Upgrade with specific parameters +helm upgrade oeg ./oeg-chart \ + --set oegcontroller.image.tag=1.0.2 \ + -n sunrise6g +``` + +## Uninstalling + +```bash +helm uninstall oeg -n sunrise6g +``` + +**Note:** PersistentVolumes may need to be manually deleted: + +```bash +kubectl delete pv mongodb-oeg-pv-volume +``` + +## Common Operations + +### Check Deployment Status + +```bash +kubectl get pods -n sunrise6g +kubectl get svc -n sunrise6g +kubectl get ingress -n sunrise6g +``` + +### View Logs + +```bash +# OEG Controller logs +kubectl logs -f deployment/oegcontroller -n sunrise6g + +# MongoDB logs +kubectl logs -f deployment/oegmongo -n sunrise6g +``` + +### Access MongoDB + +```bash +# Port forward to MongoDB +kubectl port-forward svc/oegmongo 27017:27017 -n sunrise6g + +# Connect using mongo client +mongo mongodb://localhost:27017 +``` + +### Scale the Application + +```bash +helm upgrade oeg ./oeg-chart \ + --set oegcontroller.replicaCount=3 \ + -n sunrise6g +``` + +## Troubleshooting + +### Pod Not Starting + +```bash +kubectl describe pod -n sunrise6g +kubectl logs -n sunrise6g +``` + +### PVC Pending + +Check if the StorageClass exists: +```bash +kubectl get storageclass +``` + +For manual provisioning, ensure the PV is created: +```bash +kubectl get pv +``` + +### Ingress Not Working + +Verify ingress controller is running: +```bash +kubectl get pods -n kube-system | grep traefik +``` + +Check ingress resource: +```bash +kubectl describe ingress oegcontroller-ingress -n sunrise6g +``` + +## Advanced Configuration + +### Using External MongoDB + +To use an external MongoDB instance: + +```yaml +mongodb: + enabled: false + +oegcontroller: + env: + mongoUri: "mongodb://external-mongo.example.com:27017/oeg" +``` + +### Adding Secrets + +For sensitive data, use Kubernetes secrets: + +```bash +kubectl create secret generic oeg-secrets \ + --from-literal=mongo-password=yourpassword \ + -n sunrise6g +``` + +Then reference in values: + +```yaml +oegcontroller: + env: + mongoUri: "mongodb://user:$(MONGO_PASSWORD)@oegmongo:27017" + envFrom: + - secretRef: + name: oeg-secrets +``` + +### Resource Limits + +Adjust resource limits based on your workload: + +```yaml +oegcontroller: + resources: + limits: + cpu: 2000m + memory: 2Gi + requests: + cpu: 1000m + memory: 1Gi +``` + +## Values Files Structure + +The chart includes environment-specific values files: + +- `values.yaml` - Base configuration with defaults +- `values-dev.yaml` - Development environment overrides +- `values-staging.yaml` - Staging environment configuration +- `values-prod.yaml` - Production environment configuration + +## Best Practices + +1. **Use specific image tags** in production (avoid `latest`) +2. **Enable resource limits** to prevent resource exhaustion +3. **Use dynamic provisioning** for cloud environments +4. **Enable TLS** for production ingress +5. **Set appropriate replica counts** for high availability +6. **Use secrets** for sensitive configuration +7. **Implement backup strategy** for MongoDB data + +## Support + +For issues and questions: +- Check the [troubleshooting section](#troubleshooting) +- Review Kubernetes events: `kubectl get events -n sunrise6g` +- Check application logs + +## License + +[Your License Here] + +## Contributing + +[Your Contributing Guidelines Here] diff --git a/helm/oop-platform-chart/charts/oeg/START_HERE.txt b/helm/oop-platform-chart/charts/oeg/START_HERE.txt new file mode 100644 index 0000000000000000000000000000000000000000..cd8d085e9a66a13b87a5fb0d82dd3dcc1b0aa199 --- /dev/null +++ b/helm/oop-platform-chart/charts/oeg/START_HERE.txt @@ -0,0 +1,196 @@ +╔═══════════════════════════════════════════════════════════════════╗ +║ ║ +║ 🚀 OEG HELM CHART - START HERE 🚀 ║ +║ ║ +╚═══════════════════════════════════════════════════════════════════╝ + +Welcome! You now have a complete, production-ready Helm chart for your +OEG application with MongoDB. + +┌───────────────────────────────────────────────────────────────────┐ +│ 📖 READING ORDER (Choose Your Path) │ +└───────────────────────────────────────────────────────────────────┘ + +PATH 1: "I just want to deploy quickly!" + 1. Read: QUICK_START.md + 2. Run one command and you're done! ✅ + +PATH 2: "I want to understand everything" + 1. Read: SUMMARY.md (5 min overview) + 2. Read: README.md (complete reference) + 3. Read: STRUCTURE.md (how it works) + 4. Read: DEPLOYMENT_GUIDE.md (detailed steps) + +PATH 3: "I need to customize it" + 1. Read: QUICK_START.md (get basic deployment) + 2. Read: values-examples.yaml (see all options) + 3. Edit: values-dev.yaml or values-prod.yaml + 4. Deploy with your custom values + +┌───────────────────────────────────────────────────────────────────┐ +│ 🎯 QUICK COMMANDS │ +└───────────────────────────────────────────────────────────────────┘ + +Deploy to Development: + $ helm install oeg-dev . -f values-dev.yaml -n sunrise6g-dev --create-namespace + +Deploy to Production: + $ helm install oeg-prod . -f values-prod.yaml -n sunrise6g --create-namespace + +Using Makefile (recommended): + $ make help # See all available commands + $ make install-dev # Install to dev environment + $ make install-prod # Install to production + $ make upgrade-dev # Upgrade dev deployment + +Check Status: + $ kubectl get pods -n sunrise6g + $ helm status oeg-prod -n sunrise6g + +┌───────────────────────────────────────────────────────────────────┐ +│ 📦 WHAT'S INCLUDED │ +└───────────────────────────────────────────────────────────────────┘ + +✅ Complete Helm Chart Structure + ├── MongoDB deployment with persistent storage + ├── OEG Controller deployment + ├── Services for internal networking + ├── Ingress for external access + └── ConfigMaps for configuration + +✅ Three Environment Configurations + ├── values-dev.yaml → For local/development + ├── values-staging.yaml → For staging environment + └── values-prod.yaml → For production + +✅ Comprehensive Documentation + ├── README.md → Complete reference + ├── QUICK_START.md → Fast deployment + ├── DEPLOYMENT_GUIDE.md → Step-by-step guide + ├── STRUCTURE.md → Architecture details + ├── SUMMARY.md → Overview + └── values-examples.yaml → All config options + +✅ Automation Tools + └── Makefile → Shortcuts for common tasks + +┌───────────────────────────────────────────────────────────────────┐ +│ ⚡ FASTEST WAY TO GET STARTED │ +└───────────────────────────────────────────────────────────────────┘ + +1. Open QUICK_START.md +2. Copy the install command for your environment +3. Run it +4. Done! Your application is deployed! 🎉 + +Time to deployment: ~2 minutes + +┌───────────────────────────────────────────────────────────────────┐ +│ 🔧 CUSTOMIZATION │ +└───────────────────────────────────────────────────────────────────┘ + +Common customizations: + • Change replicas: --set oegcontroller.replicaCount=3 + • Change storage size: --set mongodb.persistence.size=10Gi + • Change domain: --set ingress.host=mydomain.com + • Update image version: --set oegcontroller.image.tag=1.0.2 + +See values-examples.yaml for ALL available options! + +┌───────────────────────────────────────────────────────────────────┐ +│ 🌟 KEY FEATURES │ +└───────────────────────────────────────────────────────────────────┘ + +✨ Multi-Environment Ready + → Same chart deploys to dev, staging, and production + → Just use different values files! + +✨ Cloud-Agnostic + → Works with AWS, GCP, Azure, on-prem + → Automatic storage class detection + +✨ Production-Grade + → Health checks included + → Resource limits configured + → High availability ready (multi-replica) + +✨ Easy to Maintain + → Clear structure + → Well documented + → Template helpers for reusability + +┌───────────────────────────────────────────────────────────────────┐ +│ 📋 PREREQUISITES │ +└───────────────────────────────────────────────────────────────────┘ + +Before deploying, make sure you have: + ✓ kubectl configured (can access your cluster) + ✓ Helm 3.x installed + ✓ Appropriate cluster permissions + ✓ Namespace created (or use --create-namespace) + +Check with: + $ kubectl cluster-info + $ helm version + +┌───────────────────────────────────────────────────────────────────┐ +│ 🎓 LEARNING PATH │ +└───────────────────────────────────────────────────────────────────┘ + +Beginner? + → Start with QUICK_START.md + → Deploy to a dev environment first + → Experiment with --set to change values + +Intermediate? + → Read README.md for all options + → Review DEPLOYMENT_GUIDE.md for best practices + → Customize values files for your needs + +Advanced? + → Study STRUCTURE.md to understand internals + → Modify templates for custom requirements + → Add additional resources as needed + +┌───────────────────────────────────────────────────────────────────┐ +│ 🆘 NEED HELP? │ +└───────────────────────────────────────────────────────────────────┘ + +Deployment failing? + → Check DEPLOYMENT_GUIDE.md → "Common Issues" section + +Want to see all config options? + → Open values-examples.yaml + +Need step-by-step instructions? + → Read DEPLOYMENT_GUIDE.md + +Want to understand how it works? + → Read STRUCTURE.md + +┌───────────────────────────────────────────────────────────────────┐ +│ 🚀 READY TO DEPLOY? │ +└───────────────────────────────────────────────────────────────────┘ + +Recommended first command: + + $ helm install oeg-dev . -f values-dev.yaml -n sunrise6g-dev --create-namespace + +This will deploy to a dev environment where you can test safely! + +Then verify with: + $ kubectl get pods -n sunrise6g-dev + $ kubectl get svc -n sunrise6g-dev + +Access your application: + $ kubectl port-forward svc/oeg 8080:80 -n sunrise6g-dev + → Visit http://localhost:8080 + +═══════════════════════════════════════════════════════════════════ + + Happy Deploying! 🎉 + + For questions, check the docs! + Everything is documented. + +═══════════════════════════════════════════════════════════════════ diff --git a/helm/oop-platform-chart/charts/oeg/templates/NOTES.txt b/helm/oop-platform-chart/charts/oeg/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..e8bacd46a018ce6999250dd4048396039778e878 --- /dev/null +++ b/helm/oop-platform-chart/charts/oeg/templates/NOTES.txt @@ -0,0 +1,46 @@ +Thank you for installing {{ .Chart.Name }}! + +Your release is named {{ .Release.Name }}. + +To learn more about the release, try: + + $ helm status {{ .Release.Name }} -n {{ include "oeg.namespace" . }} + $ helm get all {{ .Release.Name }} -n {{ include "oeg.namespace" . }} + +{{- if .Values.oegcontroller.enabled }} + +OEG Controller has been deployed successfully! + +1. Get the application URL: +{{- if .Values.ingress.enabled }} + http://{{ .Values.ingress.host }}{{ .Values.ingress.path }} +{{- else if contains "NodePort" .Values.oegcontroller.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "oeg.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ .Values.oegcontroller.service.name }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "oeg.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.oegcontroller.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: kubectl get svc --namespace {{ include "oeg.namespace" . }} -w {{ .Values.oegcontroller.service.name }} + export SERVICE_IP=$(kubectl get svc --namespace {{ include "oeg.namespace" . }} {{ .Values.oegcontroller.service.name }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.oegcontroller.service.port }} +{{- else if contains "ClusterIP" .Values.oegcontroller.service.type }} + kubectl port-forward --namespace {{ include "oeg.namespace" . }} svc/{{ .Values.oegcontroller.service.name }} 8080:{{ .Values.oegcontroller.service.port }} + echo "Visit http://127.0.0.1:8080 to access your application" +{{- end }} + +2. Check the pods status: + kubectl get pods -n {{ include "oeg.namespace" . }} -l app.kubernetes.io/instance={{ .Release.Name }} + +{{- end }} + +{{- if .Values.mongodb.enabled }} + +3. MongoDB is running at: + Service: {{ .Values.mongodb.name }}.{{ include "oeg.namespace" . }}.svc.cluster.local:{{ .Values.mongodb.service.port }} + + To connect to MongoDB from within the cluster: + kubectl run -it --rm --image=mongo:latest --restart=Never mongo-client -- mongo {{ .Values.mongodb.name }}.{{ include "oeg.namespace" . }}.svc.cluster.local:{{ .Values.mongodb.service.port }} + +{{- end }} + +For more information, visit the documentation or check the project repository. diff --git a/helm/oop-platform-chart/charts/oeg/templates/_helpers.tpl b/helm/oop-platform-chart/charts/oeg/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..9f734910592d693e3217fc047dc871f5ce47108e --- /dev/null +++ b/helm/oop-platform-chart/charts/oeg/templates/_helpers.tpl @@ -0,0 +1,106 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "oeg.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +*/}} +{{- define "oeg.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "oeg.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "oeg.labels" -}} +helm.sh/chart: {{ include "oeg.chart" . }} +{{ include "oeg.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.commonLabels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "oeg.selectorLabels" -}} +app.kubernetes.io/name: {{ include "oeg.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +MongoDB labels +*/}} +{{- define "oeg.mongodb.labels" -}} +helm.sh/chart: {{ include "oeg.chart" . }} +{{ include "oeg.mongodb.selectorLabels" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +MongoDB selector labels +*/}} +{{- define "oeg.mongodb.selectorLabels" -}} +app.kubernetes.io/name: {{ .Values.mongodb.name }} +app.kubernetes.io/instance: {{ .Release.Name }} +io.kompose.service: {{ .Values.mongodb.name }} +{{- end }} + +{{/* +OEG Controller labels +*/}} +{{- define "oeg.controller.labels" -}} +helm.sh/chart: {{ include "oeg.chart" . }} +{{ include "oeg.controller.selectorLabels" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +OEG Controller selector labels +*/}} +{{- define "oeg.controller.selectorLabels" -}} +app.kubernetes.io/name: {{ .Values.oegcontroller.name }} +app.kubernetes.io/instance: {{ .Release.Name }} +io.kompose.service: {{ .Values.oegcontroller.name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "oeg.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "oeg.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Return the proper namespace +*/}} +{{- define "oeg.namespace" -}} +{{- default .Release.Namespace .Values.global.namespace }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/oeg/templates/ingress.yaml b/helm/oop-platform-chart/charts/oeg/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..8b7e951e913c7e7727b4eb5732742ec2d0110358 --- /dev/null +++ b/helm/oop-platform-chart/charts/oeg/templates/ingress.yaml @@ -0,0 +1,32 @@ +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Values.oegcontroller.name }}-ingress + namespace: {{ include "oeg.namespace" . }} + labels: + {{- include "oeg.controller.labels" . | nindent 4 }} + annotations: + {{- with .Values.ingress.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ingressClassName: {{ .Values.ingress.className }} + {{- if .Values.ingress.tls.enabled }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tls.secretName }} + {{- end }} + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: {{ .Values.ingress.path }} + pathType: {{ .Values.ingress.pathType }} + backend: + service: + name: {{ .Values.oegcontroller.service.name }} + port: + number: {{ .Values.oegcontroller.service.port }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/oeg/templates/mongodb-deployment.yaml b/helm/oop-platform-chart/charts/oeg/templates/mongodb-deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..8e3f551be601ec302eae4035b16150105ce23e7a --- /dev/null +++ b/helm/oop-platform-chart/charts/oeg/templates/mongodb-deployment.yaml @@ -0,0 +1,53 @@ +{{- if .Values.mongodb.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.mongodb.name }} + namespace: {{ include "oeg.namespace" . }} + labels: + {{- include "oeg.mongodb.labels" . | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "oeg.mongodb.selectorLabels" . | nindent 6 }} + strategy: + type: Recreate + template: + metadata: + labels: + {{- include "oeg.mongodb.selectorLabels" . | nindent 8 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - name: {{ .Values.mongodb.name }} + image: "{{ .Values.mongodb.image.repository }}:{{ .Values.mongodb.image.tag }}" + imagePullPolicy: {{ .Values.mongodb.image.pullPolicy }} + ports: + - name: mongodb + containerPort: {{ .Values.mongodb.service.port }} + protocol: TCP + {{- with .Values.mongodb.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.mongodb.persistence.enabled }} + volumeMounts: + - name: mongo-db + mountPath: /data/db + {{- end }} + restartPolicy: Always + {{- if .Values.mongodb.persistence.enabled }} + volumes: + - name: mongo-db + persistentVolumeClaim: + claimName: {{ .Values.mongodb.name }} + {{- end }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/oeg/templates/mongodb-pv.yaml b/helm/oop-platform-chart/charts/oeg/templates/mongodb-pv.yaml new file mode 100644 index 0000000000000000000000000000000000000000..98c85d4ca32b510f581b0c012c90bda633281c07 --- /dev/null +++ b/helm/oop-platform-chart/charts/oeg/templates/mongodb-pv.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.mongodb.enabled .Values.mongodb.persistence.enabled .Values.mongodb.persistence.createPV }} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ .Values.mongodb.name }}-pv-volume + namespace: {{ include "oeg.namespace" . }} + labels: + type: local + app: {{ .Values.mongodb.name }} + {{- include "oeg.mongodb.labels" . | nindent 4 }} +spec: + storageClassName: {{ .Values.mongodb.persistence.storageClass }} + capacity: + storage: {{ .Values.mongodb.persistence.size }} + accessModes: + - {{ .Values.mongodb.persistence.accessMode }} + {{- if .Values.mongodb.persistence.hostPath.enabled }} + hostPath: + path: {{ .Values.mongodb.persistence.hostPath.path | quote }} + {{- end }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/oeg/templates/mongodb-pvc.yaml b/helm/oop-platform-chart/charts/oeg/templates/mongodb-pvc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..1388804a016a6dd77b6f500ae7c0c41a1d3934bc --- /dev/null +++ b/helm/oop-platform-chart/charts/oeg/templates/mongodb-pvc.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.mongodb.enabled .Values.mongodb.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Values.mongodb.name }} + namespace: {{ include "oeg.namespace" . }} + labels: + {{- include "oeg.mongodb.labels" . | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + storageClassName: {{ .Values.mongodb.persistence.storageClass }} + accessModes: + - {{ .Values.mongodb.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.mongodb.persistence.size }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/oeg/templates/mongodb-service.yaml b/helm/oop-platform-chart/charts/oeg/templates/mongodb-service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..2e978300a2a0eef70ff76c0eec907bb63104cd24 --- /dev/null +++ b/helm/oop-platform-chart/charts/oeg/templates/mongodb-service.yaml @@ -0,0 +1,22 @@ +{{- if .Values.mongodb.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.mongodb.name }} + namespace: {{ include "oeg.namespace" . }} + labels: + {{- include "oeg.mongodb.labels" . | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.mongodb.service.type }} + ports: + - name: mongodb + port: {{ .Values.mongodb.service.port }} + targetPort: {{ .Values.mongodb.service.port }} + protocol: TCP + selector: + {{- include "oeg.mongodb.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/oeg/templates/oegcontroller-deployment.yaml b/helm/oop-platform-chart/charts/oeg/templates/oegcontroller-deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a10e6ef9c4a59602090295eeaa3d29c5a25ef8c3 --- /dev/null +++ b/helm/oop-platform-chart/charts/oeg/templates/oegcontroller-deployment.yaml @@ -0,0 +1,72 @@ +{{- if .Values.oegcontroller.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.oegcontroller.name }} + namespace: {{ include "oeg.namespace" . }} + labels: + {{- include "oeg.controller.labels" . | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.oegcontroller.replicaCount }} + selector: + matchLabels: + {{- include "oeg.controller.selectorLabels" . | nindent 6 }} + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + labels: + {{- include "oeg.controller.selectorLabels" . | nindent 8 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - name: {{ .Values.oegcontroller.name }} + image: "{{ .Values.oegcontroller.image.repository }}:{{ .Values.oegcontroller.image.tag }}" + imagePullPolicy: {{ .Values.oegcontroller.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.oegcontroller.service.targetPort }} + protocol: TCP + env: + - name: MONGO_URI + value: {{ .Values.oegcontroller.env.mongoUri | quote }} + - name: SRM_HOST + value: {{ .Values.oegcontroller.env.srmHost | quote }} + - name: FEDERATION_MANAGER_HOST + value: {{ .Values.oegcontroller.env.federationManagerHost | quote }} + - name: PARTNER_API_ROOT + value: {{ .Values.oegcontroller.env.partnerApiRoot | quote }} + - name: TOKEN_ENDPOINT + value: {{ .Values.oegcontroller.env.tokenEndpoint | quote }} + {{- with .Values.oegcontroller.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + # livenessProbe: + # httpGet: + # path: / + # port: http + # initialDelaySeconds: 30 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 3 + # readinessProbe: + # httpGet: + # path: / + # port: http + # initialDelaySeconds: 10 + # periodSeconds: 5 + # timeoutSeconds: 3 + # failureThreshold: 3 + restartPolicy: Always +{{- end }} diff --git a/helm/oop-platform-chart/charts/oeg/templates/oegcontroller-service.yaml b/helm/oop-platform-chart/charts/oeg/templates/oegcontroller-service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..145f66d108ff92032b32a014c13199a8468a5217 --- /dev/null +++ b/helm/oop-platform-chart/charts/oeg/templates/oegcontroller-service.yaml @@ -0,0 +1,25 @@ +{{- if .Values.oegcontroller.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.oegcontroller.service.name }} + namespace: {{ include "oeg.namespace" . }} + labels: + {{- include "oeg.controller.labels" . | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.oegcontroller.service.type }} + ports: + - name: http + port: {{ .Values.oegcontroller.service.port }} + targetPort: {{ .Values.oegcontroller.service.targetPort }} + protocol: TCP + {{- if and (eq .Values.oegcontroller.service.type "NodePort") .Values.oegcontroller.service.nodePort }} + nodePort: {{ .Values.oegcontroller.service.nodePort }} + {{- end }} + selector: + {{- include "oeg.controller.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/oeg/values.yaml b/helm/oop-platform-chart/charts/oeg/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..2b46b96338997f07758e69be68eaa8ca15eadc18 --- /dev/null +++ b/helm/oop-platform-chart/charts/oeg/values.yaml @@ -0,0 +1,92 @@ +# Global settings +global: + namespace: oop + +# MongoDB configuration +mongodb: + enabled: true + name: oegmongo + image: + repository: mongo + tag: latest + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 27017 + + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 250m + memory: 256Mi + + # Persistence configuration + persistence: + enabled: true + storageClass: manual + accessMode: ReadWriteOnce + size: 50Mi + # For hostPath (local development) + hostPath: + enabled: true + path: /mnt/data/mongodb_oeg + # Set to false if using dynamic provisioning + createPV: true + +# OEG Controller configuration +oegcontroller: + enabled: true + name: oegcontroller + replicaCount: 1 + + image: + repository: ghcr.io/sunriseopenoperatorplatform/oeg/oeg + tag: 1.0.1 + pullPolicy: Always + + service: + name: oeg + type: ClusterIP + port: 80 + targetPort: 8080 + + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 500m + memory: 512Mi + + # Environment variables + env: + mongoUri: "mongodb://oegmongo:27017" + srmHost: "http://srm:8080/srm/1.0.0" + federationManagerHost: "http://federation-manager.federation-manager.svc.cluster.local:8989/operatorplatform/federation/v1" + partnerApiRoot: "http://10.8.0.1:31002" + tokenEndpoint: "http://federation-manager.federation-manager.svc.cluster.local:8080/realms/federation/protocol/openid-connect/token" + +# Ingress configuration +ingress: + enabled: true + className: traefik + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: web + host: isiath.duckdns.org + path: /oeg + pathType: Prefix + # TLS configuration (optional) + tls: + enabled: false + secretName: oeg-tls + +# Labels to apply to all resources +commonLabels: {} + +# Annotations to apply to all resources +commonAnnotations: + kompose.cmd: kompose convert + kompose.version: 1.26.0 (40646f47) diff --git a/helm/oop-platform-chart/charts/srm/Chart.yaml b/helm/oop-platform-chart/charts/srm/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b4cf4d216dfd54a64f323c3f35d5bf10f46b0cc2 --- /dev/null +++ b/helm/oop-platform-chart/charts/srm/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +name: srm +description: A Helm chart for SRM (Service Resource Manager) with MongoDB +type: application +version: 1.0.0 +appVersion: "1.0.1" +keywords: + - srm + - mongodb + - sunrise +maintainers: + - name: DevOps Team +home: https://github.com/sunriseopenoperatorplatform/srm diff --git a/helm/oop-platform-chart/charts/srm/README.md b/helm/oop-platform-chart/charts/srm/README.md new file mode 100644 index 0000000000000000000000000000000000000000..837ff720d9f6b1997f6c8e5fd1ebe4a7c0135fcc --- /dev/null +++ b/helm/oop-platform-chart/charts/srm/README.md @@ -0,0 +1,183 @@ +# SRM Helm Chart + +Service Resource Manager with MongoDB and Artifact Manager for Sunrise 6G Platform. + +## Quick Deploy on MicroK8s + +```bash +# 1. Prepare +kubectl create namespace sunrise6g +sudo mkdir -p /mnt/data/mongodb_srm +sudo chmod 777 /mnt/data/mongodb_srm + +# 2. Deploy +helm install srm . -n sunrise6g + +# 3. Verify +kubectl get pods -n sunrise6g +kubectl get svc -n sunrise6g + +# 4. Access (get your node IP first) +kubectl get nodes -o wide +# Then access: http://:32415 (SRM) +# And: http://:30080 (Artifact Manager) +``` + +## What's Included + +- **SRM Controller** - Service Resource Manager +- **MongoDB** - Database with persistent storage +- **Artifact Manager** - Artifact management service + +## Components + +| Component | Service Type | Port | NodePort | +|-----------|-------------|------|----------| +| SRM Controller | NodePort | 8080 | 32415 | +| Artifact Manager | NodePort | 8000 | 30080 | +| MongoDB (SRM) | ClusterIP | 27017 | - | + +## Configuration + +Edit `values.yaml` to customize: + +### Service Types +```yaml +srmcontroller: + service: + type: NodePort # or ClusterIP, LoadBalancer + nodePort: 32415 # Remove for ClusterIP +``` + +### Resources +```yaml +srmcontroller: + resources: + limits: + cpu: 1000m + memory: 1Gi +``` + +### MongoDB Storage +```yaml +mongodb: + persistence: + size: 200Mi # Adjust as needed + hostPath: + path: /mnt/data/mongodb_srm +``` + +### Important: Update Kubernetes Token + +Get your token: +```bash +kubectl create serviceaccount sunrise-user -n sunrise6g +kubectl create clusterrolebinding sunrise-user-binding \ + --clusterrole=cluster-admin \ + --serviceaccount=sunrise6g:sunrise-user + +TOKEN=$(kubectl get secret $(kubectl get serviceaccount sunrise-user -n sunrise6g -o jsonpath='{.secrets[0].name}') -n sunrise6g -o jsonpath='{.data.token}' | base64 -d) +echo $TOKEN +``` + +Update in `values.yaml`: +```yaml +srmcontroller: + env: + kubernetesMasterToken: "YOUR_TOKEN_HERE" +``` + +## Deployment Options + +### Enable/Disable Components + +```yaml +mongodb: + enabled: true # Set to false to use external MongoDB + +artifactManager: + enabled: true # Set to false if deployed separately +``` + +### Use External MongoDB + +```yaml +mongodb: + enabled: false + +srmcontroller: + env: + empStorageUri: "mongodb://external-mongo:27017" +``` + +## Access Methods + +### NodePort (Default) +```bash +NODE_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="InternalIP")].address}') +echo "SRM: http://$NODE_IP:32415" +echo "Artifact Manager: http://$NODE_IP:30080" +``` + +### Port Forward +```bash +# SRM +kubectl port-forward svc/srm 8080:8080 -n sunrise6g +# Access: http://localhost:8080 + +# Artifact Manager +kubectl port-forward svc/artefact-manager-service 8000:8000 -n sunrise6g +# Access: http://localhost:8000 +``` + +## Troubleshooting + +### Check Pod Status +```bash +kubectl get pods -n sunrise6g +kubectl describe pod -n sunrise6g +``` + +### View Logs +```bash +# SRM logs +kubectl logs -f deployment/srmcontroller -n sunrise6g + +# MongoDB logs +kubectl logs -f deployment/mongosrm -n sunrise6g + +# Artifact Manager logs +kubectl logs -f deployment/artefact-manager -n sunrise6g +``` + +### PVC Issues +```bash +# Check PVC status +kubectl get pvc -n sunrise6g +kubectl describe pvc mongo-db -n sunrise6g + +# Ensure directory exists +sudo mkdir -p /mnt/data/mongodb_srm +sudo chmod 777 /mnt/data/mongodb_srm +``` + +## Upgrade + +```bash +# Edit values.yaml, then: +helm upgrade srm . -n sunrise6g + +# Or with command line overrides: +helm upgrade srm . --set srmcontroller.replicaCount=2 -n sunrise6g +``` + +## Uninstall + +```bash +helm uninstall srm -n sunrise6g +kubectl delete pv mongodb-pv-volume # If using hostPath +``` + +## For More Information + +See **MICROK8S_GUIDE.md** for complete step-by-step deployment instructions. diff --git a/helm/oop-platform-chart/charts/srm/templates/_helpers.tpl b/helm/oop-platform-chart/charts/srm/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..e434b2a107bdb5e204c3a4673ab3ed97feb953b1 --- /dev/null +++ b/helm/oop-platform-chart/charts/srm/templates/_helpers.tpl @@ -0,0 +1,112 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "srm.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +*/}} +{{- define "srm.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "srm.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "srm.labels" -}} +helm.sh/chart: {{ include "srm.chart" . }} +{{ include "srm.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.commonLabels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "srm.selectorLabels" -}} +app.kubernetes.io/name: {{ include "srm.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +MongoDB labels +*/}} +{{- define "srm.mongodb.labels" -}} +helm.sh/chart: {{ include "srm.chart" . }} +{{ include "srm.mongodb.selectorLabels" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +MongoDB selector labels +*/}} +{{- define "srm.mongodb.selectorLabels" -}} +app.kubernetes.io/name: {{ .Values.mongodb.name }} +app.kubernetes.io/instance: {{ .Release.Name }} +io.kompose.service: {{ .Values.mongodb.name }} +{{- end }} + +{{/* +SRM Controller labels +*/}} +{{- define "srm.controller.labels" -}} +helm.sh/chart: {{ include "srm.chart" . }} +{{ include "srm.controller.selectorLabels" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +SRM Controller selector labels +*/}} +{{- define "srm.controller.selectorLabels" -}} +app.kubernetes.io/name: {{ .Values.srmcontroller.name }} +app.kubernetes.io/instance: {{ .Release.Name }} +io.kompose.service: {{ .Values.srmcontroller.name }} +{{- end }} + +{{/* +Artifact Manager labels +*/}} +{{- define "srm.artifactmanager.labels" -}} +helm.sh/chart: {{ include "srm.chart" . }} +{{ include "srm.artifactmanager.selectorLabels" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Artifact Manager selector labels +*/}} +{{- define "srm.artifactmanager.selectorLabels" -}} +app: {{ .Values.artifactManager.name }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Return the proper namespace +*/}} +{{- define "srm.namespace" -}} +{{- default .Release.Namespace .Values.global.namespace }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/srm/templates/artifactmanager-deployment.yaml b/helm/oop-platform-chart/charts/srm/templates/artifactmanager-deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..2479d26b02839ee5c0f77abc24882833509794e1 --- /dev/null +++ b/helm/oop-platform-chart/charts/srm/templates/artifactmanager-deployment.yaml @@ -0,0 +1,34 @@ +{{- if .Values.artifactManager.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.artifactManager.name }} + namespace: {{ include "srm.namespace" . }} + labels: + {{- include "srm.artifactmanager.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.artifactManager.replicaCount }} + selector: + matchLabels: + {{- include "srm.artifactmanager.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "srm.artifactmanager.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: {{ .Values.artifactManager.name }} + image: "{{ .Values.artifactManager.image.repository }}:{{ .Values.artifactManager.image.tag }}" + imagePullPolicy: {{ .Values.artifactManager.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.artifactManager.service.targetPort }} + protocol: TCP + env: + - name: PYTHONPATH + value: {{ .Values.artifactManager.env.pythonPath | quote }} + {{- with .Values.artifactManager.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/srm/templates/artifactmanager-service.yaml b/helm/oop-platform-chart/charts/srm/templates/artifactmanager-service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..438d8fbab30f04141e2ebc6d5e35fc9e6bf0ba32 --- /dev/null +++ b/helm/oop-platform-chart/charts/srm/templates/artifactmanager-service.yaml @@ -0,0 +1,21 @@ +{{- if .Values.artifactManager.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.artifactManager.service.name }} + namespace: {{ include "srm.namespace" . }} + labels: + {{- include "srm.artifactmanager.labels" . | nindent 4 }} +spec: + type: {{ .Values.artifactManager.service.type }} + ports: + - name: http + protocol: TCP + port: {{ .Values.artifactManager.service.port }} + targetPort: {{ .Values.artifactManager.service.targetPort }} + {{- if and (eq .Values.artifactManager.service.type "NodePort") .Values.artifactManager.service.nodePort }} + nodePort: {{ .Values.artifactManager.service.nodePort }} + {{- end }} + selector: + {{- include "srm.artifactmanager.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/srm/templates/mongodb-deployment.yaml b/helm/oop-platform-chart/charts/srm/templates/mongodb-deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b6113e3a1516ba3bbfc768d24a2c918ae682e0eb --- /dev/null +++ b/helm/oop-platform-chart/charts/srm/templates/mongodb-deployment.yaml @@ -0,0 +1,53 @@ +{{- if .Values.mongodb.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.mongodb.name }} + namespace: {{ include "srm.namespace" . }} + labels: + {{- include "srm.mongodb.labels" . | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "srm.mongodb.selectorLabels" . | nindent 6 }} + strategy: + type: Recreate + template: + metadata: + labels: + {{- include "srm.mongodb.selectorLabels" . | nindent 8 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - name: {{ .Values.mongodb.name }} + image: "{{ .Values.mongodb.image.repository }}:{{ .Values.mongodb.image.tag }}" + imagePullPolicy: {{ .Values.mongodb.image.pullPolicy }} + ports: + - name: mongodb + containerPort: {{ .Values.mongodb.service.port }} + protocol: TCP + {{- with .Values.mongodb.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.mongodb.persistence.enabled }} + volumeMounts: + - name: mongo-db + mountPath: /data/db + {{- end }} + restartPolicy: Always + {{- if .Values.mongodb.persistence.enabled }} + volumes: + - name: mongo-db + persistentVolumeClaim: + claimName: mongo-db + {{- end }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/srm/templates/mongodb-pv.yaml b/helm/oop-platform-chart/charts/srm/templates/mongodb-pv.yaml new file mode 100644 index 0000000000000000000000000000000000000000..bd273dd4156f3c8ca58fd8993335dc6d6a4f4789 --- /dev/null +++ b/helm/oop-platform-chart/charts/srm/templates/mongodb-pv.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.mongodb.enabled .Values.mongodb.persistence.enabled .Values.mongodb.persistence.createPV }} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: mongodb-pv-volume + namespace: {{ include "srm.namespace" . }} + labels: + type: local + app: {{ .Values.mongodb.name }} + {{- include "srm.mongodb.labels" . | nindent 4 }} +spec: + storageClassName: {{ .Values.mongodb.persistence.storageClass }} + capacity: + storage: {{ .Values.mongodb.persistence.size }} + accessModes: + - {{ .Values.mongodb.persistence.accessMode }} + {{- if .Values.mongodb.persistence.hostPath.enabled }} + hostPath: + path: {{ .Values.mongodb.persistence.hostPath.path | quote }} + {{- end }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/srm/templates/mongodb-pvc.yaml b/helm/oop-platform-chart/charts/srm/templates/mongodb-pvc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..357d25a5d454db90c1ec0a7e8df6cb952cd5f8e0 --- /dev/null +++ b/helm/oop-platform-chart/charts/srm/templates/mongodb-pvc.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.mongodb.enabled .Values.mongodb.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mongo-db + namespace: {{ include "srm.namespace" . }} + labels: + io.kompose.service: mongo-db + {{- include "srm.mongodb.labels" . | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + storageClassName: {{ .Values.mongodb.persistence.storageClass }} + accessModes: + - {{ .Values.mongodb.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.mongodb.persistence.size }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/srm/templates/mongodb-service.yaml b/helm/oop-platform-chart/charts/srm/templates/mongodb-service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..2860c3f5b29cae94bb933e0c2b622bb00b7ce4fc --- /dev/null +++ b/helm/oop-platform-chart/charts/srm/templates/mongodb-service.yaml @@ -0,0 +1,22 @@ +{{- if .Values.mongodb.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.mongodb.name }} + namespace: {{ include "srm.namespace" . }} + labels: + {{- include "srm.mongodb.labels" . | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.mongodb.service.type }} + ports: + - name: mongodb + port: {{ .Values.mongodb.service.port }} + targetPort: {{ .Values.mongodb.service.port }} + protocol: TCP + selector: + {{- include "srm.mongodb.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/srm/templates/srmcontroller-deployment.yaml b/helm/oop-platform-chart/charts/srm/templates/srmcontroller-deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..611ea9367508509fcdb0c5e1c2949f8de45af049 --- /dev/null +++ b/helm/oop-platform-chart/charts/srm/templates/srmcontroller-deployment.yaml @@ -0,0 +1,82 @@ +{{- if .Values.srmcontroller.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.srmcontroller.name }} + namespace: {{ include "srm.namespace" . }} + labels: + {{- include "srm.controller.labels" . | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.srmcontroller.replicaCount }} + selector: + matchLabels: + {{- include "srm.controller.selectorLabels" . | nindent 6 }} + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + labels: + {{- include "srm.controller.selectorLabels" . | nindent 8 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - name: {{ .Values.srmcontroller.name }} + image: "{{ .Values.srmcontroller.image.repository }}:{{ .Values.srmcontroller.image.tag }}" + imagePullPolicy: {{ .Values.srmcontroller.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.srmcontroller.service.targetPort }} + protocol: TCP + env: + - name: KUBERNETES_MASTER_IP + value: {{ .Values.srmcontroller.env.kubernetesMasterIp | quote }} + - name: KUBERNETES_MASTER_PORT + value: {{ .Values.srmcontroller.env.kubernetesMasterPort | quote }} + - name: KUBERNETES_USERNAME + value: {{ .Values.srmcontroller.env.kubernetesUsername | quote }} + - name: K8S_NAMESPACE + value: {{ .Values.srmcontroller.env.k8sNamespace | quote }} + - name: EMP_STORAGE_URI + value: {{ .Values.srmcontroller.env.empStorageUri | quote }} + - name: KUBERNETES_MASTER_TOKEN + value: {{ .Values.srmcontroller.env.kubernetesMasterToken | quote }} + - name: ARTIFACT_MANAGER_ADDRESS + value: {{ .Values.srmcontroller.env.artifactManagerAddress | quote }} + - name: EDGE_CLOUD_ADAPTER_NAME + value: {{ .Values.srmcontroller.env.edgeCloudAdapterName | quote }} + - name: ADAPTER_BASE_URL + value: {{ .Values.srmcontroller.env.adapterBaseUrl | quote }} + - name: PLATFORM_PROVIDER + value: {{ .Values.srmcontroller.env.platformProvider | quote }} + {{- with .Values.srmcontroller.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + # livenessProbe: + # httpGet: + # path: / + # port: http + # initialDelaySeconds: 60 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 3 + # readinessProbe: + # httpGet: + # path: / + # port: http + # initialDelaySeconds: 30 + # periodSeconds: 5 + # timeoutSeconds: 3 + # failureThreshold: 3 + restartPolicy: Always +{{- end }} diff --git a/helm/oop-platform-chart/charts/srm/templates/srmcontroller-service.yaml b/helm/oop-platform-chart/charts/srm/templates/srmcontroller-service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a8acd829e997fbd6dcfb60f38f85c94080436e80 --- /dev/null +++ b/helm/oop-platform-chart/charts/srm/templates/srmcontroller-service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.srmcontroller.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.srmcontroller.service.name }} + namespace: {{ include "srm.namespace" . }} + labels: + io.kompose.service: srm + {{- include "srm.controller.labels" . | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.srmcontroller.service.type }} + ports: + - name: http + port: {{ .Values.srmcontroller.service.port }} + targetPort: {{ .Values.srmcontroller.service.targetPort }} + protocol: TCP + {{- if and (eq .Values.srmcontroller.service.type "NodePort") .Values.srmcontroller.service.nodePort }} + nodePort: {{ .Values.srmcontroller.service.nodePort }} + {{- end }} + selector: + {{- include "srm.controller.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/helm/oop-platform-chart/charts/srm/values.yaml b/helm/oop-platform-chart/charts/srm/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..1d7fccbc77a7dd9b7277d6792cd1ee23f8259e47 --- /dev/null +++ b/helm/oop-platform-chart/charts/srm/values.yaml @@ -0,0 +1,126 @@ +# Global settings +global: + namespace: oop + +# MongoDB configuration for SRM +mongodb: + enabled: true + name: mongosrm + image: + repository: mongo + tag: latest + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 27017 + + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 250m + memory: 256Mi + + # Persistence configuration + persistence: + enabled: true + storageClass: manual + accessMode: ReadWriteOnce + size: 200Mi + # For hostPath (MicroK8s local storage) + hostPath: + enabled: true + path: /mnt/data/mongodb_srm + createPV: true + +# SRM Controller configuration +srmcontroller: + enabled: true + name: srmcontroller + replicaCount: 1 + + image: + repository: ghcr.io/sunriseopenoperatorplatform/srm/srm + tag: 1.0.1 + pullPolicy: Always + + service: + name: srm + type: NodePort # NodePort for easy testing on MicroK8s + port: 8080 + targetPort: 8080 + nodePort: 32415 # Fixed port for testing + + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 500m + memory: 512Mi + + # Environment variables for SRM + env: + kubernetesMasterIp: k3d-sunriseop-server-0 + kubernetesMasterPort: "6443" + kubernetesUsername: cluster-admin + k8sNamespace: test + empStorageUri: "mongodb://mongosrm:27017" + # IMPORTANT: Replace this token with your actual cluster token + kubernetesMasterToken: "eyJhbGciOiJSUzI1NiIsImtpZCI6Img4UWI1cDR5MzRlV1FzZ0dsTTdIYmdwa1RKVlQ5aWZtSjJ3M2V2Q1RqazgifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiLCJrM3MiXSwiZXhwIjoxNzg0NjQyNjMwLCJpYXQiOjE3NTMxMDY2MzAsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwianRpIjoiNWU4MDc0NDYtYmMzYy00OTI1LThhNWMtNjUxODQ2YWQ1ZGVmIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJzdW5yaXNlNmciLCJzZXJ2aWNlYWNjb3VudCI6eyJuYW1lIjoic3VucmlzZS11c2VyIiwidWlkIjoiODFhMzAyNmQtYjcxMS00ZDJiLWEwYzktYjUwNmIwZjMwZTQyIn19LCJuYmYiOjE3NTMxMDY2MzAsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpzdW5yaXNlNmc6c3VucmlzZS11c2VyIn0.c6EbyUuXhCp6M1qkte7nGLFI8fDvWNPvMo0X3HIAq26pezXKEpTAafbHdGgk5o37zdgFW5RU6y6eduzdA65G8FXmHfGWIn_3h5EUvlg7ZGz-Pxl4rXehidlN-7ct8Kb9qChoIocdQWOEpCSuBTb1dS5Opc6DAXTchDkSDKoRLys4F7gu8_0djmwbDNh-17xrdeFMP76qUnBANCv3xCMzFUmYyJIj4P3ZAju7ru6xVjJOi9CveeFfuQZpYXIt_1H3zKe9zxHma5G3d6zmsfsrbfPSGXazuphC98O4M8xAJvvbRAx56tpdFs6y-BgMyEBffPxpRCW0FU3Ey8idSUK-WQ" + artifactManagerAddress: "http://artefact-manager-service:8000" + edgeCloudAdapterName: kubernetes + adapterBaseUrl: k3d-sunriseop-server-0 + platformProvider: ISI + +# Artifact Manager configuration (can be deployed with SRM or separately) +artifactManager: + enabled: true + name: artefact-manager + replicaCount: 1 + + image: + repository: ghcr.io/sunriseopenoperatorplatform/artefactmanager + tag: "0.5" + pullPolicy: IfNotPresent + + service: + name: artefact-manager-service + type: NodePort + port: 8000 + targetPort: 8000 + nodePort: 30080 # Fixed port for testing + + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 250m + memory: 256Mi + + env: + pythonPath: "/app" + +# Ingress configuration (DISABLED by default for NodePort testing) +ingress: + enabled: false + className: traefik + annotations: {} + host: isiath.duckdns.org + paths: + - path: /srm + pathType: Prefix + serviceName: srm + servicePort: 8080 + tls: + enabled: false + secretName: srm-tls + +# Common labels and annotations +commonLabels: {} +commonAnnotations: + kompose.cmd: kompose convert + kompose.version: 1.26.0 (40646f47) diff --git a/helm/oop-platform-chart/deploy.sh b/helm/oop-platform-chart/deploy.sh new file mode 100644 index 0000000000000000000000000000000000000000..5eae5510fcee6d00079d59305063c0fd323a4542 --- /dev/null +++ b/helm/oop-platform-chart/deploy.sh @@ -0,0 +1,56 @@ +#!/bin/bash +set -e + +echo "Open Operator Platform Deployment (Multi-Release Mode)" +echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + +# Namespaces +OOP_NS="oop" +FM_NS="federation-manager" + +# Release names +OOP_RELEASE="oop-platform" +FM_RELEASE="federation-manager" + +echo "" +echo " Step 1/5: Creating namespaces..." +kubectl create namespace $OOP_NS 2>/dev/null || echo " Namespace $OOP_NS already exists" +kubectl create namespace $FM_NS 2>/dev/null || echo " Namespace $FM_NS already exists" + +echo "" +echo "Step 2/5: Creating OOP service account..." +kubectl create serviceaccount oop-user -n $OOP_NS 2>/dev/null || echo " Service account exists" +kubectl create clusterrolebinding oop-user-binding \ + --clusterrole=cluster-admin \ + --serviceaccount=$OOP_NS:oop-user \ + 2>/dev/null || echo " Binding exists" + +TOKEN=$(kubectl -n $OOP_NS create token oop-user) + +echo "" +echo "Updating values.yaml with token..." +sed -i "s|kubernetesMasterToken:.*|kubernetesMasterToken: \"$TOKEN\"|g" values.yaml + +echo "" +echo "Step 3/5: Deploying SRM + OEG..." +helm install $OOP_RELEASE . \ + -n $OOP_NS \ + --create-namespace \ + --set federationManager.enabled=false + +echo "" +echo "Step 4/5: Deploying Federation Manager..." +helm install $FM_RELEASE ./charts/federation-manager \ + -n $FM_NS \ + --create-namespace \ + --set createNamespace=true + +echo "" +echo "Deployment completed!" +echo "" +echo " SRM + OEG in namespace: $OOP_NS" +echo " Federation Manager in: $FM_NS" +echo "" +echo "Check pods:" +echo " kubectl get pods -n $OOP_NS" +echo " kubectl get pods -n $FM_NS" diff --git a/helm/oop-platform-chart/output.txt b/helm/oop-platform-chart/output.txt new file mode 100644 index 0000000000000000000000000000000000000000..ea9edeed5d0306e6734403e1159072087519bbce --- /dev/null +++ b/helm/oop-platform-chart/output.txt @@ -0,0 +1,109 @@ +kind: Service +metadata: + name: oegmongo + namespace: oop + labels: + helm.sh/chart: oeg-1.0.0 + app.kubernetes.io/name: oegmongo + app.kubernetes.io/instance: oop-platform + io.kompose.service: oegmongo + app.kubernetes.io/managed-by: Helm + annotations: + component: oeg + kompose.cmd: kompose convert + kompose.version: 1.26.0 (40646f47) + platform: Open Operator Platform +spec: + type: ClusterIP + ports: + - name: mongodb + port: 27017 + targetPort: 27017 +-- +kind: Service +metadata: + name: oeg + namespace: oop + labels: + helm.sh/chart: oeg-1.0.0 + app.kubernetes.io/name: oegcontroller + app.kubernetes.io/instance: oop-platform + io.kompose.service: oegcontroller + app.kubernetes.io/managed-by: Helm + annotations: + component: oeg + kompose.cmd: kompose convert + kompose.version: 1.26.0 (40646f47) + platform: Open Operator Platform +spec: + type: NodePort + ports: + - name: http + port: 80 + targetPort: 8080 +-- +kind: Service +metadata: + name: artefact-manager-service + namespace: oop + labels: + helm.sh/chart: srm-1.0.0 + app: artefact-manager + app.kubernetes.io/instance: oop-platform + app.kubernetes.io/managed-by: Helm +spec: + type: NodePort + ports: + - name: http + protocol: TCP + port: 8000 + targetPort: 8000 + nodePort: 30080 + selector: + app: artefact-manager + app.kubernetes.io/instance: oop-platform +--- +-- +kind: Service +metadata: + name: mongosrm + namespace: oop + labels: + helm.sh/chart: srm-1.0.0 + app.kubernetes.io/name: mongosrm + app.kubernetes.io/instance: oop-platform + io.kompose.service: mongosrm + app.kubernetes.io/managed-by: Helm + annotations: + component: srm + kompose.cmd: kompose convert + kompose.version: 1.26.0 (40646f47) + platform: Open Operator Platform +spec: + type: ClusterIP + ports: + - name: mongodb + port: 27017 + targetPort: 27017 +-- +kind: Service +metadata: + name: srm + namespace: oop + labels: + io.kompose.service: srm + helm.sh/chart: srm-1.0.0 + app.kubernetes.io/name: srmcontroller + app.kubernetes.io/instance: oop-platform + io.kompose.service: srmcontroller + app.kubernetes.io/managed-by: Helm + annotations: + component: srm + kompose.cmd: kompose convert + kompose.version: 1.26.0 (40646f47) + platform: Open Operator Platform +spec: + type: NodePort + ports: + - name: http + port: 8080 diff --git a/helm/oop-platform-chart/values.yaml b/helm/oop-platform-chart/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..260206f8be026ee5c2cd81ee6343dfbbc9fbf354 --- /dev/null +++ b/helm/oop-platform-chart/values.yaml @@ -0,0 +1,188 @@ +# ==================================================================== +# Open Operator Platform (OOP) - Unified Configuration +# ==================================================================== + +global: + namespace: oop + labels: + platform: oop + version: "1.0.0" + +# ==================================================================== +# SRM +# ==================================================================== +srm: + enabled: true + global: + namespace: oop + + mongodb: + enabled: true + name: mongosrm + image: + repository: mongo + tag: latest + pullPolicy: IfNotPresent + service: + type: ClusterIP + port: 27017 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 250m + memory: 256Mi + persistence: + enabled: true + accessMode: ReadWriteOnce + size: 200Mi + storageClass: manual + hostPath: + enabled: true + path: /mnt/data/mongodb_srm + createPV: true + + srmcontroller: + enabled: true + name: srmcontroller + replicaCount: 1 + image: + repository: ghcr.io/sunriseopenoperatorplatform/srm/srm + tag: 1.0.1 + pullPolicy: Always + service: + name: srm + type: NodePort + port: 8080 + targetPort: 8080 + nodePort: 32415 + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 500m + memory: 512Mi + env: + empStorageUri: "mongodb://mongosrm:27017" + artifactManagerAddress: "http://artefact-manager-service:8000" + kubernetesMasterIp: "kubernetes.default.svc.cluster.local" + kubernetesMasterPort: "443" + kubernetesUsername: admin + k8sNamespace: oop + kubernetesMasterToken: "eyJhbGciOiJSUzI1NiIsImtpZCI6ImZYQVZEd2FIc1duTElPN3VPZGZ2aV9LYlRQM2tIZGFENjdBZ3BPMjlBbXcifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzY0MDYzMzc2LCJpYXQiOjE3NjQwNTk3NzYsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwianRpIjoiYTBjYjUzZTgtNTUzMS00OWQwLThjZjMtZTkwZWNhNDZlYjBlIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJvb3AiLCJzZXJ2aWNlYWNjb3VudCI6eyJuYW1lIjoib29wLXVzZXIiLCJ1aWQiOiJlNTY5ZmE1Yy04YWQ5LTQwMzctYTIwNy01OGVhODRkOWM5MDAifX0sIm5iZiI6MTc2NDA1OTc3Niwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Om9vcDpvb3AtdXNlciJ9.P7rLBNQxnM9nI1gdijHSk0PcVZq803Wt9gmcZwTCX89jDrOmjDUxT3tvWEQtyYdKkL6G6nLAHfsHbZxOtIGEqGf6hiKKa0A2iC7PkncR89euir8CJiPdHk38Gg1Uges1MYphZ2QISbab-yLbnA91c0kYB2kPKeYraKSsqsURuV219n-QTK4SRX5AuAM75m_azcAFQzxcI4o09wQUBLIZm8C3tBYhDwW8vPQJyMMnmgFJj5htBQRuFettAE2NnDdRRyhCcwaARbfxH3YgIDj8gm1WEpVF2vW_5-OuBhSlmDHK3cHT8vegSUmd_tV3sJy9Q6C1koe-lZJJ1PcvPW_eRQ" + edgeCloudAdapterName: kubernetes + adapterBaseUrl: "kubernetes.default.svc.cluster.local" + platformProvider: "Local" + + artifactManager: + enabled: true + name: artefact-manager + replicaCount: 1 + image: + repository: ghcr.io/sunriseopenoperatorplatform/artefactmanager + tag: "0.5" + pullPolicy: IfNotPresent + service: + name: artefact-manager-service + type: NodePort + port: 8000 + targetPort: 8000 + nodePort: 30080 + +# ==================================================================== +# OEG +# ==================================================================== +oeg: + enabled: true + global: + namespace: oop + + mongodb: + enabled: true + name: oegmongo + image: + repository: mongo + tag: latest + pullPolicy: IfNotPresent + service: + type: ClusterIP + port: 27017 + persistence: + enabled: true + accessMode: ReadWriteOnce + size: 50Mi + storageClass: manual + hostPath: + enabled: true + path: /mnt/data/mongodb_oeg + createPV: true + + oegcontroller: + enabled: true + name: oegcontroller + replicaCount: 1 + image: + repository: ghcr.io/sunriseopenoperatorplatform/oeg/oeg + tag: 1.0.1 + pullPolicy: Always + service: + name: oeg + type: NodePort + port: 80 + targetPort: 8080 + nodePort: 32263 + env: + mongoUri: "mongodb://oegmongo:27017" + srmHost: "http://srm:8080/srm/1.0.0" + federationManagerHost: "http://federation-manager:8989/api/v1" + +# ==================================================================== +# Federation Manager — OWN NAMESPACE +# ==================================================================== +federationManager: + enabled: true + global: + namespace: federation-manager + + # --- MongoDB FOR FM (THIS WAS MISSING!) + mongodb: + enabled: true + name: mongodb + image: + repository: mongo + tag: latest + service: + type: ClusterIP + port: 27017 + persistence: + enabled: true + accessMode: ReadWriteOnce + size: 1Gi + storageClass: "mongodb-fm-storage" + hostPath: + enabled: true + path: /mnt/data/mongodb_fm + + keycloak: + enabled: true + admin: + username: admin + password: admin + service: + nodePort: 30081 + + fm: + enabled: true + service: + nodePort: 30989 + config: + mongodb: + host: "mongodb" + port: "27017" + partner_op: + role: originating_op + + openvpn: + enabled: false diff --git a/helm/oop-platform-chart/values.yaml.backup b/helm/oop-platform-chart/values.yaml.backup new file mode 100644 index 0000000000000000000000000000000000000000..0fe2f1d71e36b595110a0bc63dbb1bb23b34791d --- /dev/null +++ b/helm/oop-platform-chart/values.yaml.backup @@ -0,0 +1,299 @@ +# ==================================================================== +# Open Operator Platform (OOP) - Unified Configuration +# ==================================================================== +# +# This chart deploys the complete Open Operator Platform including: +# - SRM (Service Resource Manager) +# - OEG (Open Exposure Gateway) +# - Federation Manager (to be added) +# +# ==================================================================== + +# Global settings applied to all components +global: + # Namespace for all OOP components + namespace: oop + + # Common labels applied to all resources + labels: + platform: oop + version: "1.0.0" + +# ==================================================================== +# SRM (Service Resource Manager) +# ==================================================================== +srm: + # Enable/disable SRM deployment + enabled: true + + # Inherit global namespace + global: + namespace: oop + + # MongoDB for SRM + mongodb: + enabled: true + name: mongosrm + + image: + repository: mongo + tag: latest + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 27017 + + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 250m + memory: 256Mi + + persistence: + enabled: true + storageClass: manual + accessMode: ReadWriteOnce + size: 200Mi + hostPath: + enabled: true + path: /mnt/data/mongodb_srm + createPV: true + + # SRM Controller + srmcontroller: + enabled: true + name: srmcontroller + replicaCount: 1 + + image: + repository: ghcr.io/sunriseopenoperatorplatform/srm/srm + tag: 1.0.1 + pullPolicy: Always + + service: + name: srm + type: NodePort + port: 8080 + targetPort: 8080 + nodePort: 32415 + + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 500m + memory: 512Mi + + # SRM Environment Configuration + env: + # Kubernetes API configuration + kubernetesMasterIp: "kubernetes.default.svc.cluster.local" + kubernetesMasterPort: "443" + kubernetesUsername: admin + k8sNamespace: oop + + # MongoDB connection + empStorageUri: "mongodb://mongosrm:27017" + + # ⚠️ IMPORTANT: Update this with your actual token + kubernetesMasterToken: "eyJhbGciOiJSUzI1NiIsImtpZCI6IkRBY1JqMzFqUUxhWG43VUtQeGNPajBjOS1qQkphR2FYN0wyMFZ5UWEyRzAifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoyMDc4OTA5MjMyLCJpYXQiOjE3NjM1NDkyMzIsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwianRpIjoiYWIwNTNhYmYtYzcwOC00N2NiLThhZWMtYzY2OTQwZmM5M2MzIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJvb3AiLCJzZXJ2aWNlYWNjb3VudCI6eyJuYW1lIjoib29wLXVzZXIiLCJ1aWQiOiI3Y2NjOTc0NC05NmY0LTQ1YWItODBiNC0wZTc3Nzk3YWE4NTYifX0sIm5iZiI6MTc2MzU0OTIzMiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Om9vcDpvb3AtdXNlciJ9.kUG_NGfvm30VdrY71Bt-hYacm43JPtdU9HqsG7wAKpdhpfaAkl_KbpXLcmd7JuimdY6HW8PK3ysB3jVirtOX1AEErKaTmu4S9QTK7uNWisOZtp8f-jhWCj18AYNuB9gG1_U1LhGj4WB5jwDp-maX9G1Ea236ZAgRamyOs-RAQ0_XAAX9xfwfG7z31XqfORnpJ73s8GICBri91YQCDNotozcAj9dEsDN_sdSoHrxjVu4WtExtdrvYbDOv6SoYnJpEoqcWG-_PWEmX2SR262QO9DO2yAhDeP-35aYk5tQXF6JEJ6_bvtvJAIAwLuN_fIKYwrUPkvQ_51rjIYr4Ch5CAw" + + # Service endpoints + artifactManagerAddress: "http://artefact-manager-service:8000" + + # Adapter configuration + edgeCloudAdapterName: kubernetes + adapterBaseUrl: "kubernetes.default.svc.cluster.local" + + # Platform identification + platformProvider: "Open Operator Platform" + + # Artifact Manager + artifactManager: + enabled: true + name: artefact-manager + replicaCount: 1 + + image: + repository: ghcr.io/sunriseopenoperatorplatform/artefactmanager + tag: "0.5" + pullPolicy: IfNotPresent + + service: + name: artefact-manager-service + type: NodePort + port: 8000 + targetPort: 8000 + nodePort: 30080 + + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 250m + memory: 256Mi + + env: + pythonPath: "/app" + + # Common annotations + commonAnnotations: + platform: "Open Operator Platform" + component: "srm" + +# ==================================================================== +# OEG (Open Exposure Gateway) +# ==================================================================== +oeg: + # Enable/disable OEG deployment + enabled: true + + # Inherit global namespace + global: + namespace: oop + + # MongoDB for OEG + mongodb: + enabled: true + name: oegmongo + + image: + repository: mongo + tag: latest + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 27017 + + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 250m + memory: 256Mi + + persistence: + enabled: true + storageClass: manual + accessMode: ReadWriteOnce + size: 50Mi + hostPath: + enabled: true + path: /mnt/data/mongodb_oeg + createPV: true + + # OEG Controller + oegcontroller: + enabled: true + name: oegcontroller + replicaCount: 1 + + image: + repository: ghcr.io/sunriseopenoperatorplatform/oeg/oeg + tag: 1.0.1 + pullPolicy: Always + + service: + name: oeg + type: NodePort + port: 80 + targetPort: 8080 + nodePort: 32263 + + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 500m + memory: 512Mi + + # OEG Environment Configuration + env: + # MongoDB connection + mongoUri: "mongodb://oegmongo:27017" + + # SRM connection + srmHost: "http://srm:8080/srm/1.0.0" + + # Federation Manager connection (will be updated when FM is added) + federationManagerHost: "http://federation-manager:8080/api/v1" + + # Ingress configuration (disabled by default) + ingress: + enabled: false + className: traefik + host: oop.example.com + path: /oeg + pathType: Prefix + + # Common annotations + commonAnnotations: + platform: "Open Operator Platform" + component: "oeg" + +# ==================================================================== +# Federation Manager +# ==================================================================== +# NOTE: Federation Manager deploys to its OWN namespace (federation-manager) +# This is separate from the OOP platform namespace for security isolation +# ==================================================================== +federationManager: + enabled: true + createNamespace: false + # Federation Manager uses its own namespace + global: + namespace: federation-manager + + # Keycloak Configuration + keycloak: + enabled: true + service: + nodePort: 30081 + + # Default admin credentials (change in production!) + admin: + username: admin + password: admin + + # Federation Manager Configuration + federationManager: + enabled: true + service: + nodePort: 30989 + + config: + mongodb: + # Connect to MongoDB in oop namespace (cross-namespace access) + host: "mongosrm.oop.svc.cluster.local" + port: "27017" + + op_data: + partnerOPFederationId: "oop-platform" + partnerOPCountryCode: "GR" # Update to your country + # ... other settings can be customized + + # OpenVPN sidecar (disabled by default) + openvpn: + enabled: false + +# ==================================================================== +# Common Labels +# ==================================================================== +commonLabels: + platform: oop + managed-by: helm + +# ==================================================================== +# Common Annotations +# ==================================================================== +commonAnnotations: + platform: "Open Operator Platform" + version: "1.0.0"