fix: updated doc after retest (e8be70dc) · Commits · OSL / code / org.etsi.osl.main

kubernetes/helm/README.md

+57 −133

Original line number	Diff line number	Diff line
		@@ -273,62 +273,67 @@ helm install myopenslice . --namespace openslice --create-namespace

		In a Kubernetes environment, you can monitor the status of your deployments and containers using `kubectl`, the Kubernetes command-line tool, which provides powerful capabilities for inspecting the state of resources in your cluster.


		## Post installation steps

		After the successful deployment of OpenSlice, to ensure the E2E user experience, this section is mandatory. It contains crucial configuration in regard of authentication and user creation.

		### Checking the Status of your application's deployment

		To check the status of your deployment, use the following commands. The output should be similar:

		```bash

		kubectl get pods -n openslice -o wide

		NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
		activemq-59d4bfdb4b-bvjqr 1/1 Running 0 109s 192.168.43.97 kc-2 <none> <none>
		bugzilla-client-7dd7cb47cb-8qb8m 1/1 Running 0 100s 192.168.12.114 kc-3 <none> <none>
		centrallog-95bbf7867-k8fpt 1/1 Running 0 100s 192.168.12.107 kc-3 <none> <none>
		keycloak-7c5b6bbc95-k2qfl 1/1 Running 0 105s 192.168.12.106 kc-3 <none> <none>
		manoclient-95f68f4c9-c9t6r 1/1 Running 0 104s 192.168.12.113 kc-3 <none> <none>
		mysql-portal-0 1/1 Running 0 107s 192.168.43.99 kc-2 <none> <none>
		osom-6d548cf555-q8ptj 1/1 Running 0 104s 192.168.43.93 kc-2 <none> <none>
		osportalapi-5fff744db8-5g4zs 1/1 Running 0 103s 192.168.43.98 kc-2 <none> <none>
		osscapi-6d68b54d97-jn8tz 0/1 Running 0 102s 192.168.12.104 kc-3 <none> <none>
		portalweb-8469d57df4-94tfj 1/1 Running 0 101s 192.168.48.44 kc-nfs <none> <none>
		tmfweb-868f7bb9c5-x4lfh 1/1 Running 0 102s 192.168.48.43 kc-nfs <none> <none>
		kubectl get pods -n openslice

		NAME READY UP-TO-DATE AVAILABLE AGE
		myopenslice-artemis 1/1 1 1 6m28s
		myopenslice-blockdiag 1/1 1 1 6m28s
		myopenslice-bugzilla 1/1 1 1 6m28s
		myopenslice-centrallog 1/1 1 1 6m28s
		myopenslice-cridge 1/1 1 1 6m28s
		myopenslice-keycloak 1/1 1 1 6m28s
		myopenslice-kroki 1/1 1 1 6m28s
		myopenslice-manoclient 1/1 1 1 6m28s
		myopenslice-oasapi 1/1 1 1 6m28s
		myopenslice-osom 1/1 1 1 6m28s
		myopenslice-osportalapi 1/1 1 1 6m28s
		myopenslice-osscapi 1/1 1 1 6m28s
		myopenslice-portalweb 1/1 1 1 6m28s
		myopenslice-tmfweb 1/1 1 1 6m28s
		```
		```bash
		kubectl get deployments -n openslice -o wide

		NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
		activemq 1/1 1 1 2m15s anactivemq webcenter/activemq:5.14.3 org.etsi.osl.service=activemq
		bugzilla-client 1/1 1 1 2m6s bugzilla-client openslice/org.etsi.osl.bugzilla:latest org.etsi.osl.service=bugzilla-client
		centrallog 1/1 1 1 2m6s centrallog openslice/org.etsi.osl.centrallog.service org.etsi.osl.service=centrallog
		keycloak 1/1 1 1 2m11s keycloak quay.io/keycloak/keycloak:11.0.3 org.etsi.osl.service=keycloak
		manoclient 1/1 1 1 2m10s manoclient openslice/org.etsi.osl.mano:latest org.etsi.osl.service=manoclient
		osom 1/1 1 1 2m10s openslice-osom openslice/org.etsi.osl.osom:latest org.etsi.osl.service=osom
		osportalapi 1/1 1 1 2m9s openslice-portalapi openslice/org.etsi.osl.portal.api:latest org.etsi.osl.service=osportalapi
		osscapi 1/1 1 1 2m8s openslice-scapi openslice/org.etsi.osl.tmf.api:latest org.etsi.osl.service=osscapi
		portalweb 1/1 1 1 2m7s openslice-portalweb openslice/org.etsi.osl.portal.web:latest org.etsi.osl.service=portalweb
		tmfweb 1/1 1 1 2m8s openslice-tmfweb openslice/org.etsi.osl.tmf.web:latest org.etsi.osl.service=tmfweb
		kubectl get deployments -n openslice

		NAME READY UP-TO-DATE AVAILABLE AGE
		myopenslice-artemis 1/1 1 1 7m17s
		myopenslice-blockdiag 1/1 1 1 7m17s
		myopenslice-bugzilla 1/1 1 1 7m17s
		myopenslice-centrallog 1/1 1 1 7m17s
		myopenslice-cridge 1/1 1 1 7m17s
		myopenslice-keycloak 1/1 1 1 7m17s
		myopenslice-kroki 1/1 1 1 7m17s
		myopenslice-manoclient 1/1 1 1 7m17s
		myopenslice-oasapi 1/1 1 1 7m17s
		myopenslice-osom 1/1 1 1 7m17s
		myopenslice-osportalapi 1/1 1 1 7m17s
		myopenslice-osscapi 1/1 1 1 7m17s
		myopenslice-portalweb 1/1 1 1 7m17s
		myopenslice-tmfweb 1/1 1 1 7m17s
		```
		```bash
		kubectl get services -n openslice -o wide

		NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
		activemq ClusterIP 10.111.160.120 <none> 8161/TCP,61616/TCP 2m22s org.etsi.osl.service=activemq
		bugzilla-client ClusterIP 10.101.43.28 <none> 13010/TCP 2m14s org.etsi.osl.service=bugzilla-client
		centrallog ClusterIP 10.109.15.151 <none> 13013/TCP 2m14s org.etsi.osl.service=centrallog
		keycloak ClusterIP 10.110.216.62 <none> 8080/TCP,8443/TCP 2m19s org.etsi.osl.service=keycloak
		manoclient ClusterIP 10.108.112.84 <none> 13011/TCP 2m18s org.etsi.osl.service=manoclient
		mysql-portal ClusterIP None <none> 3306/TCP 2m19s org.etsi.osl.service=mysql-portal
		osom ClusterIP 10.105.173.85 <none> 13100/TCP 2m18s org.etsi.osl.service=osom
		osportalapi ClusterIP 10.104.121.164 <none> 13000/TCP 2m17s org.etsi.osl.service=osportalapi
		osscapi ClusterIP 10.108.6.161 <none> 13082/TCP 2m16s org.etsi.osl.service=osscapi
		portalweb ClusterIP 10.97.126.98 <none> 80/TCP 2m15s org.etsi.osl.service=portalweb
		tmfweb ClusterIP 10.98.56.82 <none> 80/TCP 2m15s org.etsi.osl.service=tmfweb
		kubectl get services -n openslice

		NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
		myopenslice-artemis ClusterIP 10.101.128.223 <none> 8161/TCP,61616/TCP,61613/TCP 7m43s
		myopenslice-blockdiag ClusterIP 10.109.196.90 <none> 8001/TCP 7m43s
		myopenslice-bugzilla ClusterIP 10.107.10.101 <none> 13010/TCP 7m43s
		myopenslice-centrallog ClusterIP 10.109.84.33 <none> 13013/TCP 7m43s
		myopenslice-keycloak ClusterIP 10.104.172.73 <none> 8080/TCP,8443/TCP 7m43s
		myopenslice-kroki ClusterIP 10.106.92.111 <none> 8000/TCP 7m43s
		myopenslice-manoclient ClusterIP 10.100.143.154 <none> 13011/TCP 7m43s
		myopenslice-mysql ClusterIP 10.108.206.75 <none> 3306/TCP 7m43s
		myopenslice-oasapi ClusterIP 10.100.107.66 <none> 13101/TCP 7m43s
		myopenslice-osom ClusterIP 10.97.88.133 <none> 13100/TCP 7m43s
		myopenslice-osportalapi ClusterIP 10.111.212.76 <none> 13000/TCP 7m43s
		myopenslice-osscapi ClusterIP 10.101.84.220 <none> 13082/TCP 7m43s
		myopenslice-portalweb ClusterIP 10.101.16.112 <none> 80/TCP 7m43s
		myopenslice-tmfweb ClusterIP 10.101.157.185 <none> 80/TCP 7m43s
		```

		### Accessing Logs for Troubleshooting
		@@ -339,11 +344,15 @@ If a pod is not in the expected state, you can access its logs for troubleshooti
		kubectl logs <pod-name> -n openslice
		```

		## Post installation steps

		After the successful deployment of OpenSlice, to ensure the E2E user experience, this section is mandatory. It contains crucial configuration in regard of authentication and user creation.

		### Configure Keycloak server

		The Keycloack server is managing authentication and running on a container at port 8080. It is also proxied to your host via the ingress resource under http://<your-domain>/auth.
		The Keycloack server is managing authentication and running on a container at port 8080. It is also proxied to your host via the ingress resource under http://your-domain/auth.

		- Navigate to http://<your-domain>/auth/ or https://<your-domain>/auth/, (http://ipaddress:8080/auth/ or https://ipaddress:8443/auth/ which are directly accessible without proxy)
		- Navigate to http://your-domain/auth/ or https://your-domain/auth/, (http://ipaddress:8080/auth/ or https://ipaddress:8443/auth/ which are directly accessible without proxy)

		- Navigate to Administration Console

		@@ -390,91 +399,6 @@ This step is mandatory so as to access the OpenSlice Web UI. To add an OpenSlice

		> That user is different from the Keycloak admin user. It is required to login and browse the OpenSlice Web UI. The Role ADMIN guarantee full access through the OpenSlice UI, thus such a user is always required.

		*IMPORTANT: The following is not currently supported in Kubernetes installation.

		### Keycloak at localhost

		> This is an important step if you run Keycloak on localhost!

		1 - Edit your Hosts File, adding the line below

		```127.0.0.1 keycloak```

		Hosts File Location:

		- In Linux/Unix, the file's location is at /etc/hosts

		- In Windows, its location is at c:\Windows\System32\Drivers\etc\hosts

		2 - Replace http://localhost/auth/ with http://keycloak:8080/auth/ in your Keycloak config for AngularJS and Angular (see examples below).


		> Explanation

		Nginx uses the http://keycloak:8080 URL, which is accessible via the internal docker system's network.
		The Front-end (TS/Angular) shall also use the http://keycloak:8080.
		This way, you will not get the invalid token error, as the API is acquiring the token from http://keycloak:8080 (internally) and the Front-end is getting verified by an issuer at the same URL, as well.



		2.1 - For the Angular configuration (TMF portal UI), navigate to org.etsi.osl.tmf.web/src/assets/config and edit config.prod.json

		```bash
		# Starting from the root project directory
		cd org.etsi.osl.tmf.web/src/assets/config
		```

		```bash
		nano config.prod.json
		```

		After editing, the displayed properties should look like the example below:

		```yaml
		{
		"OAUTH_CONFIG" : {
		"issuer": "http://keycloak:8080/auth/realms/openslice",
		"loginUrl": "http://keycloak:8080/auth/realms/openslice/protocol/openid-connect/auth",
		"tokenEndpoint": "http://keycloak:8080/auth/realms/openslice/protocol/openid-connect/token",
		"userinfoEndpoint": "http://keycloak:8080/auth/realms/openslice/protocol/openid-connect/userinfo",
		"redirectUri": "{BASEURL}/redirect",
		"logoutUrl": "http://keycloak:8080/auth/realms/openslice/protocol/openid-connect/logout",
		"postLogoutRedirectUri": "{BASEURL}"
		}
		}
		```

		> Note the difference in changing {BASEURL} -> http://keycloak:8080

		> If you want the changes to take place immediately without rebuilding the project, then repeat the process for org.etsi.osl.tmf.web/dist/org.etsi.osl.tmf.web/assets/config/config.prod.json

		2.2 - For the AngularJS configuration (NVF portal UI), navigate to org.etsi.osl.portal.web/src/js and edit config.js

		```bash
		# Starting from the root project directory
		cd org.etsi.osl.portal.web/src/js
		```

		```bash
		nano config.js
		```

		After editing, the displayed properties should look like the example below:

		```
		var appConfig = angular.module('portalwebapp.config',[]);


		appConfig.factory('APIEndPointService', function() {
		return {
		APIOAUTHURL: "http://keycloak:8080/auth/realms/openslice",
		};
		});
		```

		> Note the difference in "APIOAUTHURL" property, changing ROOTURL -> http://keycloak:8080


		### NFV Orchestrator Configuration

		After successfully deploying and configuring OpenSlice, you may configure its environment (e.g. the NFVO) that will facilitate the deployment of NFV artifacts.