Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction

This tutorial is going to explain how to setup a local Kubernetes cluster and minimal helm setup to run and deploy SDC (but can be extended to several/all ONAP components) on a single host.

...

  • Install/remove Microk8s with appropriate version
  • Install/remove Helm with appropriate version
  • Tweak Microk8s
  • Download oom repo
  • Install the needed Helm plugins
  • Install ChartMuseum as a local helm repo
  • Install docker (now needed to build oom charts)
  • Build all oom charts and store them in the chart repo
  • Tweak oom override file to fine tune deployment based on your VM capacity and component needs
  • Deploy/Undeploy charts
  • Enable local UI access
  • Full Deployment Override on a single VM
  • Run testsuites

1) Install/Upgrade Microk8s with appropriate version

...

2) it is not using docker as the container runtime, it's using containerd, it's not an issue, just be aware of that as you won't see containers using classic docker commands


How to remove/install /remove microk8s ?

If you have a previous version of microk8s, you first need to uninstall it (upgrade is possible but it is not recommended between major versions so I recommend to uninstall as it's fast and safe)

...

Code Block
sudo snap install microk8s --classic --channel=1.19/stable

You may need to change your firewall configuration to allow pod to pod communication and pod to internet communication :

Code Block
sudo ufw allow in on cni0 && sudo ufw allow out on cni0
sudo ufw default allow routed

Addons ?

MicroK8s is lightweight but comes with several possible addons, OOM and ONAP requires just a few to be enabled, you can choose to enable more if you want to

18/stable
sudo snap refresh microk8s --classic --channel=1.19/stable

Or (when the master node bug will be fixed on 1.19 kubernetes snap install)

sudo snap install microk8s --classic --channel=1.19/stable

You may need to change your firewall configuration to allow pod to pod communication and pod to internet communication :

Code Block
sudo ufw allow in on cni0 && sudo ufw allow out on cni0
sudo ufw default allow routed


Addons ?

MicroK8s is lightweight but comes with several possible addons, OOM and ONAP requires just a few to be enabled, you can choose to enable more if you want to

DNS addon : we need the DNS addon so that pods can 'see' each other by host name.

Storage addon : we will enable the default Host storage class, this allows local volume storage that are used by some pods to exchange folders between containers.

Code Block
sudo microk8s enable dns storage

...

As Helm is self contained, it's pretty straightforward to install/upgrade

I recommend putting helm in local bin folder as a softlink, this way it's easy to switch between versions if you need to

Code Block
 wget https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz
 tar -zxvf helm-v3.5.2-linux-amd64.tar.gz
 sudo mv linux-amd64/helm /usr/local/bin/helm-v3.5.2
 sudo ln -s /usr/local/bin/helm-v3.5.2 /usr/local/bin/helm

3) Tweak Microk8s

The below tweaks are not strictly necessary, but they help in making the setup more simple and flexible.

A) Increase the max number of pods

, we can also use snap to install the right version

Code Block
sudo snap install helm --classic --channel=3.5/stable

Note: You may encounter some log issues when installing helm with snap

Normally the helm logs are available in "~/.local/share/helm/plugins/deploy/cache/onap/logs", if you notice that the log files are all equal to 0, you can uninstall the helm with snap and reinstall it manually

Code Block
wget https://get.helm.sh/helm-v3.5.4-linux-amd64.tar.gz


Code Block
tar xvfz helm-v3.5.4-linux-amd64.tar.gz



Code Block
sudo mv linux-amd64/helm /usr/local/bin/helm

3) Tweak Microk8s

The below tweaks are not strictly necessary, but they help in making the setup more simple and flexible.

A) Increase the max number of pods & Add priviledged config

As As ONAP may deploy a significant amount of pods, we need to inform kubelet to allow more than the basic configuration (as we plan an all in box setup), if you only plan to run a limited number of components, this is not needneeded

to change the max number of pods, we need to add a parameter to the startup line of kubelet.edit

1. Edit the file located at :

Code Block
sudo nano /var/snap/microk8s/current/args/kubelet

...

Code Block
sudo service snap.microk8s.daemon-kubelet restart

B) run a local copy of kubectl

...

2. Edit the file located at :

Code Block
microk8ssudo kubectl describe node

to make things simpler as we will most likely interact a lot with kubectl, let's install a local copy of kubectl so we can use it to interact with the kubernetes cluster in a more straightforward way

We need kubectl 1.19 to match the cluster we have installed

Code Block
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.19.7/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl

If you want to use a the same link trick as for helm (see above) this could allow you to switch between kubectl versions if needed

Now we need to provide our local kubectl client with a proper config file so that it can access the cluster, microk8s allows to retrieve the cluster config very easily

Simply create a .kube folder in your home directory and dump the config there

Code Block
cd
mkdir .kubecd .kube
microk8s.config > config
chmod 700 config

the last line is there to avoid helm complaining about too open permission

you should now have helm and kubectl ready to interact with each other, you can verify this by trying :

Code Block
kubectl version

this should output both the local client and server version

nano /var/snap/microk8s/current/args/kube-apiserver

add the following line at the end :

Code Block
--allow-privileged=true

save the file and restart kubelet to apply the change :

Code Block
sudo service snap.microk8s.daemon-apiserver restart


B) run a local copy of kubectl

Microk8s comes bundled with kubectl, you can interact with it by doing:

Code Block
sudo microk8s kubectl describe node

to make things simpler as we will most likely interact a lot with kubectl, let's install a local copy of kubectl so we can use it to interact with the kubernetes cluster in a more straightforward way

We need kubectl 1.19 to match the cluster we have installed, let's again use snap to quickly choose and install the one we need

Code Block
sudo snap install kubectl --classic --channel=1.19/stable

Now we need to provide our local kubectl client with a proper config file so that it can access the cluster, microk8s allows to retrieve the cluster config very easily

Simply create a .kube folder in your home directory and dump the config there

Code Block
cd
mkdir .kube
cd .kube
sudo microk8s.config > config
chmod 700 config

the last line is there to avoid helm complaining about too open permission

you should now have helm and kubectl ready to interact with each other, you can verify this by trying :

Code Block
kubectl version

this should output both the local client and server version

Client Version: version.InfoClient Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:23:52Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19+", GitVersion:"v1.19.7-34+02d22c9f4fb254", GitCommit:"02d22c9f4fb2545422b2b28e2152b1788fc27c2f", GitTreeState:"clean", BuildDate:"2021-02-11T20:13:16Z", GoVersion:"go1.15.8", Compiler:"gc", Platform:"linux/amd64"}

...

the example below pulls the latest version from master, it's probably wiser to select the right version (honolulu branch or a specific review you want to test)

Code Block
cd
git clone --recursive "https://gerrit.onap.org/r/oom"

...

Code Block
helm plugin install https://--version v0.9.0 https://github.com/chartmuseum/helm-push.git

Once all plugins are installed, you should see them as available helm commands when doing :

Code Block
helm --help


6) Install the

...

chartmuseum repository

To align with how the previous release were deployed, we will setup a local chart repository.

...

unless you already have docker, in which case you can skip this part altogether.

Or use snap:

Code Block
sudo snap install docker

8) Build all oom charts and store them in the chart repo

You should be ready to build all helm charts, go into the oom/kubernetes folder and run a full make

Ensure you have "make" installed:

Code Block
sudo apt install make

Then build OOM

Code Block
cd ~/oom/kubernetes
make all

...

don't forget to create the namespace again before deploying again (helm won't complain if it is not there, but you'll end up with an empty cluster after if finishes)

10) Enable UI access


Note : you could also reset the K8S cluster by using the microk8s feature : microk8s reset

but that's a more drastic approach, you would need to reinstall the addons, dump again the config for kubectl etc.... this can be useful if you get weird behavior though.

10) Enable UI access

Once all pods are running Once all pods are running and all jobs are completed,

...

Code Block
# for myVM ONAP
127.0.0.1 portal.api.simpledemo.onap.orgaaf-gui
127.0.0.1 sdcaai.apiui.simpledemo.onap.org
127.0.0.1 sdcappc.api.fe.simpledemo.onap.org
127.0.0.1 sdccds.workflow.pluginapi.simpledemo.onap.org
127.0.0.1 vidcdt.api.simpledemo.onap.org
127.0.0.1 policyclamp.api.simpledemo.onap.org
127.0.0.1 aainbi.uiapi.simpledemo.onap.org
127.0.0.1 nbipolicy.api.simpledemo.onap.org
127.0.0.1 clampportal.api.simpledemo.onap.org
127.0.0.1 so-monitoring
127.0.0.1 robot-onap.onap.org
127.0.0.1 aaf-gui
127.0.0.1 robot-onapsdc.api.fe.simpledemo.onap.org
127.0.0.1 cdtsdc.api.simpledemo.onap.org
127.0.0.1 appcsdc.workflow.apiplugin.simpledemo.onap.org
127.0.0.1 cdsso-monitoring
127.0.0.1 vid.api.simpledemo.onap.org

You can then access the portal UI by opening your browser to :
https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm
user/pass is cs0008/demo123456!

Note : Since SDC (and other UIs) are embedded into the portal UI frame, you browser may complain about trusting its certificate, to work around this issue, open the SDC UI directly first (to get your browser to accept the certificate), once done you should be able to open the SDC UI through the portal. To do so, open another tab of your browser to :

https://sdc.api.fe.simpledemo.onap.org:30207/

https://sdc.workflow.plugin.simpledemo.onap.org:30256/

Note : you need to repeat the above for each deployment, as certificates are generated by AAF during startup, certificates will change each time you deploy

You should now be able to use SDC :

:30207/

https://sdc.workflow.plugin.simpledemo.onap.org:30256/

Note : you need to repeat the above for each deployment, as certificates are generated by AAF during startup, certificates will change each time you deploy

You should now be able to use SDC :

Image Added

11) Full Deployment Override on a single VM

Below is a full blown override file used to run mostly all Honolulu components, this was tested working on Windriver Lab on a VM with 12VCpu and 128G Ram

Code Block
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

#################################################################
# Global configuration overrides.
#
# These overrides will affect all helm charts (ie. applications)
# that are listed below and are 'enabled'.
#################################################################
global:
  # Change to an unused port prefix range to prevent port conflicts
  # with other instances running within the same k8s cluster
  nodePortPrefix: 302
  nodePortPrefixExt: 304
  masterPassword: secretpassword
  addTestingComponents: true
  cmpv2Enabled: true
  flavor: unlimited
  # ONAP Repository
  # Uncomment the following to enable the use of a single docker
  # repository but ONLY if your repository mirrors all ONAP
  # docker images. This includes all images from dockerhub and
  # any other repository that hosts images for ONAP components.
  #repository: nexus3.onap.org:10001

  # readiness check - temporary repo until images migrated to nexus3
  readinessRepository: oomk8s
  # logging agent - temporary repo until images migrated to nexus3
  loggingRepository: docker.elastic.co

  # image pull policy
  pullPolicy: IfNotPresent

  # override default mount path root directory
  # referenced by persistent volumes and log files
  persistence:
    mountPath: /dockerdata-nfs

  # flag to enable debugging - application support required
  debugEnabled: false

#################################################################
# Enable/disable and configure helm charts (ie. applications)
# to customize the ONAP deployment.
#################################################################
aaf:
  enabled: true
  aaf-service:
    readiness:
      initialDelaySeconds: 150
aai:
  enabled: true
  flavorOverride: unlimited
  global:
    flavorOverride: unlimited
    cassandra:
      replicas: 3
  aai-cassandra:
    flavorOverride: unlimited
    replicaCount: 3
  aai-babel:
    flavorOverride: unlimited
  aai-data-router:
    flavorOverride: unlimited
  aai-elasticsearch:
    flavorOverride: unlimited
  aai-graphadmin:
    flavorOverride: unlimited
  aai-modelloader:
    flavorOverride: unlimited
  aai-resources:
    flavorOverride: unlimited
  aai-schema-service:
    flavorOverride: unlimited
  aai-search-data:
    flavorOverride: unlimited
  aai-sparky-be:
    flavorOverride: unlimited
    readiness:
      initialDelaySeconds: 150
      periodSeconds: 20
      timeoutSeconds: 10
    liveness:
      timeoutSeconds: 10
  aai-traversal:
    flavorOverride: unlimited  
appc:
  enabled: false
cassandra:
  enabled: true
  replicaCount: 3
  config:
    cluster_domain: cluster.local
    heap:
      max: 1G
      min: 256M
  liveness:
    initialDelaySeconds: 60
    periodSeconds: 20
    timeoutSeconds: 10
    successThreshold: 1
    failureThreshold: 3
    # necessary to disable liveness probe when setting breakpoints
    # in debugger so K8s doesn't restart unresponsive container
    enabled: true

  readiness:
    initialDelaySeconds: 120
    periodSeconds: 20
    timeoutSeconds: 10
    successThreshold: 1
    failureThreshold: 3
cds:
  enabled: true
clamp:
  enabled: true
cli:
  enabled: true
consul:
  enabled: true
contrib:
  enabled: true
  awx:
    enabled: true
  netbox:
    enabled: false
dcaegen2:
  enabled: true
  dcae-cloudify-manager:
    readiness:
      periodSeconds: 120
      timeoutSeconds: 20
    liveness:
      timeoutSeconds: 10
dmaap:
  enabled: true
esr:
  enabled: false
log:
  enabled: false
  log-logstash:
    replicaCount: 1
sniro-emulator:
  enabled: false
oof:
  enabled: false
mariadb-galera:
  enabled: true
msb:
  enabled: true
multicloud:
  enabled: true
nbi:
  enabled: true
platform:
  enabled: true
policy:
  enabled: true
pomba:
  enabled: false
portal:
  enabled: true
robot:
  enabled: true
  flavor: small
  appcUsername: "appc@appc.onap.org"
  appcPassword: "TBD"
  openStackKeyStoneUrl: "http://10.12.25.2:5000"
  openStackKeystoneAPIVersion: "v3"
  openStackPublicNetId: "TBD"
  openStackTenantId: "TBD"
  openStackUserName: "TBD"
  openStackUserDomain: "TBD"
  openStackProjectName: "TBD"
  ubuntu14Image: "trusty-server-cloudimg-amd64-disk1"
  ubuntu16Image: "xenial-server-cloudimg-amd64-disk1"
  openStackPrivateNetCidr: "10.0.0.0/16"
  openStackPrivateNetId: "TBD"
  openStackPrivateSubnetId: "TBD"
  openStackSecurityGroup: "TBD"
  openStackOamNetworkCidrPrefix: "10.0"
  dcaeCollectorIp: "yourhostip"
  vnfPubKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKXDgoo3+WOqcUG8/5uUbk81+yczgwC4Y8ywTmuQqbNxlY1oQ0YxdMUqUnhitSXs5S/yRuAVOYHwGg2mCs20oAINrP+mxBI544AMIb9itPjCtgqtE2EWo6MmnFGbHB4Sx3XioE7F4VPsh7japsIwzOjbrQe+Mua1TGQ5d4nfEOQaaglXLLPFfuc7WbhbJbK6Q7rHqZfRcOwAMXgDoBqlyqKeiKwnumddo2RyNT8ljYmvB6buz7KnMinzo7qB0uktVT05FH9Rg0CTWH5norlG5qXgP2aukL0gk1ph8iAt7uYLf1ktp+LJI2gaF6L0/qli9EmVCSLr1uJ38Q8CBflhkh"
  demoArtifactsVersion: "1.4.0"
  demoArtifactsRepoUrl: "https://nexus.onap.org/content/repositories/releases"
  scriptVersion: "1.4.0"
  nfsIpAddress: "yourhostip"
  config:
    openStackEncryptedPasswordHere: "TBD"
    openStackSoEncryptedPassword: "TBD"
sdc:
  enabled: true
  config:
    environment:
      vnfRepoPort: 8703
  sdc-be:
    config:
      javaOptions: "-Xmx1g -Xms512m"
    liveness:
      periodSeconds: 300
      timeoutSeconds: 180
    readiness:
      periodSeconds: 300
      timeoutSeconds: 240
  sdc-fe:
    resources:
      small:
        limits:
          cpu: 1
          memory: 2Gi
        requests:
          cpu: 100m
          memory: 500Mi
sdnc:
  enabled: true

  replicaCount: 1

  mysql:
    replicaCount: 1
so:
  enabled: true
  so-catalog-db-adapter:
    config:
      openStackUserName: "TBD"
      openStackKeyStoneUrl: "http://10.12.25.2:5000/v3"
      openStackEncryptedPasswordHere: "TBD"
      openStackKeystoneVersion: "KEYSTONE_V3"
uui:
  enabled: false
vfc:
  enabled: false
vid:
  enabled: true
vnfsdk:
  enabled: true

If you want to use SO / Robot - you need to fill in proper properties in the override, this depends on your openstack instance / tenant

12) Run testsuites

If you have deployed the robot pod, you can perform some tests using the provided scripts in the oom repo

go to the oom/kubernetes/robot folder and run ete-k8s.sh to see the available test suites

Code Block
cd ~/oom/kubernetes/robot
./ete-k8s.sh

to run a specific test suite, just provide the namespace and the testsuite tag, below is testing distribution with SDC (beware that some tests require the availability of several components to succeed)

Code Block
cd ~/oom/kubernetes/robot
./ete-k8s.sh onap healthdist

the script will contact the robot pod within the cluster and execute the tests (may take a while)


Code Block
++ kubectl --namespace onap exec onap-robot-8569b648b9-5x49x -- /var/opt/ONAP/runTags.sh -V /share/config/robot_properties.py -v GLOBAL_BUILD_NUMBER:10433 -d /share/logs/0002_ete_healthdist -i healthdist --display 92
Starting Xvfb on display :92 with res 1280x1024x24
Executing robot tests at log level TRACE
==============================================================================
Testsuites                                                                    
==============================================================================
/var/opt/ONAP/robot/library/paramiko/transport.py:33: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in a future release.
  from cryptography.hazmat.backends import default_backend
Testsuites.Health-Check :: Test that ONAP components are available via basi...
==============================================================================
Health Distribution Test                                              | PASS |
------------------------------------------------------------------------------
Testsuites.Health-Check :: Test that ONAP components are available... | PASS |
1 critical test, 1 passed, 0 failed
1 test total, 1 passed, 0 failed
==============================================================================
Testsuites                                                            | PASS |
1 critical test, 1 passed, 0 failed
1 test total, 1 passed, 0 failed
==============================================================================
Output:  /share/logs/0002_ete_healthdist/output.xml
Log:     /share/logs/0002_ete_healthdist/log.html
Report:  /share/logs/0002_ete_healthdist/report.html


if you have enabled UI access you can see the test logs in a browser by connecting to

https://robot-onap.onap.org:30209

(user/pass is test/test)


Image Added


browse to the test suite you have started and open the folder, click the report.html to see robot test results

Image AddedImage Removed