Background

After the SM PoC (Guilin) we are focussing in deploying SM in Kohn using Istio as SM framework in ONAP.
Target picture is described in SECCOM page:
ONAP Next Generation Security & Logging Architecture

Cluster Preparation

During the setup of the K8S Cluster the Istio resources need to be dinstalled.
As basis in Kohn we use the following platform versions:

• helm_release: v3.8.2
• kubernetes_release: v1.23.8
• istio_release: 1.14.1

Install Istio

Source: https://istio.io/latest/docs/setup/install/helm/

Istio basics

1. Configure the Helm repository:

   $ helm repo add istio https://istio-release.storage.googleapis.com/charts
   $ helm repo update

2. Create a namespace istio-system for Istio components:

   $ kubectl create namespace istio-system

3. Install the Istio Base chart which contains cluster-wide resources used by the Istio control plane:
   

   $ helm upgrade istio-base istio/base -n istio-system --version 1.14.1

   
   

4. Install the Istio Discovery chart which deploys the istiod service:
   (enable the variable to enforce the (sidecar) proxy startup before the container start)

   $ helm upgrade istiod istio/istiod -n istio-system --version 1.14.1 --wait --set global.proxy.holdApplicationUntilProxyStarts=true

   
   

Istio Ingress Gateway

1. Create a namespace istio-ingress for the Istio Ingress gateway and enable istio-injection:

   $ kubectl create namespace istio-ingress
   $ kubectl label namespace istio-ingress istio-injection=enabled

2. Install the Istio Gateway chart:
   

   $ helm upgrade istio-ingress istio/gateway -n istio-ingress --version 1.14.1 --wait 

Install Jaeger/Kiali

Configure ONAP charts

Install ONAP

1. Label namespace for Istio sidecar injection:

   $ kubectl label namespace onap istio-injection=enabled --overwrite=true