What's needed to deploy ONAP
...
To reinstall ONAP Gating instance two pipelines are used. Both are saved as "Scheduled" (but disabled) on Pipeline Schedules · Orange-OpenSource / lfn / ci_cd / chained-ci · GitLab repo. The schedules are:
- ONAP Gating Azure 3 - to recreate Gating 3,
- ONAP Gating Azure 4 - to recreate Gating 4.
It's needed only to run these pipelines (if user is allowed) and wait for finish. It's also required to disable gating system before reinstallation. To do it it's needed to login on Gating bastion (rebond.francecentral.cloudapp.azure.com) and scale one of the required deployments running on "onap-gating" kubernetes namespace:
...
Gating 4
| Code Block |
|---|
$ ssh azure4.onap.eu |
Certificate issues
cert-manager is responsible for handling certificates (issued by Let's Encrypt). In case of issues with certificates (like outdated ones) start with cert-manager logs analysis.
Up to now two issues occurred. After transferring ownership of onap.eu, cert-manager was unable to issue new certificates due to DNS challenge failing. This was solved by changing challenge method to DNS. It can be done in Issuer resource that is responsible for requesting new certificates from Let's Encrypt. After changes solver section looks like this:
| Code Block | ||
|---|---|---|
| ||
solvers:
- http01:
ingress:
class: nginx |
Another issue that occurred was caused by two ingresses that are responsible for different subdomains using the same TLS secret. In this case solution was very simple - changing name of secret in ingress. After that cert-manager will automatically request for new certificate from Let's Encrypt and save it under new name. In order to make it work Ingress also needs following annotations to be present (in metadata section):
| Code Block | ||
|---|---|---|
| ||
metadata:
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/issuer: "{{ name_of_responsible_issuer }}" |
Obviously {{ name_of_responsible_issuer }} should be changed to appropriate name if Issuer resource.