Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Contributors:
Isaku Yamahata <isaku.yamahata@intel.com> <isaku.yamahata@gmail.com>
Bin Hu <bh526r@att.com>
Munish Agarwal <munish.agarwal@ericsson.com>
Please put your name here

...

.com>
Munish Agarwal <munish.agarwal@ericsson.com>
Earle West (ew8463@att.com

Please put your name here


Affected Projects and PTLs for socialization

ProjectPTLimpact and notesfeedback etc

modeling

Hui Dengnew Newms of Data model to describe k8s node/COE instead of compute/opentstack
SDCMichael Lando

SOmulti-cloud adaptoer to call multicloud k8s driver. For Beijing release. ARIA adaptor which already was merged will be utilized with config twist.
OOF & policyNew policy to use COE to run VNF in container. OOF does only match making.
A&AI/ESTnew name to represent k8s or COE. schema extensions to represent k8s data(key value pairs).
multicloudnew k8s plugin
controllers/APP-Cno ipact or new adaptor



https://gerrit.onap.org/r/#/c/30027/

the discussion is continued at the above spec document. Please review/comment there.


1. Intro

In this API design document will discuss

...

Similar to other case, k8s plugin has its own URL prefix so that it doesn’t affect other multicloud northbound API.

...

For details of kubernetes API, please refer to https://kubernetes.io/docs/reference/api-overview/

Note: kubernetes doesn’t have concept of region, tenant.(at this point). So region and tenant_id isn’t in path.

...

8. Kubernetes cluster authentication

Note: https://kubernetes.io/docs/admin/authentication

Because Kubernetes cluster installation is not mentioned,  we should treat all users as normal users when authenticate to Kubernetes VIM. There are several ways to authenticate Kubernetes cluster:

8.0.1. Using kubeconfig file

Users provide each Kubernetes VIM information as a cluster, user or context in kubeconfig files.

apiVersion: v1
clusters:
- cluster:
   certificate-authority: fake-ca-file
   server: https://1.2.3.4
 name: development
- cluster:
   insecure-skip-tls-verify: true
   server: https://5.6.7.8
 name: scratch
contexts:
- context:
   cluster: development
   namespace: frontend
   user: developer
 name: dev-frontend
- context:
   cluster: scratch
   namespace: default
   user: experimenter
 name: exp-scratch
current-context: ""
kind: Config
preferences: {}
users:
- name: developer
 user:
   client-certificate: fake-cert-file
   client-key: fake-key-file

In this scenario, when user want to deploy a VNF, user should provide:

...

Details for configure access multiple clusters, please refer to https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters

8.0.2. Using Bearer token

Similar as above approach, but we only store some necessary parameter to validate an user using Bearer token. When register a Kubernetes VIM, user should fill in the following information:

  • Kubernetes API address: The address and port of the Kubernetes API server (e.g. 192.168.1.2:6443)

  • Bearer token: Bearer token for authentication to the API server

  • Client certificate file: Path to a client certificate file for TLS (optional)

8.0.3. Using basic authentication

Different way, username and password for authenticating

...