Application Config & Cert Documentation (Temporary)

Note, this Documentation is for El Alto, on a temporary basis, until it can be entered into "readthedocs" format

PTL Presentation 2019.07.29

WHAT IS TO BE DEMOED?:

AAF will demonstrate the "AAF Agent" container, which will, from a HELM Chart, do the following BEFORE a Client actually starts:

ON a Volume accessible to the Application

• Configure AAF Property Files
• Use this configuration to Contact a Running Certificate Manager 
• Generate Certificates signed by ONAP's Test CA
• Validate that the client actually works.

WHAT IS THE EXAMPLE APP?:

The App is a small "Hello" app that is part of AAF, but configured and run separately.  It is recommended that you use the actual HELM charts to understand how things work.  

Both are provided with the "onap/authz" repository.

AAF provides 2 Kubernetes Helm style installations:  

• Official "OOM" deployments
  • Source: 
    Currently, in OOM Repo:
    https://gerrit.onap.org/r/gitweb?p=oom.git;a=tree;f=kubernetes/aaf/charts/aaf-hello;h=be5927fcb821138c04f8eb8b5fc1057e095a4713;hb=HEAD
    
    Note: Sometime during El Alto, it is expected that the OOM AAF Charts will move to "onap/authz" repo.  
    https://gerrit.onap.org/r/gitweb?p=aaf%2Foom.git;a=summary
• "Helm" deployment 
  • Source: https://gerrit.onap.org/r/gitweb?p=aaf/authz.git;a=tree;f=auth/helm/aaf-hello;h=417360697aa32d428a848d7c0da50293c2c5e4f1;hb=HEAD

WHAT ARE HIGH LEVEL REQUIRED ELEMENTS FOR MY OOM APP?:

1. An App needs a persistent Volume tied to the Kubernetes Namespace
   1. Create a "pv" yaml (Example, see oom/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello.pv.yaml")
   2. Create a "pvc" yaml (Example, see oom/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello.pvc.yaml")
   3. Configure your Volume to your Deployment - NOTE: AS anyone dealing with HELM Charts knows, NO Tabs are allowed, and spacing is CRITICAL!!!.  Use the ACTUAL helm chart, and not this summary.
      ..
      kind: Deployment
      ..
      spec:
      ..
        template:
        ..
          spec:
            volumes:
               name: aaf-hello-vol
               persistentVolumeClaim:
                  claimName: {{ .Release.Name }}-aaf-hello-pvc
   4. In BOTH the initContainer AND your own Container, make sure you have the SAME Volume Mount
      volumeMounts:
      - mountPath: "/opt/app/osaaf"
         name: aaf-hello-vol
   5. Set YOUR Apps' values in "values.yaml"
      # application image
      service:
        fqdn: "aaf-hello"
        agentImage: onap/aaf/aaf_agent:2.1.15-SNAPSHOT
        image: <YOUR IMAGE>
        app_ns: <YOUR AAF Namespace, for "Hello", this is "org.osaaf.aaf" >
        fqi: <YOUR AAF Identity, for "Hello", this is "aaf@aaf.osaaf.org" >
        fqdn: <YOUR FQDN (how your App is known in K8s).  This will be the main Entry for Certificate.  You can add others with SAN.  For "Hello", this is "aaf-hello" >
        public_fqdn: <This it the PUBLIC name for the Kubernetes Cluster.  For AAF's Demo, this is "aaf.osaaf.org" >
        port: < This is Hello's Internal Port... configure your OWN ports accordingly "8130" >
        public_port: < This is Hello's EXTERNAL Port... configure your OWN ports accordingly "31116" >
        deploy_fqi: < For ONAP Envs, use the "Deployer's Identity" "deployer@people.osaaf.org" >
        cadi_latitude: < Latitude of Installation (will be working on OOM to declare on Nodes) for now, anything reasonable "38.0" >
        cadi_longitude: < Longitude of Installation (will be working on OOM to declare on Nodes) for now, anything reasonable "-72.0" >
   6.