Installation

The installation of the Fabric Services System integration for OpenShift is done through Helm charts that are provided as part of each release of the Fabric Services System.

Package information

The Fabric Services System integration for OpenShift is provided as a tar ball (example: fsc-v22.12.1-46.tar.gz) which contains the following files:

  • fsc-*-<release>-images.tar: The container images for the different components.
  • fsc-charts-<release>.tgz: A tar ball containing the Helm charts for the installation of the integration components.
  • fsc-installer.sh: Utility that can be used to upload the images and charts to a registry.

Using the installer script to push the container images and charts

Through the fsc-installer.sh script, it is possible to push the container images to a container image registry and optionally push the Helm charts to a Helm repository.

Note: Currently, only an upload to a container image registry that requires authentication is supported.

The script accepts the following information:

  • User ID: Username to connect to the container image registry. (required)
  • Registry URL: Path to the container image registry. (required)
  • Helm repository URL: URL to the Helm repository to where the charts need to be uploaded. (optional).

The script can be run with the following command:

# ./fsc-installer.sh -u <user-id> -r <registry-url> -e <helm-repo>

For example:

# ./fsc-installer.sh -u imageuploader -r registry.domain.tld/fsc -e http://helm-repo.domain.tld/fsc

OpenShift supporting objects

This section describes the following object that support the OpenShift plugin:
  • Helm chart values
  • Local values .yaml file

Helm chart values

The Helm charts for the Fabric Services System integration for OpenShift have the following structure and properties. Default values are provided.

fss-fsc:
  replicaCount: 1 # Number of replicas of FSC (do not change)
  image:
    repository: localhost # Container repository
    pullPolicy: IfNotPresent # Pull policy
    tag: v22.12.1-46 # Version to deploy
    mgrImageName: fsc-manager # FSC Manager image name
    cniImageName: fsc-cni # FSC CNI image name
    certImageName: fsc-cert # FSC Cert service image name
  nameOverride: "" # Override the (do not change)
  serviceAccount: # Do not change anything in this section
    name: "" # Set the name of the FSC service Account name
  global: # Do not change anything in this section
    crdGroup: ""
    openShift: true # Must be true
  fscInfo:
    dockerConfig: "" # base64 encoded secret for accessing the container registry
  cniInfo:
    log:
      level: info # trace, debug, info, warning, error, fatal, panic
      genFile: "true" # Whether to save a file or not
      maxAge: "7" # Max age in days for log file
      maxBackup: "3" # Number of files to keep
      maxSize: "100" # Max size of log file in MB
      path: /var/log/fsc-cni.log # Path of the log file
    injectCni: "true" # Whether to inject the CNI info in each NAD
    maxUnavailable: 3 # Max unavailable CNI daemonsets during upgrade
  fssInfo:
    hostName: "fss.nokia.com" # Fabric Services System hostname
    ipAddr: "127.0.0.1" # Fabric Services System IP
    port: "8090" # Fabric Services System port
    userId: "" # Fabric Services System username
    password: "" # Fabric Services System password
    tlsEnable: false # Whether Fabric Services System uses TLS
    pluginId: "k8s-plugin-id" # Must be a unique value across the environment
    pluginName: "k8s-plugin-name" # Human readable plugin name
    deploymentName: "k8s-deployment-name" # Human readable deployment name
    deploymentDescription: "k8s connect deployment" # Human readable description
    tlsSkipVerify: true # Whether to verify the server certificate
    tlsCertData: ""  # TLS Certificate data – valid only if tlsSkipVerify is true
    tlsCertKey: "" # TLS Certificate key – No longer used, but a value must be provided
  mgrInfo: # Do not change anything in this section, except for log if necessary
    heartbeatInterval: "3" # Keep-alive timer 
    supportsHeartbeat: "true" # Whether Connect will generate heartbeat alarms 
    actionables: | # Only supported value is DEPLOYMENT_UPDATED 
      DEPLOYMENT_UPDATED 
    log:
      level: info # trace, debug, info, warning, error, fatal, panic
      genFile: "true" # Whether to save a file or not
      maxAge: "7" # Max age in days for log file
      maxBackup: "3" # Number of files to keep
      maxSize: "100" # Max size of log file in MB
      path: /fss/data/fsc-data/logs/fsc-controller-manager.log # Log file path
  service: # Do not change anything in this section
    type: ClusterIP # Type of service created for FSC (do not change)
    port: 8443 # Port used by FSC (do not change)
    grpcPort: 50051 # Internal GRPC port of FSC (do not change)
    webHookPort: 443 # Webhook port for FSC (do not change)

Creating a local values yaml file

When deploying the Fabric Services System integration with OpenShift, you can use a local values .yaml file to overwrite the defaults of the values.yaml file provided in the charts.

The minimum changes are:

fss-fsc: 
  image:
    repository: localhost # Container repository
    tag: v22.12.1-46 # Version to deploy
  fscInfo:
    dockerConfig: "<base64 encoded secret>" # today a secret is required
  fssInfo:
    hostName: "fss.domain.tld"
    ipAddr: "192.0.2.100" 
    port: "443" 
    userId: "fscuser" 
    password: "secret-password" 
    tlsEnable: true 
    pluginId: "ocp-fsc-01" 
    pluginName: "OpenShift FSC 01" 
    deploymentName: "ocp-fsc-01-deployment" 
    deploymentDescription: "First OpenShift Cluster with FSC"
    tlsSkipVerify: true
    tlsCertData: "" # the base64 encoded certificate file
    tlsCertKey: "Tm9uZQo="
Note: This release supports only a container registry that requires authentication through a secret.
Note: In this release, even with tlsSkipVerify set to true, the tlsCertData and tlsCertKey require a value. For the tlsCertKey, any valid base64 encoded value can be entered as it is not used at any time.

Installing and configuring the OpenShift and Kubernetes plugin

Create a local values file as described in Creating a local values yaml file
This procedure describes how to install and configure the OpenShift and Kubernetes plugins for Connect.
  1. Run the installation script with the following command: 
    ./fsc-installer.sh -u <user-id> -r <registry-url> -e <helm-repo>
    $ ./fsc-installer.sh -r registry.domain.tld/fsc -u registryuser -e https://repository.domain.tld/fsc-charts/
Enter Registry Password:
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /home/fsc-helper/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
 
Login Succeeded
Docker Login success
Is the credentials for helm repo same as the docker registry?. y|n: n
Enter Helm Repo Userid: fsc-charts-rw
4ba5346beac5: Loading layer [==================================================>]  1.536kB/1.536kB
00c259f593c6: Loading layer [==================================================>]  14.98MB/14.98MB
14dcfc27fc3e: Loading layer [==================================================>]  55.53MB/55.53MB
fdab6045c7d5: Loading layer [==================================================>]  13.16MB/13.16MB
Loaded image: fsc-manager:v22.12.1-47
336eecb6d6f7: Loading layer [==================================================>]  1.536kB/1.536kB
70e11503e7f0: Loading layer [==================================================>]  11.39MB/11.39MB
352689f7e766: Loading layer [==================================================>]   43.5MB/43.5MB
Loaded image: fsc-cni:v22.12.1-47
b3c73d8d2b99: Loading layer [==================================================>]  1.536kB/1.536kB
057930989262: Loading layer [==================================================>]   10.5MB/10.5MB
aa9b2d5cc420: Loading layer [==================================================>]  40.21MB/40.21MB
Loaded image: fsc-cert:v22.12.1-47
The push refers to repository [registry.domain.tld/fsc/fsc-manager]
fdab6045c7d5: Pushed
14dcfc27fc3e: Pushed
00c259f593c6: Pushed
4ba5346beac5: Pushed
5510fa9aff79: Layer already exists
daeca4c64c94: Layer already exists
c31017bc1cae: Layer already exists
8bd900abc571: Layer already exists
994393dc58e7: Layer already exists
v22.12.1-47: digest: sha256:d25836c54943ce2c5b50d0265e941d13b89172e9840551e1be459fbdbc649ad0 size: 2205
The push refers to repository [registry.domain.tld/fsc/fsc-cni]
352689f7e766: Pushed
70e11503e7f0: Pushed
336eecb6d6f7: Pushed
5510fa9aff79: Layer already exists
daeca4c64c94: Layer already exists
c31017bc1cae: Layer already exists
8bd900abc571: Layer already exists
994393dc58e7: Layer already exists
v22.12.1-47: digest: sha256:21b3632b9bb134409a79dbbd6f8a158d52a13d483a79257a45f1fefb6009f5d0 size: 1994
The push refers to repository [registry.domain.tld/fsc/fsc-cert]
aa9b2d5cc420: Pushed
057930989262: Pushed
b3c73d8d2b99: Pushed
5510fa9aff79: Layer already exists
daeca4c64c94: Layer already exists
c31017bc1cae: Layer already exists
8bd900abc571: Layer already exists
994393dc58e7: Layer already exists
v22.12.1-47: digest: sha256:e4ff6b4d00e69b237161c476e7b6dcbadf3fd60e723fa696c2de74e2fd855398 size: 1994
Untagged: fsc-manager:v22.12.1-47
Untagged: fsc-cni:v22.12.1-47
Untagged: fsc-cert:v22.12.1-47
fsc-charts/Chart.yaml
fsc-charts/values.yaml
fsc-charts/.helmignore
fsc-charts/charts/fss-fsc/Chart.yaml
fsc-charts/charts/fss-fsc/values.yaml
fsc-charts/charts/fss-fsc/templates/_helpers.tpl
fsc-charts/charts/fss-fsc/templates/configmap.yaml
fsc-charts/charts/fss-fsc/templates/crd.yaml
fsc-charts/charts/fss-fsc/templates/deployment.yaml
fsc-charts/charts/fss-fsc/templates/scc.yaml
fsc-charts/charts/fss-fsc/templates/secret.yaml
fsc-charts/charts/fss-fsc/templates/service.yaml
fsc-charts/charts/fss-fsc/templates/serviceaccount.yaml
  2. Do one of the following:
    IfThen
    You have created a local values file (see Prerequisites), Go to step 3.
    You used the fsc-installer.sh script to upload the charts to a Helm repository, or another tool was used to do so, Go to step 5.
  3. Use the following command to deploy the Fabric Services System integration with OpenShift: 
    helm install -f local-values.yaml fsc-deployment
          fsc-charts-v22.12.1-46.tgz
  4. Go to step 6.
  5. Use the following commands to deploy the Fabric Services System integration with OpenShift 
    # helm repo add fscrepo https://helm-repo.domain.tld/repository/fsp-charts/ --username "fsp-charts-ro" --password  "******"
  "fscrepo" has been added to your repositories

# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "fscrepo" chart repository
Update Complete. ??Happy Helming!??

# helm install prod fsprepo/fsc-charts --version v22.12.1-46 -f local.yaml
  6. Verify that the installation was successful by checking that the required pods are in the Running or Completed state as shown below: 
    # oc get pods -n fsc-system
NAME                                             READY STATUS    RESTARTS AGE
prod-fss-fsc-cert-manager                        0/1   Completed 0        35s
prod-fss-fsc-cni-ds-wrqrs                        1/1   Running   0        35s
prod-fss-fsc-cni-ds-wtlf7                        1/1   Running   0        35s
prod-fss-fsc-cni-ds-xt9qj                        1/1   Running   0        35s
prod-fss-fsc-controller-manager-5898c6b5b9-xh459 2/2   Running   0        35s
    Note: The Cert Manager pod should be in the Completed state for a successful deployment.