1. Network Repository Function (NRF) Cloud Native Installation and Upgrade Guide
  2. OCNRF Installation Prerequisites

4 OCNRF Installation Prerequisites

OCNRF Pre-requisites

This section includes information about the required pre-requisites before initiating OCNRF Installation.

Following are the prerequisites to install and configure OCNRF:

OCNRF Software

The OCNRF software includes:

  • OCNRF Helm charts
  • OCNRF docker images

The following software must be installed:

Software Version
Kubernetes v1.15.3
HELM v2.14.3

Additional software that needs to be deployed as per the requirement of the services:

Software Chart Version Notes
elasticsearch 5.5.4 Needed for Logging Area
elastic-curator 5.5.4 Needed for Logging Area
elastic-exporter 1.0.2 Needed for Logging Area
logs 2.0.7 Needed for Logging Area
kibana 6.7.0 Needed for Logging Area
grafana 6.1.6 Needed for Metrics Area
prometheus 9.1.2 Needed for Metrics Area
prometheus-node-exporter 0.17.0 Needed for Metrics Area
metallb 0.7.3 Needed for External IP
metrics-server 0.3.1 Needed for Metric Server
tracer 0.8.3 Needed for Tracing Area

Note:

Install the specified software items before proceeding, if any of the above services are needed and the respective software is not already installed in CNE.
To check the installed software items, execute: 
helm ls

Some of the systems may need to use helm command with admin.conf file, such as:

helm --kubeconfig admin.conf

Network access

The Kubernetes cluster hosts must have network access to:

  • Local docker image repository where the OCNRF images are available.
    To check if the Kubernetes cluster hosts has network access to the local docker image repository, try to pull any image with tag name to check connectivity by executing: 
    docker pull <docker-repo>/<image-name>:<image-tag>

    Note:

    Some of the systems may need to use helm command with admin.conf file, such as:

    helm --kubeconfig admin.conf

  • Local helm repository where the OCNRF helm charts are available.
    To check if the Kubernetes cluster hosts has network access to the local helm repository, execute: 
    helm repo update

    Note:

    Some of the systems may need to use helm command with admin.conf file, such as:

    helm --kubeconfig admin.conf

Note:

All the kubectl and helm related commands that are used in this document must be executed on a system depending on the infrastructure of the deployment. It could be a client machine such as a VM, server, local desktop, and so on.

Client machine requirement

There are some requirements for the client machine where the deployment commands need to be executed:
  • It should have network access to the helm repository and docker image repository.
  • Helm repository must be configured on the client.
  • It should have network access to the Kubernetes cluster.
  • It should have necessary environment settings to run the kubectl commands. The environment should have privileges to create a namespace in the Kubernetes cluster.
  • It should have helm client installed. The environment should be configured so that the helm install command deploys the software in the Kubernetes cluster.

Secret file requirement

For HTTPs and Access token, the following certs and pem files has to be created before creating secret files for Keys and MySql.

Note: The following files must be created before creating secret files.
  1. ECDSA private Key and CA signed ECDSA Certificate (if initialAlgorithm: ES256)
  2. RSA private key and CA signed RSA Certificate (if initialAlgorithm: RSA256)
  3. TrustStore password file
  4. KeyStore password file
  5. CA signed ECDSA certificate

ServiceAccount requirement

Operator must create a service account, bind it with a Role for resource with permissions for atleast get, watch and list.

serviceAccountName is a mandatory parameter. Kubernetes Secret resource is used for providing the following:

  • MYSQL DB Details to micro-services.

  • NRF's Private Key, NRF's Certificate and CA Certificate Details to Ingress/Egress Gateway for TLS.

  • NRF's Private and NRF's Public Keys to nfAccessToken micro-service for Digitally Signing AccessTokenClaims.

  • Producer/Consumer NF's Service/Endpoint details for routing messages from/to Egress/Ingress Gateway.

The Secret(s) can be under same namespace where OCNRF is getting deployed (recommended) or # Operator can choose to use different namespaces for different secret(s). If all the Secret(s) are under same namespace as OCNRF, then Kubernetes Role can be binded with the given ServiceAccount. Otherwise ClusterRole needs to be binded with the given ServiceAccount. The Role/ClusterRole needs to be created with resources: (services, configmaps, pods, secrets, endpoints) and (verbs: get, watch, list). Refer to Creation of Service Account, Role and Role bindings for more details.

Here is the sample serviceAccount parameter file: 

apiVersion: v1
kind: ServiceAccount
metadata:
 name: ocnrf-serviceaccount
 namespace: ocnrf
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
 name: ocnrf-role
 namespace: ocnrf
rules:
 - apiGroups:
   - "" # "" indicates the core API group
   resources:
   - services
   - configmaps
   - pods
   - secrets
   - endpoints
   verbs:
   - get
   - watch
   - list
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
 name: ocnrf-rolebinding
 namespace: ocnrf
roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: Role
 name: ocnrf-role
 namespace: ocnrf
subjects:
- kind: ServiceAccount
  name: ocnrf-serviceaccount
  namespace: ocnrf

OCNRF Installation Preparation

The following procedure describes the steps to download the OCNRF Images and Helm files from OSDC.

For more information about configuring docker image and registry, see chapter OCCNE Docker Image Registry Configuration in OCCNE Installation Guide 1.4.

Table 4-1 OCNRF Installation Preparation

Step Procedure Description

1

img/icon.png 		Download the OCNRF package file

Customers are required to download the OCNRF package file from Oracle Software Delivery Cloud (OSDC). Package is named as follows: 

<nfname>-pkg-<marketing-release-number>.tgz

For example: ocnrf-pkg-1.5.1.0.0.tgz

2

img/icon.png 		Untar the OCNRF Package File

Untar the OCNRF package: 

tar -xvf <<nfname>-pkg-<marketing-release-number>>.tgz

This command results into <<nfname>-pkg-<marketing-release-number>> directory.

The directory consists of following:
  1. OCNRF Docker Images File:

    ocnrf-images-1.5.1.tar

  2. OCNRF Helm Chart

    ocnrf-1.5.1.tgz

  3. Readme txt file

    Readme.txt (Contains cksum and md5sum of tarballs)

3

img/icon.png 		Verify the checksums Verify the checksums of tarballs mentioned in Readme.txt.

4

img/icon.png 		Load the tarball to system

Execute the following command to load the images to the customer's local registry: 

docker load --input ocnrf-images-1.5.1.tar

5

img/icon.png 		Check if all the images are loaded

Execute the following command to check: 

docker images

Refer the below table OCNRF Images for the list of images.

6

img/icon.png 		Push docker images to docker registry

Execute the following commands to push the docker images to docker registry:

docker tag <image-name>:<image-tag> <docker-repo>/<image-name>:<image-tag>

docker push <docker-repo>/<image-name>:<image-tag>

7

img/icon.png 		Untar Helm Files

Untar the helm files: 

tar -xvzf ocnrf-1.5.1.tgz

8

img/icon.png 		Download the Network Repository Function (NRF) Custom Template ZIP file

Download the Network Repository Function (NRF) Custom Template ZIP file from OHC:

  • Go to the URL, docs.oracle.com
  • Navigate to Industries->Communications->Diameter Signaling Router->Cloud Native Network Elements
  • Click the Network Repository Function (NRF) Custom Template link to download the zip file.
  • Unzip the template to get ocnrf-custom-configTemplates-1.5.1.0.0 file that contains the following:
    • NrfAlertrules-1.5.1.yaml: This file is used for prometheus.
    • NrfDashboard-1.5.1.json: This file is used by grafana.
    • ocnrf-custom-values-1.5.1.yaml: This file is used during installation.

OCNRF Images

Following are the OCNRF images:

Table 4-2 OCNRF Images

Services Image Tag
<helm-release-name>-NFRegistration ocnrf-nfregistration 1.5.1
<helm-release-name>-NFSubscription ocnrf-nfsubscription 1.5.1
<helm-release-name>-NFDiscovery ocnrf-nfdiscovery 1.5.1
<helm-release-name>-NRF Auditor ocnrf-nrfauditor 1.5.1
<helm-release-name>-NRF Configuration ocnrf-nrfconfiguration 1.5.1
<helm-release-name>-NFAccessToken configurationinit 0.3.0
configurationupdate 0.3.0
ocnrf-nfaccesstoken 1.5.1
<helm-release-name>-EgressGateway configurationinit 0.3.0
configurationupdate 0.3.0
ocegress_gateway 1.5.1
<helm-release-name>-IngressGateway configurationinit 0.3.0
configurationupdate 0.3.0
ocingress_gateway 1.5.1

Note:

IngressGateway, EgressGateway and NFAccessToken uses same configurationinit and configurationupdates docker images.