Distributed Proxy Charms in OSM

Distributed Proxy Charms

Charms allow OSM to deploy network services with VNF/KNFs that can be configured, integrated, and operated with day-1 and day-2 actions. Charm is software that drives software, and that follows what in the Kubernetes world is known as the operator pattern. The VCA (Juju controller) is responsible for deploying, configuring, integrating, and executing actions in the Charms.

Particularly, Proxy charms provide capabilities to add all these benefits to workloads that are “fixed” (i.e. PNFs, VNFs that come with a custom image, and software cannot be installed there, etc). In this case, the Charm/operator lives in a container different from the workload.

Currently, OSM supports two types of Proxy Charms: LXD and Kubernetes charms. With any of the Kubernetes-based installations (charmed or k8s), two clouds will be automatically added to the VCA, which will be afterwards used to deploy LXD and K8s Proxy charms. By default, these clouds are installed in the same machine as OSM, but they can be configured to be external:

$ juju clouds --controller osm-vca
Clouds available on the controller:
Cloud      	Regions    Default   Type
lxd-cloud  	1    	   default    lxd  
microk8s   	1    	   localhost  k8s  

By default, all LXD Proxy charms will be deployed to the lxd cloud, and all the K8s Proxy charms to the k8s cloud. That behavior can be changed by adding additional clouds to the VCA, and referencing them in the vim account.

Add clouds to the VCA

Adding clouds to the VCA is a very straightforward process, but the commands are slightly different depending on the target cloud type.

k8s

To add a Kubernetes cloud to Juju, we only need the kubeconfig file of the Kubernetes cluster that we will be adding.

$ cat kubeconfig.yaml | juju add-k8s --controller <controller_name> <cloud_name>

  • juju add-k8s command takes the kubeconfig from stdin
  • –controller: Controller name is “osm-vca”
  • cloud_name: The cloud name that will be assigned to the cloud. By default, the credential name will be the same as the cloud name. Underscores (“_”) or names starting with numbers (“1-9”) are not valid.
Example:

$ cat kubeconfig.yaml | juju add-k8s --controller osm-vca my-k8s-cloud

lxd

To add an LXD cloud to Juju we just need to execute the following commands:

$ juju add-cloud --controller osm-vca <cloud_name> <cloud_file> --force
$ juju add-credential --controller osm-vca <cloud_name> -f <credentials_file>

  • –controller: Controller name is “osm-vca”
  • cloud_name: The cloud name that will be assigned to the cloud.

Now we will explain how to build the cloud and credentials files, and obtain all the needed data.

Cloud file
clouds:
    <CLOUD_NAME>:
      type: lxd
      auth-types: [certificate]
      endpoint: "https://$LXDENDPOINT:8443"
      config:
          ssl-hostname-verification: false
  • CLOUD_NAME: Name of the cloud that will be specified in the juju add-cloud command. Underscores are not valid.
  • LXD_ENDPOINT: The endpoint of the LXD cloud, is the URL needed to reach the LXD Nodes. For more information, go here, and search for “What IP address or DNS name should be used to reach this node?”.
Credentials file
credentials:
    <CLOUD_NAME>:
        <CREDENTIALS_NAME>:
          auth-type: certificate
          server-cert: |
              <SERVER_CERTIFICATE>
          client-cert: |
              <CLIENT_CERTIFICATE>
          client-key: |
              <CLIENT_KEY>
  • CLOUD_NAME: Name of the cloud that will be specified in the juju add-cloud command.
  • CREDENTIALS_NAME: Name of the credentials for the cloud. No underscores or names starting with numbers are valid.
  • SERVER_CERTIFICATE: Obtaining the server certificate is as easy as executing the following command in an LXD Node: $ cat /var/snap/lxd/common/lxd/server.crt
  • CLIENT_CERTIFICATE and CLIENT_KEY: The client key and certificate will be used by Juju, to contact the LXD cloud endpoint. Can be generated like this: $ openssl req -nodes -new -x509 -keyout client.key -out client.crt -days 365 -subj "/C=FR/ST=Nice/L=Nice/O=ETSI/OU=OSM/CN=osm.etsi.org". It is important to trust the certificate in the LXD node: $ lxc config trust add local: client.crt
Example

$ juju add-cloud --controller osm-vca my-lxd-cloud cloud.yamll --force
$ juju add-credential --controller osm-vca my-lxd-cloud-f credentials.yaml

cloud.yaml:

clouds:
    my-lxd-cloud:
      type: lxd
      auth-types: [certificate]
      endpoint: "https://172.21.248.56:8443"
      config:
          ssl-hostname-verification: false

credentials.yaml

credentials:
    my-lxd-cloud:
        my-lxd-cloud-credentials:
          auth-type: certificate
          server-cert: |
              -----BEGIN CERTIFICATE-----
              ....
              -----END CERTIFICATE-----
          client-cert: |
              -----BEGIN CERTIFICATE-----
              ....
              -----END CERTIFICATE-----
          client-key: |
              -----BEGIN PRIVATE KEY-----
              ....
              -----END PRIVATE KEY-----

Select clouds for vim account

Now that we know how to add LXD and K8s clouds to Juju, we only need to associate specific clouds with the vim account, so all the Proxy charms of the network functions targeting that vim will be deployed in the clouds we select.

$ osm vim-create --name <vim_name> \
                                   --user "$OS_USERNAME" \
                                   --password "$OS_PASSWORD" \
                                   --auth_url "$OS_AUTH_URL/v3" \
                                   --tenant "$OS_USERNAME" \
                                   --account_type openstack \
                                   --config='{
                                       vca_cloud: my-lxd-cloud,
                                       vca_cloud_credential: my-lxd-cloud-credentials,
                                       vca_k8s_cloud: my-k8s-cloud,
                                       vca_k8s_cloud_credential: my-k8s-cloud,
                                    }'

The important thing to explain are the four parameters in the configuration of the vim account:

  • vca_cloud: Name of the cloud for LXD Proxy charms
  • vca_cloud_credential: Name of the cloud credentials for LXD Proxy charms
  • vca_k8s_cloud: Name of the cloud for K8s Proxy charms
  • vca_k8s_cloud_credential: Name of the cloud credentials for K8s Proxy charms