Deploy Charmed Magma Orchestrator 1.6¶
Requirements¶
The Orchestrator must be installed on a Kubernetes cluster with the following specifications:
Kubernetes: A cluster with a total of a minimum of 6 vCPUs and 16 GB of RAM.
Juju 2.9: A Juju controller with access to the Kubernetes cluster
Deploy the magma-orc8r bundle¶
Create an overlay.yaml
file that contains the following content:
applications:
fluentd:
options:
domain: <your domain name>
elasticsearch-url: <your elasticsearch https url>
orc8r-certifier:
options:
domain: <your domain name>
orc8r-eventd:
options:
elasticsearch-url: <your elasticsearch http url>
orc8r-nginx:
options:
domain: <your domain name>
tls-certificates-operator:
options:
generate-self-signed-certificates: true
ca-common-name: rootca.<your domain name>
Warning
This configuration is unsecure because it uses self-signed certificates.
Deploy Orchestrator:
juju deploy magma-orc8r --overlay overlay.yaml --trust --channel=1.6/stable
The deployment is completed when all services are in the Active-Idle
state.
Import the admin operator HTTPS certificate¶
Retrieve the PFX package that contains the certificates to authenticate against Magma Orchestrator:
juju scp --container="magma-orc8r-certifier" orc8r-certifier/0:/var/opt/magma/certs/admin_operator.pfx admin_operator.pfx
Retrieve the pfx package password:
juju run-action orc8r-certifier/leader get-pfx-package-password --wait
Note
The pfx package was copied to your current working directory. It can now be loaded in your browser or used to make API calls to Magma orchestrator.
Setup DNS¶
Retrieve the services that need to be exposed:
juju run-action orc8r-orchestrator/leader get-load-balancer-services --wait
In your domain registrar, create A records for the following Kubernetes services:
Address |
Hostname |
---|---|
|
|
|
|
|
|
|
|
|
|
Verify the deployment¶
Get the master organization’s username and password:
juju run-action nms-magmalte/leader get-master-admin-credentials --wait
Confirm successful deployment by visiting https://master.nms.<your domain>
and logging in
with the admin-username
and admin-password
outputted here.