1 .. This work is licensed under a Creative Commons Attribution 4.0
2 .. International License.
3 .. http://creativecommons.org/licenses/by/4.0
4 .. Copyright (C) 2022 Nordix Foundation
7 .. _helm deploy: https://github.com/onap/oom/blob/master/kubernetes/helm/plugins/deploy/deploy.sh
9 .. _oom_customize_overrides:
14 The OOM `helm deploy`_ plugin requires deployment configuration as input, usually in the form of override yaml files.
15 These input files determine what ONAP components get deployed, and the configuration of the OOM deployment.
17 Other helm config options like `--set log.enabled=true|false` are available.
19 See the `helm deploy`_ plugin usage section for more detail, or it the plugin has already been installed, execute the following::
23 Users can customize the override files to suit their required deployment.
26 Standard and example override files (e.g. `onap-all.yaml`, `onap-all-ingress-istio.yaml`)
27 can be found in the `oom/kubernetes/onap/resources/overrides/` directory.
29 * Users can selectively enable or disable ONAP components by changing the ``enabled: true/false`` flags.
31 * Add to the command line a value for the global master password (ie. --set global.masterPassword=My_superPassw0rd).
34 Enabling/Disabling Components
35 *****************************
36 Here is an example of the nominal entries that need to be provided.
37 Different values files are available for different contexts.
39 .. collapse:: Default ONAP values.yaml
41 .. include:: ../../../../kubernetes/onap/values.yaml
46 (Optional) "ONAP on Service Mesh"
47 *********************************
49 To enable "ONAP on Service Mesh" both "ServiceMesh" and "Ingress"
50 configuration entries need to be configured before deployment.
52 Global settings relevant for ServiceMesh:
58 # generally enable ingress for ONAP components
60 # enable all component's Ingress interfaces
62 # default Ingress base URL
63 # can be overwritten in component by setting ingress.baseurlOverride
65 baseurl: "simpledemo.onap.org"
66 # All http requests via ingress will be redirected on Ingress controller
67 # only valid for Istio Gateway (ServiceMesh enabled)
70 # you can set an own Secret containing a certificate
71 # only valid for Istio Gateway (ServiceMesh enabled)
73 # secret: 'my-ingress-cert'
74 # optional: Namespace of the Istio IngressGateway
75 # only valid for Istio Gateway (ServiceMesh enabled)
76 namespace: istio-ingress
81 # be aware that linkerd is not well tested
82 engine: "istio" # valid value: istio or linkerd
90 - enabled: true → enables ServiceMesh functionality in the ONAP Namespace (Istio: enables Sidecar deployment)
91 - tls: true → enables mTLS encryption in Sidecar communication
92 - engine: istio → sets the SM engine (currently only Istio is supported)
93 - aafEnabled: false → disables AAF usage for TLS interfaces
94 - tlsEnabled: false → disables creation of TLS in component services
95 - cmpv2Enabled: false → disable cmpv2 feature
96 - msbEnabled: false → MSB is not used in Istio setup (Open, if all components are MSB independend)
100 - enabled: true → enables Ingress using: Nginx (when SM disabled), Istio IngressGateway (when SM enabled)
101 - enable_all: true → enables Ingress configuration in each component
102 - virtualhost.baseurl: "simpledemo.onap.org" → sets globally the URL for all Interfaces set by the components,
103 resulting in e.g. "aai-api.simpledemo.onap.org", can be overwritten in the component via: ingress.baseurlOverride
104 - config.ssl: redirect → sets in the Ingress globally the redirection of all Interfaces from http (port 80) to https (port 443)
105 - config.tls.secret: "..." → (optional) overrides the default selfsigned SSL certificate with a certificate stored in the specified secret
106 - namespace: istio-ingress → (optional) overrides the namespace of the ingress gateway which is used for the created SSL certificate
109 For "ONAP on Istio" an example override file (`onap-all-ingress-istio.yaml`)
110 can be found in the `oom/kubernetes/onap/resources/overrides/` directory.