1 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
\r
2 .. http://creativecommons.org/licenses/by/4.0
\r
3 .. _hv-ves-installation-helm:
\r
5 HV-VES Helm Installation
\r
6 ========================
\r
7 Starting from ONAP/Honolulu release, HV-VES is installed with a DCAEGEN2-Services Helm charts.
\r
8 HV-VES application is configured by default to use TLS/SSL encryption on TCP connection.
\r
10 Disable TLS security - Helm based deployment
\r
11 --------------------------------------------
\r
14 The default behavior can be changed by upgrading dcaegen2-services deployment with custom values:
\r
15 .. code-block:: bash
\r
17 helm -n <namespace> upgrade <DEPLOYMENT_PREFIX>-dcaegen2-services --reuse-values --values <path to values> <path to dcaegen2-services helm charts>
\r
20 .. code-block:: bash
\r
22 helm -n onap upgrade dev-dcaegen2-services --reuse-values --values new-config.yaml oom/kubernetes/dcaegen2-services
\r
24 Where the contents of ``new-config.yaml`` file is:
\r
25 .. code-block:: bash
\r
27 dcae-hv-ves-collector:
\r
29 security.sslDisable: true
\r
31 For small changes like this, it is also possible to inline the new value:
\r
32 .. code-block:: bash
\r
34 helm -n onap upgrade dev-dcaegen2-services --reuse-values --set dcae-hv-ves-collector.applicationConfig.security.sslDisable="true" oom/kubernetes/dcaegen2-services
\r
36 After the upgrade, the security.sslDisable property should be changed and visible inside dev-dcae-ves-collector-application-config-configmap Config-Map.
\r
37 It can be verified by running:
\r
38 .. code-block:: bash
\r
40 kubectl -n onap get cm <config map name> -o yaml
\r
42 For HV-VES Collector:
\r
43 .. code-block:: bash
\r
45 kubectl -n onap get cm dev-dcae-hv-ves-collector-application-config-configmap -o yaml
\r
48 For apply new configuration by HV-VES Collector the application restart might be necessary. It could be done by HV-VES helm reinstallation:
\r
49 .. code-block:: bash
\r
51 helm -n onap upgrade dev-dcaegen2-services --reuse-values --set dcae-hv-ves-collector.enabled="false" oom/kubernetes/dcaegen2-services
\r
52 helm -n onap upgrade dev-dcaegen2-services --reuse-values --set dcae-hv-ves-collector.enabled="true" oom/kubernetes/dcaegen2-services
\r
55 Using external TLS certificates obtained using CMP v2 protocol
\r
56 --------------------------------------------------------------
\r
58 In order to use the X.509 certificates obtained from the CMP v2 server (so called "operator`s certificates"), refer to the following description:
\r
60 :ref:`Enabling TLS with external x.509 certificates <external-tls-helm>`
\r
62 Example values for HV-VES Collector:
\r
63 .. code-block:: bash
\r
68 useCmpv2Certificates: true
\r
70 - mountPath: /etc/ves-hv/ssl/external
\r
71 commonName: dcae-hv-ves-collector
\r
73 - dcae-hv-ves-collector
\r
80 name: hv-ves-cmpv2-keystore-password
\r