Add VES manual Helm installation guide

[dcaegen2.git] / docs / sections / services / ves-http / installation-helm.rst

diff --git a/docs/sections/services/ves-http/installation-helm.rst b/docs/sections/services/ves-http/installation-helm.rst
new file mode 100644 (file)
index 0000000..0a4cd9a
--- /dev/null
+++ b/docs/sections/services/ves-http/installation-helm.rst
@@ -0,0 +1,79 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.\r
+.. http://creativecommons.org/licenses/by/4.0\r
+.. _ves-installation-helm:\r
+\r
+VES Collector Helm Installation\r
+===============================\r
+\r
+Authentication Support - Helm based deployment\r
+----------------------------------------------\r
+\r
+VES Collector support following authentication types\r
+\r
+    * *auth.method=noAuth* - no security (http)\r
+    * *auth.method=certBasicAuth* - is used to enable mutual TLS authentication or/and basic HTTPs authentication\r
+\r
+Default ONAP deployed VESCollector is configured for "certBasicAuth".\r
+\r
+The default behavior can be changed by upgrading dcaegen2-services deployment with custom values:\r
+    .. code-block:: bash\r
+\r
+        helm -n onap upgrade <DEPLOYMENT_PREFIX>-dcaegen2-services oom/kubernetes/dcaegen2-services --reuse-values --values <path to values>\r
+\r
+For example:\r
+    .. code-block:: bash\r
+\r
+        helm -n onap upgrade dev-dcaegen2-services oom/kubernetes/dcaegen2-services --reuse-values --values new-config.yaml\r
+\r
+Where the contents of ``new-config.yaml`` file is:\r
+    .. code-block:: bash\r
+\r
+        dcae-ves-collector:\r
+          applicationConfig:\r
+            auth.method: "noAuth"\r
+\r
+For small changes like this, it is also possible to inline the new value:\r
+    .. code-block:: bash\r
+\r
+        helm -n onap upgrade dev-dcaegen2-services oom/kubernetes/dcaegen2-services --reuse-values --set dcae-ves-collector.applicationConfig.auth.method="noAuth"\r
+\r
+After the upgrade, the new auth method value should be visible inside dev-dcae-ves-collector-application-config-configmap Config-Map.\r
+It can be verified by running:\r
+    .. code-block:: bash\r
+\r
+        kubectl -n onap get cm <config map name> -o yaml\r
+\r
+For VES Collector:\r
+    .. code-block:: bash\r
+\r
+        kubectl -n onap get cm dev-dcae-ves-collector-application-config-configmap -o yaml\r
+\r
+Using external TLS certificates obtained using CMP v2 protocol\r
+--------------------------------------------------------------\r
+\r
+In order to use the X.509 certificates obtained from the CMP v2 server (so called "operator`s certificates"), refer to the following description:\r
+\r
+:ref:`Enabling TLS with external x.509 certificates <external-tls-helm>`\r
+\r
+Example values for VES Collector:\r
+    .. code-block:: bash\r
+\r
+        global:\r
+          cmpv2Enabled: true\r
+        dcae-ves-collector:\r
+          useCmpv2Certificates: true\r
+          certificates:\r
+          - mountPath: /opt/app/dcae-certificate/external\r
+            commonName: dcae-ves-collector\r
+            dnsNames:\r
+              - dcae-ves-collector\r
+              - ves-collector\r
+              - ves\r
+            keystore:\r
+              outputType:\r
+                - jks\r
+              passwordSecretRef:\r
+                name: ves-cmpv2-keystore-password\r
+                key: password\r
+                create: true\r
+\r