--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.\r
+.. http://creativecommons.org/licenses/by/4.0\r
+.. _hv-ves-installation-helm:\r
+\r
+HV-VES Helm Installation\r
+========================\r
+Starting from ONAP/Honolulu release, HV-VES is installed with a DCAEGEN2-Services Helm charts. \r
+HV-VES application is configured by default to use TLS/SSL encryption on TCP connection.\r
+\r
+Disable TLS security - Helm based deployment\r
+--------------------------------------------\r
+\r
+\r
+The default behavior can be changed by upgrading dcaegen2-services deployment with custom values:\r
+ .. code-block:: bash\r
+\r
+ helm -n <namespace> upgrade <DEPLOYMENT_PREFIX>-dcaegen2-services --reuse-values --values <path to values> <path to dcaegen2-services helm charts>\r
+\r
+For example:\r
+ .. code-block:: bash\r
+\r
+ helm -n onap upgrade dev-dcaegen2-services --reuse-values --values new-config.yaml oom/kubernetes/dcaegen2-services\r
+\r
+Where the contents of ``new-config.yaml`` file is:\r
+ .. code-block:: bash\r
+\r
+ dcae-hv-ves-collector:\r
+ applicationConfig:\r
+ security.sslDisable: true\r
+\r
+For small changes like this, it is also possible to inline the new value:\r
+ .. code-block:: bash\r
+\r
+ helm -n onap upgrade dev-dcaegen2-services --reuse-values --set dcae-hv-ves-collector.applicationConfig.security.sslDisable="true" oom/kubernetes/dcaegen2-services\r
+\r
+After the upgrade, the security.sslDisable property should be changed and visible inside dev-dcae-ves-collector-application-config-configmap Config-Map.\r
+It can be verified by running:\r
+ .. code-block:: bash\r
+\r
+ kubectl -n onap get cm <config map name> -o yaml\r
+\r
+For HV-VES Collector:\r
+ .. code-block:: bash\r
+\r
+ kubectl -n onap get cm dev-dcae-hv-ves-collector-application-config-configmap -o yaml\r
+\r
+\r
+For apply new configuration by HV-VES Collector the application restart might be necessary. It could be done by HV-VES helm reinstallation:\r
+ .. code-block:: bash\r
+\r
+ helm -n onap upgrade dev-dcaegen2-services --reuse-values --set dcae-hv-ves-collector.enabled="false" oom/kubernetes/dcaegen2-services\r
+ helm -n onap upgrade dev-dcaegen2-services --reuse-values --set dcae-hv-ves-collector.enabled="true" oom/kubernetes/dcaegen2-services\r
+\r
+\r
+Using external TLS certificates obtained using CMP v2 protocol\r
+--------------------------------------------------------------\r
+\r
+In order to use the X.509 certificates obtained from the CMP v2 server (so called "operator`s certificates"), refer to the following description:\r
+\r
+:ref:`Enabling TLS with external x.509 certificates <external-tls-helm>`\r
+\r
+Example values for HV-VES Collector:\r
+ .. code-block:: bash\r
+\r
+ global:\r
+ cmpv2Enabled: true\r
+ dcae-ves-collector:\r
+ useCmpv2Certificates: true\r
+ certificates:\r
+ - mountPath: /etc/ves-hv/ssl/external\r
+ commonName: dcae-hv-ves-collector\r
+ dnsNames:\r
+ - dcae-hv-ves-collector\r
+ - hv-ves-collector\r
+ - hv-ves\r
+ keystore:\r
+ outputType:\r
+ - jks\r
+ passwordSecretRef:\r
+ name: hv-ves-cmpv2-keystore-password\r
+ key: password\r
+ create: true\r
+\r