From 4c94b382b7f188877e3efe424b19d5fb263c2bfa Mon Sep 17 00:00:00 2001 From: Tomasz Wrobel Date: Mon, 18 Oct 2021 14:16:14 +0200 Subject: [PATCH] Add HV-VES helm installation guide Issue-ID: DCAEGEN2-2630 Signed-off-by: Tomasz Wrobel Change-Id: Ib7c7306c2180f8ca5c64394354ba5852e1bb2844 --- docs/sections/services/ves-hv/index.rst | 1 + .../sections/services/ves-hv/installation-helm.rst | 83 ++++++++++++++++++++++ 2 files changed, 84 insertions(+) create mode 100644 docs/sections/services/ves-hv/installation-helm.rst diff --git a/docs/sections/services/ves-hv/index.rst b/docs/sections/services/ves-hv/index.rst index 6f849dc4..ec0623ba 100644 --- a/docs/sections/services/ves-hv/index.rst +++ b/docs/sections/services/ves-hv/index.rst @@ -32,6 +32,7 @@ High Volume VES Collector overview and functions repositories deployment installation + installation-helm run-time-configuration HV-VES Offered APIs <../../apis/ves-hv/index> authorization diff --git a/docs/sections/services/ves-hv/installation-helm.rst b/docs/sections/services/ves-hv/installation-helm.rst new file mode 100644 index 00000000..b9bf6da9 --- /dev/null +++ b/docs/sections/services/ves-hv/installation-helm.rst @@ -0,0 +1,83 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. _hv-ves-installation-helm: + +HV-VES Helm Installation +======================== +Starting from ONAP/Honolulu release, HV-VES is installed with a DCAEGEN2-Services Helm charts. +HV-VES application is configured by default to use TLS/SSL encryption on TCP connection. + +Disable TLS security - Helm based deployment +-------------------------------------------- + + +The default behavior can be changed by upgrading dcaegen2-services deployment with custom values: + .. code-block:: bash + + helm -n upgrade -dcaegen2-services --reuse-values --values + +For example: + .. code-block:: bash + + helm -n onap upgrade dev-dcaegen2-services --reuse-values --values new-config.yaml oom/kubernetes/dcaegen2-services + +Where the contents of ``new-config.yaml`` file is: + .. code-block:: bash + + dcae-hv-ves-collector: + applicationConfig: + security.sslDisable: true + +For small changes like this, it is also possible to inline the new value: + .. code-block:: bash + + helm -n onap upgrade dev-dcaegen2-services --reuse-values --set dcae-hv-ves-collector.applicationConfig.security.sslDisable="true" oom/kubernetes/dcaegen2-services + +After the upgrade, the security.sslDisable property should be changed and visible inside dev-dcae-ves-collector-application-config-configmap Config-Map. +It can be verified by running: + .. code-block:: bash + + kubectl -n onap get cm -o yaml + +For HV-VES Collector: + .. code-block:: bash + + kubectl -n onap get cm dev-dcae-hv-ves-collector-application-config-configmap -o yaml + + +For apply new configuration by HV-VES Collector the application restart might be necessary. It could be done by HV-VES helm reinstallation: + .. code-block:: bash + + helm -n onap upgrade dev-dcaegen2-services --reuse-values --set dcae-hv-ves-collector.enabled="false" oom/kubernetes/dcaegen2-services + helm -n onap upgrade dev-dcaegen2-services --reuse-values --set dcae-hv-ves-collector.enabled="true" oom/kubernetes/dcaegen2-services + + +Using external TLS certificates obtained using CMP v2 protocol +-------------------------------------------------------------- + +In order to use the X.509 certificates obtained from the CMP v2 server (so called "operator`s certificates"), refer to the following description: + +:ref:`Enabling TLS with external x.509 certificates ` + +Example values for HV-VES Collector: + .. code-block:: bash + + global: + cmpv2Enabled: true + dcae-ves-collector: + useCmpv2Certificates: true + certificates: + - mountPath: /etc/ves-hv/ssl/external + commonName: dcae-hv-ves-collector + dnsNames: + - dcae-hv-ves-collector + - hv-ves-collector + - hv-ves + keystore: + outputType: + - jks + passwordSecretRef: + name: hv-ves-cmpv2-keystore-password + key: password + create: true + -- 2.16.6