1 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
2 .. http://creativecommons.org/licenses/by/4.0
3 .. Copyright (C) 2021 Nordix Foundation
4 .. Modifications Copyright (C) 2021 Bell Canada.
6 .. DO NOT CHANGE THIS LABEL FOR RELEASE NOTES - EVEN THOUGH IT GIVES A WARNING
17 The CPS kubernetes chart is located in the `OOM repository <https://github.com/onap/oom/tree/master/kubernetes/cps>`_.
18 This chart includes different cps components referred as <cps-component-name> further in the document are listed below:
22 - `cps-core <https://github.com/onap/oom/tree/master/kubernetes/cps/components/cps-core>`_
23 - `cps-temporal <https://github.com/onap/oom/tree/master/kubernetes/cps/components/cps-temporal>`_
24 - `ncmp-dmi-plugin <https://github.com/onap/oom/tree/master/kubernetes/cps/components/ncmp-dmi-plugin>`_
26 Please refer to the `OOM documentation <https://docs.onap.org/projects/onap-oom/en/latest/oom_user_guide.html>`_ on how to install and deploy ONAP.
28 Installing or Upgrading CPS Components
29 --------------------------------------
30 The assumption is you have cloned the charts from the OOM repository into a local directory.
32 **Step 1** Go to the cps charts and edit properties in values.yaml files to make any changes to particular cps component if required.
36 cd oom/kubernetes/cps/components/<cps-component-name>
38 **Step 2** Build the charts
43 make SKIP_LINT=TRUE cps
46 SKIP_LINT is only to reduce the "make" time
48 **Step 3** Undeploying already deployed cps components
50 After undeploying cps components, keep monitoring the cps pods until they go away.
54 helm del --purge <my-helm-release>-<cps-component-name>
55 kubectl get pods -n <namespace> | grep <cps-component-name>
57 **Step 4** Make sure there is no orphan database persistent volume or claim.
59 First, find if there is an orphan database PV or PVC with the following commands:
62 This step does not apply to ncmp-dmi-plugin.
66 kubectl get pvc -n <namespace> | grep <cps-component-name>
67 kubectl get pv -n <namespace> | grep <cps-component-name>
69 If there are any orphan resources, delete them with
73 kubectl delete pvc <orphan-cps-core-pvc-name>
74 kubectl delete pv <orphan-cps-core-pv-name>
76 **Step 5** Delete NFS persisted data for CPS components
78 Connect to the machine where the file system is persisted and then execute the below command
82 rm -fr /dockerdata-nfs/<my-helm-release>/<cps-component-name>
84 **Step 6** Re-Deploy cps pods
86 After deploying cps, keep monitoring the cps pods until they come up.
90 helm deploy <my-helm-release> local/cps --namespace <namespace>
91 kubectl get pods -n <namespace> | grep <cps-component-name>
93 Restarting a faulty component
94 -----------------------------
95 Each cps component can be restarted independently by issuing the following command:
99 kubectl delete pod <cps-component-pod-name> -n <namespace>
101 .. Below Label is used by documentation for other CPS components to link here, do not remove even if it gives a warning
102 .. _cps_common_credentials_retrieval:
104 Credentials Retrieval
105 ---------------------
107 Application and database credentials are kept in Kubernetes secrets. They are defined as external secrets in the
108 values.yaml file to be used across different components as :
112 - `cps-core <https://github.com/onap/oom/blob/master/kubernetes/cps/components/cps-core/values.yaml#L18>`_
113 - `cps-temporal <https://github.com/onap/oom/blob/master/kubernetes/cps/components/cps-temporal/values.yaml#L28>`_
114 - `ncmp-dmi-plugin <https://github.com/onap/oom/blob/master/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml#L22>`_
116 Below are the list of secrets for different cps components.
118 +--------------------------+---------------------------------+---------------------------------------------------+
119 | Component | Secret type | Secret Name |
120 +==========================+=================================+===================================================+
121 | cps-core | Database authentication | <my-helm-release>-cps-core-pg-user-creds |
122 +--------------------------+---------------------------------+---------------------------------------------------+
123 | cps-core | Rest API Authentication | <my-helm-release>-cps-core-app-user-creds |
124 +--------------------------+---------------------------------+---------------------------------------------------+
125 | cps-temporal | Rest API Authentication | <my-helm-release>-cps-temporal-app-user-creds |
126 +--------------------------+---------------------------------+---------------------------------------------------+
127 | cps-temporal | Database authentication | <my-helm-release>-cps-temporal-pg-user-creds |
128 +--------------------------+---------------------------------+---------------------------------------------------+
129 | ncmp-dmi-plugin | Rest API Authentication | <my-helm-release>-cps-dmi-plugin-user-creds |
130 +--------------------------+---------------------------------+---------------------------------------------------+
131 | ncmp-dmi-plugin | SDNC authentication | <my-helm-release>-ncmp-dmi-plugin-sdnc-creds |
132 +--------------------------+---------------------------------+---------------------------------------------------+
134 The credential values from these secrets are configured in running container as environment variables. Eg:
135 `cps core deployment.yaml <https://github.com/onap/oom/blob/master/kubernetes/cps/components/cps-core/templates/deployment.yaml#L46>`_
137 If no specific passwords are provided to the chart as override values for deployment, then passwords are automatically
138 generated when deploying the Helm release. Below command can be used to retrieve application property credentials
142 kubectl get secret <my-helm-release>-<secret-name> -n <namespace> -o json | jq '.data | map_values(@base64d)'
145 base64d works only with jq version 1.6 or above.
149 To get a listing of the cps-core Pods, run the following command:
153 kubectl get pods -n <namespace> | grep cps-core
155 dev-cps-core-ccd4cc956-r98pv 1/1 Running 0 24h
156 dev-cps-core-postgres-primary-f7766d46c-s9d5b 1/1 Running 0 24h
157 dev-cps-core-postgres-replica-84659d68f9-6qnt4 1/1 Running 0 24h
160 Additional Cps-Core Customizations
161 ==================================
163 The following table lists some properties that can be specified as Helm chart
164 values to configure the application to be deployed. This list is not
167 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
168 | Property | Description | Default Value |
169 +=======================================+=========================================================================================================+===============================+
170 | config.appUserName | User name used by cps-core service to configure the authentication for REST API it exposes. | ``cpsuser`` |
172 | | This is the user name to be used by cps-core REST clients to authenticate themselves. | |
173 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
174 | config.appUserPassword | Password used by cps-core service to configure the authentication for REST API it exposes. | Not defined |
176 | | This is the password to be used by CPS Temporal REST clients to authenticate themselves. | |
178 | | If not defined, the password is generated when deploying the application. | |
180 | | See also :ref:`cps_common_credentials_retrieval`. | |
181 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
182 | config.dmiPluginUserName | User name used by cps-core to authenticate themselves for using ncmp-dmi-plugin service. | ``dmiuser`` |
183 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
184 | config.dmiPluginUserPassword | Internal password used by cps-core to connect to ncmp-dmi-plugin service. | Not defined |
186 | | If not defined, the password is generated when deploying the application. | |
188 | | See also :ref:`cps_common_credentials_retrieval`. | |
189 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
190 | postgres.config.pgUserName | Internal user name used by cps-core to connect to its own database. | ``cps`` |
191 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
192 | postgres.config.pgUserPassword | Internal password used by cps-core to connect to its own database. | Not defined |
194 | | If not defined, the password is generated when deploying the application. | |
196 | | See also :ref:`cps_common_credentials_retrieval`. | |
197 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
198 | postgres.config.pgDatabase | Database name used by cps-core | ``cpsdb`` |
200 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
201 | logging.level | Logging level set in cps-core | info |
203 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
204 | config.useStrimziKafka | If targeting a custom kafka cluster, ie useStrimziKakfa: false, the config.eventPublisher.spring.kafka | true |
205 | | values must be set. | |
206 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
207 | config.eventPublisher. | Kafka hostname and port | ``<kafka-bootstrap>:9092`` |
208 | spring.kafka.bootstrap-servers | | |
209 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
210 | config.eventPublisher. | Kafka consumer client id | ``cps-core`` |
211 | spring.kafka.consumer.client-id | | |
212 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
213 | config.eventPublisher. | Kafka security protocol. | ``SASL_PLAINTEXT`` |
214 | spring.kafka.security.protocol | Some possible values are: | |
216 | | * ``PLAINTEXT`` | |
217 | | * ``SASL_PLAINTEXT``, for authentication | |
218 | | * ``SASL_SSL``, for authentication and encryption | |
219 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
220 | config.eventPublisher. | Kafka security SASL mechanism. Required for SASL_PLAINTEXT and SASL_SSL protocols. | Not defined |
221 | spring.kafka.properties. | Some possible values are: | |
222 | sasl.mechanism | | |
223 | | * ``PLAIN``, for PLAINTEXT | |
224 | | * ``SCRAM-SHA-512``, for SSL | |
225 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
226 | config.eventPublisher. | Kafka security SASL JAAS configuration. Required for SASL_PLAINTEXT and SASL_SSL protocols. | Not defined |
227 | spring.kafka.properties. | Some possible values are: | |
228 | sasl.jaas.config | | |
229 | | * ``org.apache.kafka.common.security.plain.PlainLoginModule required username="..." password="...";``, | |
230 | | for PLAINTEXT | |
231 | | * ``org.apache.kafka.common.security.scram.ScramLoginModule required username="..." password="...";``, | |
233 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
234 | config.eventPublisher. | Kafka security SASL SSL store type. Required for SASL_SSL protocol. | Not defined |
235 | spring.kafka.ssl.trust-store-type | Some possible values are: | |
238 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
239 | config.eventPublisher. | Kafka security SASL SSL store file location. Required for SASL_SSL protocol. | Not defined |
240 | spring.kafka.ssl.trust-store-location | | |
241 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
242 | config.eventPublisher. | Kafka security SASL SSL store password. Required for SASL_SSL protocol. | Not defined |
243 | spring.kafka.ssl.trust-store-password | | |
244 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
245 | config.eventPublisher. | Kafka security SASL SSL broker hostname identification verification. Required for SASL_SSL protocol. | Not defined |
246 | spring.kafka.properties. | Possible value is: | |
247 | ssl.endpoint.identification.algorithm | | |
248 | | * ``""``, empty string to disable | |
249 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
250 | config.additional. | Kafka topic to publish to cps-temporal | ``cps.data-updated-events`` |
251 | notification.data-updated.topic | | |
252 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
253 | config.additional. | If notification from cps-core to cps-temporal is enabled or not. | ``true`` |
254 | notification.data-updated.enabled | If this is set to false, then the config.publisher properties could be skipped. | |
255 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
256 | config.additional. | Dataspaces to be enabled for publishing events to cps-temporal | ```` |
257 | notification.data-updated.filters. | | |
258 | enabled-dataspaces | | |
259 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
260 | config.additional. | If notifications should be processed in synchronous or asynchronous manner | ``false`` |
261 | notification.async.enabled | | |
262 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
263 | config.additional. | Core pool size in asynchronous execution of notification. | ``2`` |
264 | notification.async.executor. | | |
265 | core-pool-size | | |
266 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
267 | config.additional. | Max pool size in asynchronous execution of notification. | ``1`` |
268 | notification.async.executor. | | |
269 | max-pool-size | | |
270 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
271 | config.additional. | Queue Capacity in asynchronous execution of notification. | ``500`` |
272 | notification.async.executor. | | |
273 | queue-capacity | | |
274 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
275 | config.additional. | If the executor should wait for the tasks to be completed on shutdown | ``true`` |
276 | notification.async.executor. | | |
277 | wait-for-tasks-to-complete-on-shutdown| | |
278 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
279 | config.additional. | Prefix to be added to the thread name in asynchronous execution of notifications. | ``async_`` |
280 | notification.async.executor. | | |
281 | thread-name-prefix | | |
282 +---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+
284 CPS-Core Docker Installation
285 ============================
287 CPS-Core can also be installed in a docker environment. Latest `docker-compose <https://github.com/onap/cps/blob/master/docker-compose/docker-compose.yml>`_ is included in the repo to start all the relevant services.
288 The latest instructions are covered in the `README <https://github.com/onap/cps/blob/master/docker-compose/README.md>`_.
Code Review / cps.git / blob