diff options
author | Joanna Jeremicz <joanna.jeremicz@nokia.com> | 2021-09-13 15:07:02 +0200 |
---|---|---|
committer | Joanna Jeremicz <joanna.jeremicz@nokia.com> | 2021-09-16 12:43:43 +0200 |
commit | c030b48b838ee084269bb77df917341c1b5e9d77 (patch) | |
tree | 0b4701fd87350e91c49112ceee9e1e06eca8190f /docs/sections/services/ves-http/installation-helm.rst | |
parent | 2b7aab53c39c8e6b77c6f96f3744439058d74e07 (diff) |
Add VES manual Helm installation guide
- Authentication Support section
- External TLS section
Issue-ID: DCAEGEN2-2630
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
Change-Id: Iccdbe2a278ad2818b180dfdf4ccdb321d66f8bf3
Diffstat (limited to 'docs/sections/services/ves-http/installation-helm.rst')
-rw-r--r-- | docs/sections/services/ves-http/installation-helm.rst | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/docs/sections/services/ves-http/installation-helm.rst b/docs/sections/services/ves-http/installation-helm.rst new file mode 100644 index 00000000..0a4cd9a9 --- /dev/null +++ b/docs/sections/services/ves-http/installation-helm.rst @@ -0,0 +1,79 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. _ves-installation-helm:
+
+VES Collector Helm Installation
+===============================
+
+Authentication Support - Helm based deployment
+----------------------------------------------
+
+VES Collector support following authentication types
+
+ * *auth.method=noAuth* - no security (http)
+ * *auth.method=certBasicAuth* - is used to enable mutual TLS authentication or/and basic HTTPs authentication
+
+Default ONAP deployed VESCollector is configured for "certBasicAuth".
+
+The default behavior can be changed by upgrading dcaegen2-services deployment with custom values:
+ .. code-block:: bash
+
+ helm -n onap upgrade <DEPLOYMENT_PREFIX>-dcaegen2-services oom/kubernetes/dcaegen2-services --reuse-values --values <path to values>
+
+For example:
+ .. code-block:: bash
+
+ helm -n onap upgrade dev-dcaegen2-services oom/kubernetes/dcaegen2-services --reuse-values --values new-config.yaml
+
+Where the contents of ``new-config.yaml`` file is:
+ .. code-block:: bash
+
+ dcae-ves-collector:
+ applicationConfig:
+ auth.method: "noAuth"
+
+For small changes like this, it is also possible to inline the new value:
+ .. code-block:: bash
+
+ helm -n onap upgrade dev-dcaegen2-services oom/kubernetes/dcaegen2-services --reuse-values --set dcae-ves-collector.applicationConfig.auth.method="noAuth"
+
+After the upgrade, the new auth method value should be visible inside dev-dcae-ves-collector-application-config-configmap Config-Map.
+It can be verified by running:
+ .. code-block:: bash
+
+ kubectl -n onap get cm <config map name> -o yaml
+
+For VES Collector:
+ .. code-block:: bash
+
+ kubectl -n onap get cm dev-dcae-ves-collector-application-config-configmap -o yaml
+
+Using external TLS certificates obtained using CMP v2 protocol
+--------------------------------------------------------------
+
+In order to use the X.509 certificates obtained from the CMP v2 server (so called "operator`s certificates"), refer to the following description:
+
+:ref:`Enabling TLS with external x.509 certificates <external-tls-helm>`
+
+Example values for VES Collector:
+ .. code-block:: bash
+
+ global:
+ cmpv2Enabled: true
+ dcae-ves-collector:
+ useCmpv2Certificates: true
+ certificates:
+ - mountPath: /opt/app/dcae-certificate/external
+ commonName: dcae-ves-collector
+ dnsNames:
+ - dcae-ves-collector
+ - ves-collector
+ - ves
+ keystore:
+ outputType:
+ - jks
+ passwordSecretRef:
+ name: ves-cmpv2-keystore-password
+ key: password
+ create: true
+
|