From c030b48b838ee084269bb77df917341c1b5e9d77 Mon Sep 17 00:00:00 2001 From: Joanna Jeremicz Date: Mon, 13 Sep 2021 15:07:02 +0200 Subject: Add VES manual Helm installation guide - Authentication Support section - External TLS section Issue-ID: DCAEGEN2-2630 Signed-off-by: Joanna Jeremicz Change-Id: Iccdbe2a278ad2818b180dfdf4ccdb321d66f8bf3 --- docs/sections/services/ves-http/index.rst | 1 + .../services/ves-http/installation-helm.rst | 79 ++++++++++++++++++++++ 2 files changed, 80 insertions(+) create mode 100644 docs/sections/services/ves-http/installation-helm.rst (limited to 'docs/sections/services') diff --git a/docs/sections/services/ves-http/index.rst b/docs/sections/services/ves-http/index.rst index 5b56d44f..7f444247 100644 --- a/docs/sections/services/ves-http/index.rst +++ b/docs/sections/services/ves-http/index.rst @@ -23,6 +23,7 @@ VES Collector (HTTP) overview and functions ./configuration.rst ./delivery.rst ./installation.rst + ./installation-helm.rst ./tls-authentication.rst ./stnd-defined-validation.rst diff --git a/docs/sections/services/ves-http/installation-helm.rst b/docs/sections/services/ves-http/installation-helm.rst new file mode 100644 index 00000000..0a4cd9a9 --- /dev/null +++ b/docs/sections/services/ves-http/installation-helm.rst @@ -0,0 +1,79 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. _ves-installation-helm: + +VES Collector Helm Installation +=============================== + +Authentication Support - Helm based deployment +---------------------------------------------- + +VES Collector support following authentication types + + * *auth.method=noAuth* - no security (http) + * *auth.method=certBasicAuth* - is used to enable mutual TLS authentication or/and basic HTTPs authentication + +Default ONAP deployed VESCollector is configured for "certBasicAuth". + +The default behavior can be changed by upgrading dcaegen2-services deployment with custom values: + .. code-block:: bash + + helm -n onap upgrade -dcaegen2-services oom/kubernetes/dcaegen2-services --reuse-values --values + +For example: + .. code-block:: bash + + helm -n onap upgrade dev-dcaegen2-services oom/kubernetes/dcaegen2-services --reuse-values --values new-config.yaml + +Where the contents of ``new-config.yaml`` file is: + .. code-block:: bash + + dcae-ves-collector: + applicationConfig: + auth.method: "noAuth" + +For small changes like this, it is also possible to inline the new value: + .. code-block:: bash + + helm -n onap upgrade dev-dcaegen2-services oom/kubernetes/dcaegen2-services --reuse-values --set dcae-ves-collector.applicationConfig.auth.method="noAuth" + +After the upgrade, the new auth method value should be visible inside dev-dcae-ves-collector-application-config-configmap Config-Map. +It can be verified by running: + .. code-block:: bash + + kubectl -n onap get cm -o yaml + +For VES Collector: + .. code-block:: bash + + kubectl -n onap get cm dev-dcae-ves-collector-application-config-configmap -o yaml + +Using external TLS certificates obtained using CMP v2 protocol +-------------------------------------------------------------- + +In order to use the X.509 certificates obtained from the CMP v2 server (so called "operator`s certificates"), refer to the following description: + +:ref:`Enabling TLS with external x.509 certificates ` + +Example values for VES Collector: + .. code-block:: bash + + global: + cmpv2Enabled: true + dcae-ves-collector: + useCmpv2Certificates: true + certificates: + - mountPath: /opt/app/dcae-certificate/external + commonName: dcae-ves-collector + dnsNames: + - dcae-ves-collector + - ves-collector + - ves + keystore: + outputType: + - jks + passwordSecretRef: + name: ves-cmpv2-keystore-password + key: password + create: true + -- cgit 1.2.3-korg From dfd2c661f6b1ab6dd2d727618314a8721566c07b Mon Sep 17 00:00:00 2001 From: Tomasz Wrobel Date: Tue, 14 Sep 2021 14:39:01 +0200 Subject: Add documentation of adding external repo schema via helm installation Issue-ID: DCAEGEN2-2630 Signed-off-by: Tomasz Wrobel Change-Id: I86907081085282416671d9c6289a8f6380ad66df --- .../services/ves-http/installation-helm.rst | 59 ++++++++++++++++++++-- 1 file changed, 56 insertions(+), 3 deletions(-) (limited to 'docs/sections/services') diff --git a/docs/sections/services/ves-http/installation-helm.rst b/docs/sections/services/ves-http/installation-helm.rst index 0a4cd9a9..9728e64b 100644 --- a/docs/sections/services/ves-http/installation-helm.rst +++ b/docs/sections/services/ves-http/installation-helm.rst @@ -18,12 +18,12 @@ Default ONAP deployed VESCollector is configured for "certBasicAuth". The default behavior can be changed by upgrading dcaegen2-services deployment with custom values: .. code-block:: bash - helm -n onap upgrade -dcaegen2-services oom/kubernetes/dcaegen2-services --reuse-values --values + helm -n upgrade -dcaegen2-services --reuse-values --values For example: .. code-block:: bash - helm -n onap upgrade dev-dcaegen2-services oom/kubernetes/dcaegen2-services --reuse-values --values new-config.yaml + helm -n onap upgrade dev-dcaegen2-services --reuse-values --values new-config.yaml oom/kubernetes/dcaegen2-services Where the contents of ``new-config.yaml`` file is: .. code-block:: bash @@ -35,7 +35,7 @@ Where the contents of ``new-config.yaml`` file is: For small changes like this, it is also possible to inline the new value: .. code-block:: bash - helm -n onap upgrade dev-dcaegen2-services oom/kubernetes/dcaegen2-services --reuse-values --set dcae-ves-collector.applicationConfig.auth.method="noAuth" + helm -n onap upgrade dev-dcaegen2-services --reuse-values --set dcae-ves-collector.applicationConfig.auth.method="noAuth" oom/kubernetes/dcaegen2-services After the upgrade, the new auth method value should be visible inside dev-dcae-ves-collector-application-config-configmap Config-Map. It can be verified by running: @@ -48,6 +48,59 @@ For VES Collector: kubectl -n onap get cm dev-dcae-ves-collector-application-config-configmap -o yaml + +.. _external-repo-schema-via-helm: + +External repository schema files integration with VES Collector +------------------------------------------------------------------- +In order to utilize the externalRepo openAPI schema files defined in `OOM `_ repository and installed with dcaegen2 module, follow below steps. + +1. Go to directory with dcaegen2-services helm charts (oom/kubernetes/dcaegen2-services). These charts should be located on RKE deployer node or server which is used to deploy and manage ONAP installation by Helm charts. +2. Create file with specific VES values-overrides: + +.. code-block:: yaml + + dcae-ves-collector: + externalVolumes: + - name: '' + type: configmap + mountPath: + optional: true + - name: '' + type: configmap + mountPath: + optional: true + +E.g: + +.. code-block:: yaml + + dcae-ves-collector: + externalVolumes: + - name: 'dev-dcae-external-repo-configmap-schema-map' + type: configmap + mountPath: /opt/app/VESCollector/etc/externalRepo + optional: true + - name: 'dev-dcae-external-repo-configmap-sa91-rel16' + type: configmap + mountPath: /opt/app/VESCollector/etc/externalRepo/3gpp/rep/sa5/MnS/blob/Rel-16-SA-91/OpenAPI + optional: true + +If more than a single external schema is required add new config map to object 'externalVolumes' like in above example. Make sure that all external schemas (all openAPI files) are reflected in the schema-map file. + +3. Upgrade release using following command: + +.. code-block:: bash + + helm -n upgrade --reuse-values -f + +E.g: + +.. code-block:: bash + + helm -n onap upgrade dev-dcaegen2-services --reuse-values -f values.yaml . + + Using external TLS certificates obtained using CMP v2 protocol -------------------------------------------------------------- -- cgit 1.2.3-korg