summaryrefslogtreecommitdiffstats
path: root/docs/sections/services/ves-http/installation-helm.rst
blob: d5f6bdd6c58d81a3306b8d5068cc22285ad02142 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. _ves-installation-helm:

VES Collector Helm Installation
===============================

Authentication Support - Helm based deployment
----------------------------------------------

VES Collector support following authentication types

    * *auth.method=noAuth* - no security (http)
    * *auth.method=certBasicAuth* - is used to enable mutual TLS authentication or/and basic HTTPs authentication

Default ONAP deployed VESCollector is configured for "certBasicAuth".

The default behavior can be changed by upgrading dcaegen2-services deployment with custom values:
    .. code-block:: bash

        helm -n <namespace> upgrade <DEPLOYMENT_PREFIX>-dcaegen2-services --reuse-values --values <path to values> <path to dcaegen2-services helm charts>

For example:
    .. code-block:: bash

        helm -n onap upgrade dev-dcaegen2-services --reuse-values --values new-config.yaml oom/kubernetes/dcaegen2-services

Where the contents of ``new-config.yaml`` file is:
    .. code-block:: bash

        dcae-ves-collector:
          applicationConfig:
            auth.method: "noAuth"

For small changes like this, it is also possible to inline the new value:
    .. code-block:: bash

        helm -n onap upgrade dev-dcaegen2-services --reuse-values --set dcae-ves-collector.applicationConfig.auth.method="noAuth" oom/kubernetes/dcaegen2-services

After the upgrade, the new auth method value should be visible inside dev-dcae-ves-collector-application-config-configmap Config-Map.
It can be verified by running:
    .. code-block:: bash

        kubectl -n onap get cm <config map name> -o yaml

For VES Collector:
    .. code-block:: bash

        kubectl -n onap get cm dev-dcae-ves-collector-application-config-configmap -o yaml


.. _external-repo-schema-via-helm:

External repository schema files integration with VES Collector
---------------------------------------------------------------
In order to utilize the externalRepo openAPI schema files defined in `OOM <https://gerrit.onap.org/r/gitweb?p=oom.git;a=tree;f=kubernetes/dcaegen2-services/resources/external>`_ repository and installed with dcaegen2 module, follow below steps.

.. note:: 
  For more information on generating schema files, see `External-schema-repo-generator (OOM Utils repository) <https://gerrit.onap.org/r/gitweb?p=oom/utils.git;a=tree;f=external-schema-repo-generator>`_
  
  Default ONAP deployment for Istanbul release makes available the SA88-Rel16 OpenAPI schema files; optionally SA99-Rel16 files can be loaded using the `Generator script <https://gerrit.onap.org/r/gitweb?p=oom/utils.git;a=blob;f=external-schema-repo-generator/generator/generate.sh>`_ based on the steps documented in `README <https://git.onap.org/oom/utils/tree/external-schema-repo-generator/README.md>`_


1. Go to directory with dcaegen2-services helm charts (oom/kubernetes/dcaegen2-services). These charts should be located on RKE deployer node or server which is used to deploy and manage ONAP installation by Helm charts.
2. Create file with specific VES values-overrides:

.. code-block:: yaml

  dcae-ves-collector:
    externalVolumes:
      - name: '<config map name with schema mapping file>'
        type: configmap
        mountPath: <path on VES collector container where externalRepo schema-map is expected>
        optional: true
      - name: '<config map name contains schemas>'
        type: configmap
        mountPath: <path on VES collector container where externalRepo openAPI files are stored>
        optional: true

E.g:

.. code-block:: yaml

  dcae-ves-collector:
    externalVolumes:
      - name: 'dev-dcae-external-repo-configmap-schema-map'
        type: configmap
        mountPath: /opt/app/VESCollector/etc/externalRepo
        optional: true
      - name: 'dev-dcae-external-repo-configmap-sa88-rel16'
        type: configmap
        mountPath: /opt/app/VESCollector/etc/externalRepo/3gpp/rep/sa5/MnS/blob/SA88-Rel16/OpenAPI 
        optional: true

If more than a single external schema is required add new config map to object 'externalVolumes' like in above example. Make sure that all external schemas (all openAPI files) are reflected in the schema-map file.

3. Upgrade release using following command:

.. code-block:: bash

  helm -n <namespace> upgrade <dcaegen2-services release name> --reuse-values -f <path to values.yaml file created in previous step> <path to dcaegen2-services helm chart>

E.g:

.. code-block:: bash

  helm -n onap upgrade dev-dcaegen2-services --reuse-values -f values.yaml .


Using external TLS certificates obtained using CMP v2 protocol
--------------------------------------------------------------

In order to use the X.509 certificates obtained from the CMP v2 server (so called "operator`s certificates"), refer to the following description:

:ref:`Enabling TLS with external x.509 certificates <external-tls-helm>`

Example values for VES Collector:
    .. code-block:: bash

        global:
          cmpv2Enabled: true
        dcae-ves-collector:
          useCmpv2Certificates: true
          certificates:
          - mountPath: /opt/app/dcae-certificate/external
            commonName: dcae-ves-collector
            dnsNames:
              - dcae-ves-collector
              - ves-collector
              - ves
            keystore:
              outputType:
                - jks
              passwordSecretRef:
                name: ves-cmpv2-keystore-password
                key: password
                create: true