blob: f251f61d72fa64990ed49169678a8a9617d3a4cc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. _ves-installation-helm:
VES Collector Helm Installation
===============================
Authentication Support - Helm based deployment
----------------------------------------------
VES Collector support following authentication types
* *auth.method=noAuth* - no security (http)
* *auth.method=certBasicAuth* - is used to enable mutual TLS authentication or/and basic HTTPs authentication
Default ONAP deployed VESCollector is configured for "certBasicAuth".
The default behavior can be changed by upgrading dcaegen2-services deployment with custom values:
.. code-block:: bash
helm -n <namespace> upgrade <DEPLOYMENT_PREFIX>-dcaegen2-services --reuse-values --values <path to values> <path to dcaegen2-services helm charts>
For example:
.. code-block:: bash
helm -n onap upgrade dev-dcaegen2-services --reuse-values --values new-config.yaml oom/kubernetes/dcaegen2-services
Where the contents of ``new-config.yaml`` file is:
.. code-block:: yaml
dcae-ves-collector:
applicationConfig:
auth.method: "noAuth"
For small changes like this, it is also possible to inline the new value:
.. code-block:: bash
helm -n onap upgrade dev-dcaegen2-services --reuse-values --set dcae-ves-collector.applicationConfig.auth.method="noAuth" oom/kubernetes/dcaegen2-services
After the upgrade, the new auth method value should be visible inside dev-dcae-ves-collector-application-config-configmap Config-Map.
It can be verified by running:
.. code-block:: bash
kubectl -n onap get cm <config map name> -o yaml
For VES Collector:
.. code-block:: bash
kubectl -n onap get cm dev-dcae-ves-collector-application-config-configmap -o yaml
.. _external-repo-schema-via-helm:
External repository schema files integration with VES Collector
---------------------------------------------------------------
In order to utilize the externalRepo openAPI schema files defined in `OOM <https://gerrit.onap.org/r/gitweb?p=oom.git;a=tree;f=kubernetes/dcaegen2-services/resources/external>`_ repository and installed with dcaegen2 module, follow below steps.
.. note::
For more information on generating schema files, see `External-schema-repo-generator (OOM Utils repository) <https://gerrit.onap.org/r/gitweb?p=oom/utils.git;a=tree;f=external-schema-repo-generator>`_
Default ONAP deployment for Istanbul release makes available the SA88-Rel16 OpenAPI schema files; optionally SA99-Rel16 files can be loaded using the `Generator script <https://gerrit.onap.org/r/gitweb?p=oom/utils.git;a=blob;f=external-schema-repo-generator/generator/generate.sh>`_ based on the steps documented in `README <https://git.onap.org/oom/utils/tree/external-schema-repo-generator/README.md>`_
1. Go to directory with dcaegen2-services helm charts (oom/kubernetes/dcaegen2-services). These charts should be located on RKE deployer node or server which is used to deploy and manage ONAP installation by Helm charts.
2. Create file with specific VES values-overrides:
.. code-block:: yaml
dcae-ves-collector:
externalVolumes:
- name: '<config map name with schema mapping file>'
type: configmap
mountPath: <path on VES collector container where externalRepo schema-map is expected>
optional: true
- name: '<config map name contains schemas>'
type: configmap
mountPath: <path on VES collector container where externalRepo openAPI files are stored>
optional: true
E.g:
.. code-block:: yaml
dcae-ves-collector:
externalVolumes:
- name: 'dev-dcae-external-repo-configmap-schema-map'
type: configmap
mountPath: /opt/app/VESCollector/etc/externalRepo
optional: true
- name: 'dev-dcae-external-repo-configmap-sa88-rel16'
type: configmap
mountPath: /opt/app/VESCollector/etc/externalRepo/3gpp/rep/sa5/MnS/blob/SA88-Rel16/OpenAPI
optional: true
If more than a single external schema is required add new config map to object 'externalVolumes' like in above example. Make sure that all external schemas (all openAPI files) are reflected in the schema-map file.
3. Upgrade release using following command:
.. code-block:: bash
helm -n <namespace> upgrade <dcaegen2-services release name> --reuse-values -f <path to values.yaml file created in previous step> <path to dcaegen2-services helm chart>
E.g:
.. code-block:: bash
helm -n onap upgrade dev-dcaegen2-services --reuse-values -f values.yaml .
Using external TLS certificates obtained using CMP v2 protocol
--------------------------------------------------------------
In order to use the X.509 certificates obtained from the CMP v2 server (so called "operator`s certificates"), refer to the following description:
:ref:`Enabling TLS with external x.509 certificates <tls_enablement>`
Example values for VES Collector:
.. code-block:: yaml
global:
cmpv2Enabled: true
dcae-ves-collector:
useCmpv2Certificates: true
certificates:
- mountPath: /opt/app/dcae-certificate/external
commonName: dcae-ves-collector
dnsNames:
- dcae-ves-collector
- ves-collector
- ves
keystore:
outputType:
- jks
passwordSecretRef:
name: ves-cmpv2-keystore-password
key: password
create: true
|
