CPS Deployment

CPS OOM Charts

The CPS kubernetes chart is located in the OOM repository. This chart includes different cps components referred as <cps-component-name> further in the document are listed below:

Please refer to the OOM documentation on how to install and deploy ONAP.

Installing or Upgrading CPS Components

The assumption is you have cloned the charts from the OOM repository into a local directory.

Step 1 Go to the cps charts and edit properties in values.yaml files to make any changes to particular cps component if required.

cd oom/kubernetes/cps/components/<cps-component-name>

Step 2 Build the charts

cd oom/kubernetes
make SKIP_LINT=TRUE cps

Note

SKIP_LINT is only to reduce the “make” time

Step 3 Undeploying already deployed cps components

After undeploying cps components, keep monitoring the cps pods until they go away.

helm del --purge <my-helm-release>-<cps-component-name>
kubectl get pods -n <namespace> | grep <cps-component-name>

Step 4 Make sure there is no orphan database persistent volume or claim.

First, find if there is an orphan database PV or PVC with the following commands:

Note

This step does not apply to ncmp-dmi-plugin.

kubectl get pvc -n <namespace> | grep <cps-component-name>
kubectl get pv -n <namespace> | grep <cps-component-name>

If there are any orphan resources, delete them with

kubectl delete pvc <orphan-cps-core-pvc-name>
kubectl delete pv <orphan-cps-core-pv-name>

Step 5 Delete NFS persisted data for CPS components

Connect to the machine where the file system is persisted and then execute the below command

rm -fr /dockerdata-nfs/<my-helm-release>/<cps-component-name>

Step 6 Re-Deploy cps pods

After deploying cps, keep monitoring the cps pods until they come up.

helm deploy <my-helm-release> local/cps --namespace <namespace>
kubectl get pods -n <namespace> | grep <cps-component-name>

Restarting a faulty component

Each cps component can be restarted independently by issuing the following command:

kubectl delete pod <cps-component-pod-name> -n <namespace>

Credentials Retrieval

Application and database credentials are kept in Kubernetes secrets. They are defined as external secrets in the values.yaml file to be used across different components as :

Below are the list of secrets for different cps components.

Component

Secret type

Secret Name

cps-core

Database authentication

<my-helm-release>-cps-core-pg-user-creds

cps-core

Rest API Authentication

<my-helm-release>-cps-core-app-user-creds

cps-temporal

Rest API Authentication

<my-helm-release>-cps-temporal-app-user-creds

cps-temporal

Database authentication

<my-helm-release>-cps-temporal-pg-user-creds

ncmp-dmi-plugin

Rest API Authentication

<my-helm-release>-cps-dmi-plugin-user-creds

ncmp-dmi-plugin

SDNC authentication

<my-helm-release>-ncmp-dmi-plugin-sdnc-creds

The credential values from these secrets are configured in running container as environment variables. Eg: cps core deployment.yaml

If no specific passwords are provided to the chart as override values for deployment, then passwords are automatically generated when deploying the Helm release. Below command can be used to retrieve application property credentials

kubectl get secret <my-helm-release>-<secret-name> -n <namespace> -o json | jq '.data | map_values(@base64d)'

Note

base64d works only with jq version 1.6 or above.

CPS Core Pods

To get a listing of the cps-core Pods, run the following command:

kubectl get pods -n <namespace> | grep cps-core

dev-cps-core-ccd4cc956-r98pv                          1/1     Running            0          24h
dev-cps-core-postgres-primary-f7766d46c-s9d5b         1/1     Running            0          24h
dev-cps-core-postgres-replica-84659d68f9-6qnt4        1/1     Running            0          24h

Additional Cps-Core Customizations

The following table lists some properties that can be specified as Helm chart values to configure the application to be deployed. This list is not exhaustive.

Property

Description

Default Value

config.appUserName

User name used by cps-core service to configure the authentication for REST API it exposes.

This is the user name to be used by cps-core REST clients to authenticate themselves.

cpsuser

config.appUserPassword

Password used by cps-core service to configure the authentication for REST API it exposes.

This is the password to be used by CPS Temporal REST clients to authenticate themselves.

If not defined, the password is generated when deploying the application.

See also Credentials Retrieval.

Not defined

config.dmiPluginUserName

User name used by cps-core to authenticate themselves for using ncmp-dmi-plugin service.

dmiuser

config.dmiPluginUserPassword

Internal password used by cps-core to connect to ncmp-dmi-plugin service.

If not defined, the password is generated when deploying the application.

See also Credentials Retrieval.

Not defined

postgres.config.pgUserName

Internal user name used by cps-core to connect to its own database.

cps

postgres.config.pgUserPassword

Internal password used by cps-core to connect to its own database.

If not defined, the password is generated when deploying the application.

See also Credentials Retrieval.

Not defined

postgres.config.pgDatabase

Database name used by cps-core

cpsdb

logging.level

Logging level set in cps-core

info

config.eventPublisher. spring.kafka.bootstrap-servers

Kafka hostname and port

message-router-kafka:9092

config.eventPublisher. spring.kafka.consumer.client-id

Kafka consumer client id

cps-core

config.publisher. spring.kafka.security.protocol

Kafka security protocol. Some possible values are:

  • PLAINTEXT

  • SASL_PLAINTEXT, for authentication

  • SASL_SSL, for authentication and encryption

PLAINTEXT

config.publisher. spring.kafka.properties. sasl.mechanism

Kafka security SASL mechanism. Required for SASL_PLAINTEXT and SASL_SSL protocols. Some possible values are:

  • PLAIN, for PLAINTEXT

  • SCRAM-SHA-512, for SSL

Not defined

config.publisher. spring.kafka.properties. sasl.jaas.config

Kafka security SASL JAAS configuration. Required for SASL_PLAINTEXT and SASL_SSL protocols. Some possible values are:

  • org.apache.kafka.common.security.plain.PlainLoginModule required username="..." password="...";, for PLAINTEXT

  • org.apache.kafka.common.security.scram.ScramLoginModule required username="..." password="...";, for SSL

Not defined

config.publisher. spring.kafka.ssl.trust-store-type

Kafka security SASL SSL store type. Required for SASL_SSL protocol. Some possible values are:

  • JKS

Not defined

config.publisher. spring.kafka.ssl.trust-store-location

Kafka security SASL SSL store file location. Required for SASL_SSL protocol.

Not defined

config.publisher. spring.kafka.ssl.trust-store-password

Kafka security SASL SSL store password. Required for SASL_SSL protocol.

Not defined

config.publisher. spring.kafka.properties. ssl.endpoint.identification.algorithm

Kafka security SASL SSL broker hostname identification verification. Required for SASL_SSL protocol. Possible value is:

  • "", empty string to disable

Not defined

config.additional. notification.data-updated.topic

Kafka topic to publish to cps-temporal

cps.data-updated-events

config.additional. notification.data-updated.enabled

If notification from cps-core to cps-temporal is enabled or not. If this is set to false, then the config.publisher properties could be skipped.

true

config.additional. notification.data-updated.filters. enabled-dataspaces

Dataspaces to be enabled for publishing events to cps-temporal

config.additional. notification.async.enabled

If notifications should be processed in synchronous or asynchronous manner

false

config.additional. notification.async.executor. core-pool-size

Core pool size in asynchronous execution of notification.

2

config.additional. notification.async.executor. max-pool-size

Max pool size in asynchronous execution of notification.

1

config.additional. notification.async.executor. queue-capacity

Queue Capacity in asynchronous execution of notification.

500

config.additional. notification.async.executor. wait-for-tasks-to-complete-on-shutdown

If the executor should wait for the tasks to be completed on shutdown

true

config.additional. notification.async.executor. thread-name-prefix

Prefix to be added to the thread name in asynchronous execution of notifications.

async_

CPS-Core Docker Installation

CPS-Core can also be installed in a docker environment. Latest docker-compose is included in the repo to start all the relevant services. The latest instructions are covered in the README.