VES Collector Helm Installation

Authentication Support - Helm based deployment

VES Collector support following authentication types

  • auth.method=noAuth - no security (http)

  • auth.method=certBasicAuth - is used to enable mutual TLS authentication or/and basic HTTPs authentication

Default ONAP deployed VESCollector is configured for “certBasicAuth”.

The default behavior can be changed by upgrading dcaegen2-services deployment with custom values:
helm -n <namespace> upgrade <DEPLOYMENT_PREFIX>-dcaegen2-services --reuse-values --values <path to values> <path to dcaegen2-services helm charts>
For example:
helm -n onap upgrade dev-dcaegen2-services --reuse-values --values new-config.yaml oom/kubernetes/dcaegen2-services
Where the contents of new-config.yaml file is:
dcae-ves-collector:
  applicationConfig:
    auth.method: "noAuth"
For small changes like this, it is also possible to inline the new value:
helm -n onap upgrade dev-dcaegen2-services --reuse-values --set dcae-ves-collector.applicationConfig.auth.method="noAuth" oom/kubernetes/dcaegen2-services

After the upgrade, the new auth method value should be visible inside dev-dcae-ves-collector-application-config-configmap Config-Map. It can be verified by running:

kubectl -n onap get cm <config map name> -o yaml

For VES Collector:

kubectl -n onap get cm dev-dcae-ves-collector-application-config-configmap -o yaml

External repository schema files integration with VES Collector

In order to utilize the externalRepo openAPI schema files defined in OOM repository and installed with dcaegen2 module, follow below steps.

Note

For more information on generating schema files, see External-schema-repo-generator (OOM Utils repository)

Default ONAP deployment for Istanbul release makes available the SA88-Rel16 OpenAPI schema files; optionally SA99-Rel16 files can be loaded using the Generator script based on the steps documented in README

  1. Go to directory with dcaegen2-services helm charts (oom/kubernetes/dcaegen2-services). These charts should be located on RKE deployer node or server which is used to deploy and manage ONAP installation by Helm charts.

  2. Create file with specific VES values-overrides:

dcae-ves-collector:
  externalVolumes:
    - name: '<config map name with schema mapping file>'
      type: configmap
      mountPath: <path on VES collector container where externalRepo schema-map is expected>
      optional: true
    - name: '<config map name contains schemas>'
      type: configmap
      mountPath: <path on VES collector container where externalRepo openAPI files are stored>
      optional: true

E.g:

dcae-ves-collector:
  externalVolumes:
    - name: 'dev-dcae-external-repo-configmap-schema-map'
      type: configmap
      mountPath: /opt/app/VESCollector/etc/externalRepo
      optional: true
    - name: 'dev-dcae-external-repo-configmap-sa88-rel16'
      type: configmap
      mountPath: /opt/app/VESCollector/etc/externalRepo/3gpp/rep/sa5/MnS/blob/SA88-Rel16/OpenAPI
      optional: true

If more than a single external schema is required add new config map to object ‘externalVolumes’ like in above example. Make sure that all external schemas (all openAPI files) are reflected in the schema-map file.

  1. Upgrade release using following command:

helm -n <namespace> upgrade <dcaegen2-services release name> --reuse-values -f <path to values.yaml file created in previous step> <path to dcaegen2-services helm chart>

E.g:

helm -n onap upgrade dev-dcaegen2-services --reuse-values -f values.yaml .

Using external TLS certificates obtained using CMP v2 protocol

In order to use the X.509 certificates obtained from the CMP v2 server (so called “operator`s certificates”), refer to the following description:

Enabling TLS with external x.509 certificates

Example values for VES Collector:
global:
  cmpv2Enabled: true
dcae-ves-collector:
  useCmpv2Certificates: true
  certificates:
  - mountPath: /opt/app/dcae-certificate/external
    commonName: dcae-ves-collector
    dnsNames:
      - dcae-ves-collector
      - ves-collector
      - ves
    keystore:
      outputType:
        - jks
      passwordSecretRef:
        name: ves-cmpv2-keystore-password
        key: password
        create: true