| Table of Contents |
|---|
...
- Generate testing PKCS #12 files usingĀ https://gerrit.onap.org/r/gitweb?p=dcaegen2/collectors/hv-ves.git;a=blob_plain;f=ssl/gen-certs.sh;hb=HEAD and store in k8s nfs dir /dockerdata-nfs/ssl
- Edit HV-VES deployment (kubectl -n onap edit deployment/dep-dcae-hv-ves-collector) by removing VESHV_SSL_DISABLE flagand adding VESHV_TRUST_STORE, VESHV_KEY_STORE, VESHV_TRUST_STORE_PASSWORD, VESHV_KEY_STORE_PASSWORD ones.
Add entry to mountĀ mount node:/dockerdata-nfs/ssl to containter:/etc/ves-hv :
| No Format |
|---|
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "4"
creationTimestamp: 2018-10-04T15:15:21Z
generation: 4
labels:
app: dcae-hv-ves-collector
cfydeployment: hv-ves
cfynode: hv-ves
cfynodeinstance: hv-ves_eipq6a
k8sdeployment: dep-dcae-hv-ves-collector
name: dep-dcae-hv-ves-collector
namespace: onap
resourceVersion: "1452331"
selfLink: /apis/extensions/v1beta1/namespaces/onap/deployments/dep-dcae-hv-ves-collector
uid: 4f6c9488-c7e8-11e8-b920-026901117392
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: dcae-hv-ves-collector
cfydeployment: hv-ves
cfynode: hv-ves
cfynodeinstance: hv-ves_eipq6a
k8sdeployment: dep-dcae-hv-ves-collector
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: dcae-hv-ves-collector
cfydeployment: hv-ves
cfynode: hv-ves
cfynodeinstance: hv-ves_eipq6a
k8sdeployment: dep-dcae-hv-ves-collector
spec:
containers:
- env:
- name: CONSUL_HOST
value: consul-server.onap
- name: VESHV_KEY_STORE_PASSWORD
value: onaponap
- name: VESHV_TRUST_STORE_PASSWORD
value: onaponap
- name: VESHV_KEY_STORE
value: /etc/ves-hv/server.p12
- name: VESHV_TRUST_STORE
value: /etc/ves-hv/trust.p12
- name: VESHV_CONFIG_URL
value: http://consul-server.onap:8500/v1/kv/dcae-hv-ves-collector
- name: VESHV_LISTEN_PORT
value: "6061"
- name: CONFIG_BINDING_SERVICE
value: config-binding-service
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
image: nexus3.onap.org:10001/onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.0.0-SNAPSHOT
imagePullPolicy: IfNotPresent
name: dcae-hv-ves-collector
ports:
- containerPort: 6061
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /opt/app/HvVesCollector/logs
name: component-log
- mountPath: /etc/ves-hv
name: ssldir
- env:
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
image: docker.elastic.co/beats/filebeat:5.5.0
imagePullPolicy: IfNotPresent
name: filebeat
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/log/onap/dcae-hv-ves-collector
name: component-log
- mountPath: /usr/share/filebeat/data
name: filebeat-data
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
dnsPolicy: ClusterFirst
hostname: dcae-hv-ves-collector
imagePullSecrets:
- name: onap-docker-registry-key
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: component-log
- emptyDir: {}
name: filebeat-data
- configMap:
defaultMode: 420
name: dcae-filebeat-configmap
name: filebeat-conf
- hostPath:
path: /dockerdata-nfs/ssl
type: ""
name: ssldir
status:
availableReplicas: 1
conditions:
- lastTransitionTime: 2018-10-04T15:15:21Z
lastUpdateTime: 2018-10-04T15:15:21Z
message: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: "True"
type: Available
- lastTransitionTime: 2018-10-04T15:15:21Z
lastUpdateTime: 2018-10-05T14:10:15Z
message: ReplicaSet "dep-dcae-hv-ves-collector-7986d777dc" has successfully progressed.
reason: NewReplicaSetAvailable
status: "True"
type: Progressing
observedGeneration: 4
readyReplicas: 1
replicas: 1
updatedReplicas: 1 |
...