Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Deploy services for secured operations on a TPM Hardware Server

A. Helm Chart for ONAP Hardware Security Components 

This includes the following Kubernetes services

  1. dist-center - A service that is used to create and distribute private keys
  2. abrmd - A service that manages access to the TPM device
  3. Test application - A java application which signs and verifies the signed data

B. The following steps are required to deploy the helm charts for the same

  1. Cluster Configuration: Add a TPM Enabled node (Server) to the Kubernetes cluster by modifying the configuration file. include the field "label: {tpm-node}" along with other details. For example, when you are using rancher for deploying, modify the configuration.yaml file
  2. Deploy the Cluster - In Case of RKE, use the command  "./rke up --config-name cluster.yaml" 
  3. Run the following command to force the label as true on the specific TPM enabled node/nodes "kubectl label nodes <Name Of the TPM Enabled Node> --overwrite tpm-node=true"
  4. Clone the onap/OOM Repo "git clone https://gerrit.onap.org/r/oom.git"
  5. Open the values.yaml file under "~/ONAP/oom/kubernetes/aaf/charts/aaf-sshsm" directory and edit the field "enabled: true" at line 27 (values.yaml)
  6. Edit the configuration file "disable-allcharts.yamland set the field "aaf: enabled: true" (disable-allcharts.yaml)
  7. Deploy the helm charts - "helm deploy dev local/onap -f <disable-allcharts.yaml> --namespace <Name of the namespace>"

NOTE - This will bring up all the three service instances as mentioned above.

The logs can be viewed from: "kubectl logs -n <Name of the Namespace> <Name Of the Container>"

C. Helm Setup→ helm Setup Guide

  • No labels