Deploy services for secured operations on a TPM Hardware Server

A. Helm Chart for ONAP Hardware Security Components 

This includes the following Kubernetes services

1. dist-center - A service that is used to create and distribute private keys
2. abrmd - A service that manages access to the TPM device
3. Test application - A java application which signs and verifies the signed data

B. The following steps are required to deploy the helm charts for the services above

1. Cluster Configuration: Add a TPM Enabled node (Server) to the Kubernetes cluster by modifying the configuration file. include the field "label: {tpm-node}" along with other details. For example, when you are using rancher for deploying, modify the configuration.yaml file
2. Deploy the Cluster - In Case of RKE, use the command  "./rke up --config-name cluster.yaml" 
3. Run the following command to force the label as true on the specific TPM enabled node/nodes "kubectl label nodes <Name Of the TPM Enabled Node> --overwrite tpm-node=true"
4. Clone the onap/OOM Repo "git clone https://gerrit.onap.org/r/oom.git"
5. Open the values.yaml file under "~/ONAP/oom/kubernetes/aaf/charts/aaf-sshsm" directory and edit the field "enabled: true" under tpm (values.yaml)
6. Edit the configuration file "disable-allcharts.yaml" and set the field "aaf: enabled: true" (disable-allcharts.yaml)
7. Run "make all" and "make onap"
8. Deploy the helm charts - "helm deploy dev local/onap -f <disable-allcharts.yaml> --namespace <Name of the namespace>"

NOTE - This will bring up all the three service instances as mentioned above.

The logs can be viewed from: "kubectl logs -n <Name of the Namespace> <Name Of the Container>"

C. Helm Setup→ helm Setup Guide