Deploy services for secured operations on a TPM Hardware Server

A. Helm Chart for ONAP Hardware Security Components

This includes the following Kubernetes services

dist-center - A service that is used to create and distribute private keys
abrmd - A service that manages access to the TPM device
Test application - A java application which signs and verifies the signed data

Cluster Configuration: Add a TPM Enabled node (Server) to the Kubernetes cluster by modifying the configuration file. include the field "label: {tpm-node}" along with other details. For example, when you are using rancher for deploying, modify the configuration.yaml file
Deploy the Cluster - In Case of RKE, use the command "./rke up --config-name cluster.yaml"
Run the following command to force the label as true on the specific TPM enabled node/nodes "kubectl label nodes <Name Of the TPM Enabled Node> --overwrite tpm-node=true"
Clone the onap/OOM Repo "git clone https://gerrit.onap.org/r/oom.git"
Open the values.yaml file under "~/ONAP/oom/kubernetes/aaf/charts/aaf-sshsm" directory and edit the field "enabled: true" under tpm (values.yaml)
Edit the configuration file "disable-allcharts.yaml" and set the field "aaf: enabled: true" (disable-allcharts.yaml)
Run "make all" and "make onap"
Deploy the helm charts - "helm deploy dev local/onap -f <disable-allcharts.yaml> --namespace <Name of the namespace>"

NOTE - This will bring up all the three service instances as mentioned above.

The logs can be viewed from: "kubectl logs -n <Name of the Namespace> <Name Of the Container>"