aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorosgn422w <gervais-martial.ngueko@intl.att.com>2019-05-23 14:19:39 +0200
committerosgn422w <gervais-martial.ngueko@intl.att.com>2019-05-23 14:19:39 +0200
commit10e3a8bcd4627db15e96e1737dcc72665a034717 (patch)
tree12a9194f973f1eeed97eeecdb289a3cc3fa4c651
parenta2cf024612d2ffe0956020d2d3402c759b878407 (diff)
kibana https only
remove http access and allow only https for kibana UI Issue-ID: OJSI-147 Change-Id: I6026044c919abd51b8b6bd3b65f9552555c98e4c Signed-off-by: osgn422w <gervais-martial.ngueko@intl.att.com>
-rw-r--r--kubernetes/clamp/charts/clamp-dash-kibana/resources/certs/org.onap.clamp.crt.pem30
-rw-r--r--kubernetes/clamp/charts/clamp-dash-kibana/resources/certs/org.onap.clamp.key.pem32
-rw-r--r--kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml6
-rw-r--r--kubernetes/clamp/charts/clamp-dash-kibana/templates/configmap.yaml9
-rw-r--r--kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml5
-rw-r--r--kubernetes/clamp/charts/clamp-dash-kibana/values.yaml3
6 files changed, 82 insertions, 3 deletions
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/resources/certs/org.onap.clamp.crt.pem b/kubernetes/clamp/charts/clamp-dash-kibana/resources/certs/org.onap.clamp.crt.pem
new file mode 100644
index 0000000000..ce630d4354
--- /dev/null
+++ b/kubernetes/clamp/charts/clamp-dash-kibana/resources/certs/org.onap.clamp.crt.pem
@@ -0,0 +1,30 @@
+Bag Attributes
+ friendlyName: clamp@clamp.onap.org
+ localKeyID: 54 69 6D 65 20 31 35 35 33 37 38 37 35 31 38 33 30 33
+subject=/CN=clamp/emailAddress=/OU=clamp@clamp.onap.org/OU=OSAAF/O=ONAP/C=US
+issuer=/C=US/O=ONAP/OU=OSAAF/CN=intermediateCA_9
+-----BEGIN CERTIFICATE-----
+MIIEKDCCAxCgAwIBAgIIWY+5kgf/UG4wDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
+BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
+bnRlcm1lZGlhdGVDQV85MB4XDTE5MDMyMTE2MTY1OFoXDTIwMDMyMTE2MTY1OFow
+bDEOMAwGA1UEAwwFY2xhbXAxDzANBgkqhkiG9w0BCQEWADEdMBsGA1UECwwUY2xh
+bXBAY2xhbXAub25hcC5vcmcxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ
+MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALic
+uDccBjOAlOsL1Z1nKnDPRTNxBwIVfARRQDxK3C0zDHQ5qEmIQlF0Vjp+bJ2rgzMW
+BnodC38zt1jSXymEsekZNV2sUyBbzJl6vxvA1xJKI9VHLyPSzyUEd1H4qh8b7IDX
+3GDqUJgNfvzJ94DaNnnYWFVZq/IYdLjCFaXDxPUQZtlmpdkIWBzvMeNRe4bWajau
+immkmSi5/2BYQfZXHXpiKiyBnN+1FbU3consmjNwS1L+PjD+k3JLsc5ANZYZMOTp
+Szhu3xmDiB3UV4gPQWacQQZEo/5exywY3Ax3TowGwIA660eSkW1L5RPdyvzEgp7A
+vu4+rbhfeR5bXjy2iAUCAwEAAaOB8jCB7zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQE
+AwIF4DAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0w
+S4AUgfeZWxC5yIze81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0w
+CwYDVQQKDARPTkFQMQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQU+GZ6wmWDPrmq
+Wd1/NtMYiCQ8Dg4wOwYDVR0RBDQwMoIFY2xhbXCCHWNsYW1wLmFwaS5zaW1wbGVk
+ZW1vLm9uYXAub3JnggpjbGFtcC5vbmFwMA0GCSqGSIb3DQEBCwUAA4IBAQCFZdhB
+U6xm6l0vj4q89onLx4opTPvwGNRc0n402lifkPYXseFtphZSHIf2Sg0mFTH4KHb4
+FdMyBzq1+f5WLU+xRC1nT4eGJ0FvRR6204/fGVrzJTS67phnRnxr2WZzLPW0wPJe
+K8SzN6tkUgE7/a/s0T/htE/blDxWh75+tA2jQlgj1Ri0y9A1J8wx++REKjGlHjFN
+53aiipsB+wC/oEMzYL4qEPiYPI0Lr3Lsay1F7f6cvDT4+EYzBLMFuwCvpcnHgSMS
+4fFj2ROmUG2+CC23B88Q0WNxjLPq/CrmHZZBsqwruPJ0cSuCQxfshTQ6uZhcjtu8
+6TRYkIcL0x9r/AHP
+-----END CERTIFICATE-----
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/resources/certs/org.onap.clamp.key.pem b/kubernetes/clamp/charts/clamp-dash-kibana/resources/certs/org.onap.clamp.key.pem
new file mode 100644
index 0000000000..fcf68bfa23
--- /dev/null
+++ b/kubernetes/clamp/charts/clamp-dash-kibana/resources/certs/org.onap.clamp.key.pem
@@ -0,0 +1,32 @@
+Bag Attributes
+ friendlyName: clamp@clamp.onap.org
+ localKeyID: 54 69 6D 65 20 31 35 35 33 37 38 37 35 31 38 33 30 33
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC4nLg3HAYzgJTr
+C9WdZypwz0UzcQcCFXwEUUA8StwtMwx0OahJiEJRdFY6fmydq4MzFgZ6HQt/M7dY
+0l8phLHpGTVdrFMgW8yZer8bwNcSSiPVRy8j0s8lBHdR+KofG+yA19xg6lCYDX78
+yfeA2jZ52FhVWavyGHS4whWlw8T1EGbZZqXZCFgc7zHjUXuG1mo2ropppJkouf9g
+WEH2Vx16YiosgZzftRW1N3KJ7JozcEtS/j4w/pNyS7HOQDWWGTDk6Us4bt8Zg4gd
+1FeID0FmnEEGRKP+XscsGNwMd06MBsCAOutHkpFtS+UT3cr8xIKewL7uPq24X3ke
+W148togFAgMBAAECggEATncV+R5pKFS7dteV2IvzxvTh1cZxkxoslu0t3zJ2OKPc
+5D1pYK+QeGx5Be2cHru6TOlMoXRc4ZjKke8AUXY74/Y573GB91vtL0KznYkuIHDw
+oALcb153eqVWTbniHMzSjcSxv2N4E9iQo8L39oVI6CrjCIvPgFuSqMCdUNJPkVTI
+4nsarTfLK4fzi7IbWzi9JdE1QRNIxcCMcYJRnLZMdneMLBleR0UL82Xc2KOy5SEt
+zyKYCQ8zS247FKolnOrDkhKxXI5fzdDpRK5AQSsAykUPWlYq7pzKjY/dU9rMRohx
+YSltFjPZ3sQ3UKqqIqhZS+GoVuZoc925WyhViPsqtQKBgQDsL4LFfPWN8nnsusQp
+VR3T7HvvwXuEVAydlaJMwZU0cRYN+L7RHHjDoXZZrNJDIDzNoWnBLKRGx3mtLmgJ
+9Pa6SxN6Oc8oo6jzv2D59g1PVjNOMOYTCTb/2Xum4LMLaeeF57HkWxzeA3Ws47++
+gXwzQpbE90tp1Ys4uXD3JoivvwKBgQDIGZTwLGhLSegdAjG83WEgmdtzT1kjvx0Q
+A8IR2jkgkTJHdKiuslJ8Z3/XufHEwWMWwfs1XLwxYluoo1y9eNvNeHZXjLqjL62c
+I3034F9IvvTUqFcxam2WdoklXbAiSvLUo/9exPgOuVxok6Zv1imRgGb/vYV9vyG7
+86MRuQu5OwKBgQC9E3fcA6JMpY3H3uhEsngzfMDm+fyYvfRvfyezzNFWbyWZv8V6
+gBGJg0vMlFarGDa044BW/hbw9qXI5zqwpeOS1aFdGsRlo0cRAuduk/Spy7c85FZ7
+bMgT4BZmTMHo5DpNb2NxDSO59AkThCuvJde47ZjnS5WavzI6EfKGWNnZ3wKBgQCF
+QiwjCp/mS/DtqLFxAsmVSYGROG231aXILYiIFRloa+ndFn7j4NP4D4FfLHErRFL2
+K/ddIUYfaU57b1fqwts26ht90LXWyYDH9AaHOMCcFLe+C+INgcA7rPNG1C7hl6JC
+JHmEJo7AV4eICZSU9D44rRdrB08oYCpaHjYiLmb1UwKBgQCWCDJ4p2DrNL9hzj3K
+kzvM5saXrfI4aVBXVt9rw9s1d/WG8JOpnmHcnLPb6Tj59rDktrLCLv0sVstMwNVJ
+sOO+qsgn1VoZalcVhhjdONm5YvhJQgz0F7Y2xkr6g/AuMPz2YigGfm7fe/z7rc+L
+q9Ua2HmUS8DDBy7W89MNZJNkDQ==
+-----END PRIVATE KEY-----
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml
index 1747c75811..a94413ce06 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml
+++ b/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml
@@ -64,9 +64,9 @@ elasticsearch.url: "http://{{.Values.config.elasticsearchServiceName}}.{{ includ
#elasticsearch.password: "changeme"
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
-#server.ssl.enabled: $server_ssl_enabled
-#server.ssl.certificate: $server_ssl_certificate
-#server.ssl.key: $server_ssl_key
+server.ssl.enabled: {{.Values.config.sslEnabled}}
+server.ssl.certificate: {{.Values.config.sslPemCertFilePath}}
+server.ssl.key: {{.Values.config.sslPemkeyFilePath}}
# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files validate that your Elasticsearch backend uses the same key files.
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/configmap.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/templates/configmap.yaml
index 9186cd919a..8fcd405fa9 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/configmap.yaml
+++ b/kubernetes/clamp/charts/clamp-dash-kibana/templates/configmap.yaml
@@ -25,3 +25,12 @@ metadata:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-pem-keys
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml
index d29148fe71..31752fc661 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml
+++ b/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml
@@ -75,6 +75,8 @@ spec:
- mountPath: /usr/share/kibana/config/kibana.yml
name: {{ include "common.fullname" . }}
subPath: kibana.yml
+ - name: {{ include "common.fullname" . }}-aaf-pem-certs
+ mountPath: /usr/share/kibana/config/keystore/
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -95,5 +97,8 @@ spec:
items:
- key: kibana.yml
path: kibana.yml
+ - name: {{ include "common.fullname" . }}-aaf-pem-certs
+ secret:
+ secretName: {{ include "common.fullname" . }}-aaf-pem-keys
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml
index 9356c47522..4d55338e06 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml
+++ b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml
@@ -44,6 +44,9 @@ debugEnabled: false
config:
elasticsearchServiceName: cdash-es
elasticsearchPort: 9200
+ sslEnabled: true
+ sslPemCertFilePath: /usr/share/kibana/config/keystore/org.onap.clamp.crt.pem
+ sslPemkeyFilePath: /usr/share/kibana/config/keystore/org.onap.clamp.key.pem
# default number of instances
replicaCount: 1