summaryrefslogtreecommitdiffstats
path: root/kubernetes/clamp/charts/clamp-dash-es
diff options
context:
space:
mode:
authorosgn422w <gervais-martial.ngueko@intl.att.com>2020-02-11 15:50:21 +0100
committerosgn422w <gervais-martial.ngueko@intl.att.com>2020-02-21 10:56:48 +0100
commitb561a597b5506eb2ea43aba1bac1825a1c8b3514 (patch)
treee6dba8592ce4b2300de547d26970863adc807a56 /kubernetes/clamp/charts/clamp-dash-es
parenta8d9663f1e84d021f5a1be309aabd3f13cb8c91d (diff)
move to OpenDistro
move dashboard to Opendistro and certificate update Issue-ID: CLAMP-483 Change-Id: Ibaba1d517c13adeab611ab23749fb16295081372 Signed-off-by: osgn422w <gervais-martial.ngueko@intl.att.com>
Diffstat (limited to 'kubernetes/clamp/charts/clamp-dash-es')
-rw-r--r--kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml116
-rw-r--r--kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml2
-rw-r--r--kubernetes/clamp/charts/clamp-dash-es/values.yaml18
3 files changed, 59 insertions, 77 deletions
diff --git a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml
index 26affe600c..e4deab0e15 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml
+++ b/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml
@@ -1,4 +1,5 @@
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+---
+# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -30,30 +31,24 @@
# The default name is elasticsearch, but you should change it to an appropriate name which describes the
# purpose of the cluster.
#
-cluster.name: "clamp-dashboard"
-#
-# The port that other nodes in the cluster should use when communicating with this node.
-# Required for Elasticsearch's nodes running on different cluster nodes.
-# More : https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html
-#transport.publish_port:$transport.publish_port
-#
-# The host address to publish for nodes in the cluster to connect to.
-# Required for Elasticsearch's nodes running on different cluster nodes.
-# More : https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html
-#transport.publish_host:$transport.publish_host
+## Default Elasticsearch configuration from elasticsearch-docker.
+## from https://opendistro.github.io/for-elasticsearch-docs/docs/elasticsearch/configuration/
#
-# ------------------------------------ Node ------------------------------------
-#
-# It is better to provide different meaningfull names fot different elastic nodes.
-# By default, Elasticsearch will take the 7 first character of the randomly generated uuid used as the node id.
-# Note that the node id is persisted and does not change when a node restarts
+
+cluster.name: "clamp-dashboard"
+node.name: "cldash-es-node1"
+# ---------------------------------- Network -----------------------------------
#
-#node.name: $node.name
+# Set the bind address to a specific IP (IPv4 or IPv6):
+# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a
+# non-loopback address.
+network.host: 0.0.0.0
#
-# Add custom attributes to the node:
+# Set a custom port for HTTP: If required, default is 9200-9300
#
-#node.attr.rack: r1
+#http.port: $http.port
#
+# For more information, consult the network module documentation.
# ----------------------------------- Paths ------------------------------------
#
# The location of the data files of each index / shard allocated on the node. Can hold multiple locations separated by coma.
@@ -78,19 +73,6 @@ bootstrap.memory_lock: false
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
-# ---------------------------------- Network -----------------------------------
-#
-# Set the bind address to a specific IP (IPv4 or IPv6):
-# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a
-# non-loopback address.
-network.host: 0.0.0.0
-#
-# Set a custom port for HTTP: If required, default is 9200-9300
-#
-#http.port: $http.port
-#
-# For more information, consult the network module documentation.
-#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started
@@ -98,24 +80,16 @@ network.host: 0.0.0.0
# that are likely to be live and contactable.
# By default, Elasticsearch will bind to the available loopback addresses and will scan ports 9300 to 9305 to try
# to connect to other nodes running on the same server.
-#
-#$discovery.zen.ping.unicast.hosts
-#
-# This setting tells Elasticsearch to not elect a master unless there are enough master-eligible nodes
-# available. Only then will an election take place.
-# Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1):
+# # minimum_master_nodes need to be explicitly set when bound on a public IP
+# # set to 1 to allow single node clusters
+# # Details: https://github.com/elastic/elasticsearch/pull/17288
discovery.zen.minimum_master_nodes: 1
-#
-# For more information, consult the zen discovery module documentation.
-#
-# ---------------------------------- Gateway -----------------------------------
-#
-# Block initial recovery after a full cluster restart until N nodes are started:
-#
-#gateway.recover_after_nodes: 3
-#
-# For more information, consult the gateway module documentation.
-#
+discovery.seed_hosts: []
+# # Breaking change in 7.0
+# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes
+cluster.initial_master_nodes:
+ - cldash-es-node1
+# - docker-test-node-1
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
@@ -129,26 +103,26 @@ http.port: {{.Values.service.externalPort}}
# Defaults to 9300-9400.
# More info:
transport.tcp.port: {{.Values.service.externalPort2}}
-#xpack.graph.enabled: false
-#Set to false to disable X-Pack graph features.
-#xpack.ml.enabled: false
-#Set to false to disable X-Pack machine learning features.
-#xpack.monitoring.enabled: false
-#Set to false to disable X-Pack monitoring features.
+######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
+# WARNING: revise all the lines below before you go into production
+opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
+opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
+opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.ssl.transport.enforce_hostname_verification: false
+opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
+opendistro_security.ssl.http.pemcert_filepath: esnode.pem
+opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
+opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.allow_unsafe_democertificates: true
+opendistro_security.allow_default_init_securityindex: true
+opendistro_security.authcz.admin_dn:
+ - CN=kirk,OU=client,O=client,L=test, C=de
-#xpack.watcher.enabled: false
-#Set to false to disable Watcher.
-
-#xpack.license.self_generated.type: basic
-#xpack.security.enabled: false
-
-## Search Guard
-#
-searchguard.enterprise_modules_enabled: false
-searchguard.ssl.transport.keystore_filepath: sg/node-0-keystore.jks
-searchguard.ssl.transport.truststore_filepath: sg/truststore.jks
-searchguard.ssl.transport.enforce_hostname_verification: false
-
-searchguard.authcz.admin_dn:
- - "CN=kirk,OU=client,O=client,l=tEst,C=De"
+opendistro_security.audit.type: internal_elasticsearch
+opendistro_security.enable_snapshot_restore_privilege: true
+opendistro_security.check_snapshot_restore_write_privileges: true
+opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
+cluster.routing.allocation.disk.threshold_enabled: false
+node.max_local_storage_nodes: 3
+######## End OpenDistro for Elasticsearch Security Demo Configuration ######## \ No newline at end of file
diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml
index 8060a35b43..58ff107568 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml
+++ b/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml
@@ -73,12 +73,14 @@ spec:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
port: {{ .Values.service.internalPort2 }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
env:
volumeMounts:
- mountPath: /etc/localtime
diff --git a/kubernetes/clamp/charts/clamp-dash-es/values.yaml b/kubernetes/clamp/charts/clamp-dash-es/values.yaml
index 2d67048844..ae7abd5ec4 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/values.yaml
+++ b/kubernetes/clamp/charts/clamp-dash-es/values.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -32,7 +32,7 @@ busyboxImage: library/busybox:latest
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-elasticsearch:4.1.1
+image: onap/clamp-dashboard-elasticsearch:5.0.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -51,15 +51,17 @@ affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 180
+ periodSeconds: 30
+ timeoutSeconds: 5
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 180
+ periodSeconds: 30
+ timeoutSeconds: 5
## Persist data to a persitent volume
persistence:
@@ -83,6 +85,10 @@ persistence:
mountSubPath: clamp/dashboard-elasticsearch/data
mountSubPathLogs: clamp
+security:
+ ssl:
+ enabled: true
+
service:
type: ClusterIP
name: cdash-es