diff options
author | osgn422w <gervais-martial.ngueko@intl.att.com> | 2020-02-11 15:50:21 +0100 |
---|---|---|
committer | osgn422w <gervais-martial.ngueko@intl.att.com> | 2020-02-21 10:56:48 +0100 |
commit | b561a597b5506eb2ea43aba1bac1825a1c8b3514 (patch) | |
tree | e6dba8592ce4b2300de547d26970863adc807a56 /kubernetes/clamp/charts/clamp-dash-es | |
parent | a8d9663f1e84d021f5a1be309aabd3f13cb8c91d (diff) |
move to OpenDistro
move dashboard to Opendistro and certificate update
Issue-ID: CLAMP-483
Change-Id: Ibaba1d517c13adeab611ab23749fb16295081372
Signed-off-by: osgn422w <gervais-martial.ngueko@intl.att.com>
Diffstat (limited to 'kubernetes/clamp/charts/clamp-dash-es')
3 files changed, 59 insertions, 77 deletions
diff --git a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml index 26affe600c..e4deab0e15 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml +++ b/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml @@ -1,4 +1,5 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +--- +# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,30 +31,24 @@ # The default name is elasticsearch, but you should change it to an appropriate name which describes the # purpose of the cluster. # -cluster.name: "clamp-dashboard" -# -# The port that other nodes in the cluster should use when communicating with this node. -# Required for Elasticsearch's nodes running on different cluster nodes. -# More : https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html -#transport.publish_port:$transport.publish_port -# -# The host address to publish for nodes in the cluster to connect to. -# Required for Elasticsearch's nodes running on different cluster nodes. -# More : https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html -#transport.publish_host:$transport.publish_host +## Default Elasticsearch configuration from elasticsearch-docker. +## from https://opendistro.github.io/for-elasticsearch-docs/docs/elasticsearch/configuration/ # -# ------------------------------------ Node ------------------------------------ -# -# It is better to provide different meaningfull names fot different elastic nodes. -# By default, Elasticsearch will take the 7 first character of the randomly generated uuid used as the node id. -# Note that the node id is persisted and does not change when a node restarts + +cluster.name: "clamp-dashboard" +node.name: "cldash-es-node1" +# ---------------------------------- Network ----------------------------------- # -#node.name: $node.name +# Set the bind address to a specific IP (IPv4 or IPv6): +# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a +# non-loopback address. +network.host: 0.0.0.0 # -# Add custom attributes to the node: +# Set a custom port for HTTP: If required, default is 9200-9300 # -#node.attr.rack: r1 +#http.port: $http.port # +# For more information, consult the network module documentation. # ----------------------------------- Paths ------------------------------------ # # The location of the data files of each index / shard allocated on the node. Can hold multiple locations separated by coma. @@ -78,19 +73,6 @@ bootstrap.memory_lock: false # # Elasticsearch performs poorly when the system is swapping the memory. # -# ---------------------------------- Network ----------------------------------- -# -# Set the bind address to a specific IP (IPv4 or IPv6): -# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a -# non-loopback address. -network.host: 0.0.0.0 -# -# Set a custom port for HTTP: If required, default is 9200-9300 -# -#http.port: $http.port -# -# For more information, consult the network module documentation. -# # --------------------------------- Discovery ---------------------------------- # # Pass an initial list of hosts to perform discovery when new node is started @@ -98,24 +80,16 @@ network.host: 0.0.0.0 # that are likely to be live and contactable. # By default, Elasticsearch will bind to the available loopback addresses and will scan ports 9300 to 9305 to try # to connect to other nodes running on the same server. -# -#$discovery.zen.ping.unicast.hosts -# -# This setting tells Elasticsearch to not elect a master unless there are enough master-eligible nodes -# available. Only then will an election take place. -# Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1): +# # minimum_master_nodes need to be explicitly set when bound on a public IP +# # set to 1 to allow single node clusters +# # Details: https://github.com/elastic/elasticsearch/pull/17288 discovery.zen.minimum_master_nodes: 1 -# -# For more information, consult the zen discovery module documentation. -# -# ---------------------------------- Gateway ----------------------------------- -# -# Block initial recovery after a full cluster restart until N nodes are started: -# -#gateway.recover_after_nodes: 3 -# -# For more information, consult the gateway module documentation. -# +discovery.seed_hosts: [] +# # Breaking change in 7.0 +# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes +cluster.initial_master_nodes: + - cldash-es-node1 +# - docker-test-node-1 # ---------------------------------- Various ----------------------------------- # # Require explicit names when deleting indices: @@ -129,26 +103,26 @@ http.port: {{.Values.service.externalPort}} # Defaults to 9300-9400. # More info: transport.tcp.port: {{.Values.service.externalPort2}} -#xpack.graph.enabled: false -#Set to false to disable X-Pack graph features. -#xpack.ml.enabled: false -#Set to false to disable X-Pack machine learning features. -#xpack.monitoring.enabled: false -#Set to false to disable X-Pack monitoring features. +######## Start OpenDistro for Elasticsearch Security Demo Configuration ######## +# WARNING: revise all the lines below before you go into production +opendistro_security.ssl.transport.pemcert_filepath: esnode.pem +opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem +opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem +opendistro_security.ssl.transport.enforce_hostname_verification: false +opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}} +opendistro_security.ssl.http.pemcert_filepath: esnode.pem +opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem +opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem +opendistro_security.allow_unsafe_democertificates: true +opendistro_security.allow_default_init_securityindex: true +opendistro_security.authcz.admin_dn: + - CN=kirk,OU=client,O=client,L=test, C=de -#xpack.watcher.enabled: false -#Set to false to disable Watcher. - -#xpack.license.self_generated.type: basic -#xpack.security.enabled: false - -## Search Guard -# -searchguard.enterprise_modules_enabled: false -searchguard.ssl.transport.keystore_filepath: sg/node-0-keystore.jks -searchguard.ssl.transport.truststore_filepath: sg/truststore.jks -searchguard.ssl.transport.enforce_hostname_verification: false - -searchguard.authcz.admin_dn: - - "CN=kirk,OU=client,O=client,l=tEst,C=De" +opendistro_security.audit.type: internal_elasticsearch +opendistro_security.enable_snapshot_restore_privilege: true +opendistro_security.check_snapshot_restore_write_privileges: true +opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] +cluster.routing.allocation.disk.threshold_enabled: false +node.max_local_storage_nodes: 3 +######## End OpenDistro for Elasticsearch Security Demo Configuration ########
\ No newline at end of file diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml index 8060a35b43..58ff107568 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml +++ b/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml @@ -73,12 +73,14 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end -}} readinessProbe: tcpSocket: port: {{ .Values.service.internalPort2 }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} env: volumeMounts: - mountPath: /etc/localtime diff --git a/kubernetes/clamp/charts/clamp-dash-es/values.yaml b/kubernetes/clamp/charts/clamp-dash-es/values.yaml index 2d67048844..ae7abd5ec4 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-es/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -32,7 +32,7 @@ busyboxImage: library/busybox:latest # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-elasticsearch:4.1.1 +image: onap/clamp-dashboard-elasticsearch:5.0.2 pullPolicy: Always # flag to enable debugging - application support required @@ -51,15 +51,17 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 10 - periodSeconds: 10 + initialDelaySeconds: 180 + periodSeconds: 30 + timeoutSeconds: 5 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 - periodSeconds: 10 + initialDelaySeconds: 180 + periodSeconds: 30 + timeoutSeconds: 5 ## Persist data to a persitent volume persistence: @@ -83,6 +85,10 @@ persistence: mountSubPath: clamp/dashboard-elasticsearch/data mountSubPathLogs: clamp +security: + ssl: + enabled: true + service: type: ClusterIP name: cdash-es |