move to OpenDistro

move dashboard to Opendistro and certificate update

Issue-ID: CLAMP-483

Change-Id: Ibaba1d517c13adeab611ab23749fb16295081372
Signed-off-by: osgn422w <gervais-martial.ngueko@intl.att.com>

6 files changed, 24 insertions, 56 deletions

diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/certs/aafca.pem b/kubernetes/clamp/charts/clamp-dash-logstash/resources/certs/aafca.pem
deleted file mode 100644
index cf12ec4c61..0000000000
--- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/certs/aafca.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEVDCCAjygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwNjA1MDg1MTQxWhcN
-MjMwNjA1MDg1MTQxWjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzEwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOXCdZIoWM0EnEEw3qPiVMhAgNolWCTaLt
-eI2TjlTQdGDIcXdBZukHdNeOKYzOXRsLt6bLRtd5yARpn53EbzS/dgAyHuaz1HjE
-5IPWSFRg9SulfHUmcS+GBt1+KiMJTlOsw6wSA73H/PjjXBbWs/uRJTnaNmV3so7W
-DhNW6fHOrbom4p+3FucbB/QAM9b/3l/1LKnRgdXx9tekDnaKN5u3HVBmyOlRhaRp
-tscLUCT3jijoGAPRcYZybgrpa0z3iCWquibTO/eLwuO/Dn7yHWau9ZZAHGPBSn9f
-TiLKRYV55mNjr3zvs8diTPECFPW8w8sRIH3za1aKHgUC1gd87Yr3AgMBAAGjZjBk
-MB0GA1UdDgQWBBQa1FdycErTZ6nr4dxiMbKH0P7vqjAfBgNVHSMEGDAWgBRTVTPy
-S+vQUbHBeJrBKDF77+rtSTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE
-AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAlA/RTPy5i09fJ4ytSAmAdytMwEwRaU9F
-dshG7LU9q95ODsuM79yJvV9+ISIJZRsBqf5PDv93bUCKKHIYGvR6kNd+n3yx/fce
-txDkC/tMj1T9D8TuDKAclGEO9K5+1roOQQFxr4SE6XKb/wjn8OMrCoJ75S0F3htF
-LKL85T77JeGeNgSk8JEsZvQvj32m0gv9rxi5jM/Zi5E2vxrBR9T1v3kVvlt6+PSF
-BoHXROk5HQmdHxnH+VYQtDHSwj9Xe9aoJMyL0WjYKd//8NUO+VACDOtK4Nia6gy9
-m/n9kMASMw6f9iF4n6t4902RWrRKTYM1CVu5wyVklVbEdE9i6Db4CpL9E8HpBUAP
-t44JiNzuFkDmSE/z5XuQIimDt6nzOaSF8pX2KHY2ICDLwpMNUvxzqXD9ECbdspiy
-JC2RGq8uARGGl6kQQBKDNO8SrO7rSBPANd1+LgqrKbCrHYfvFgkZPgT5MlQi+E1G
-LNT+i6fzZha9ed/L6yjl5Em71flJGFwRZl2pfErZRxp8pLPcznYyIpSjcwnqNCRC
-orhlp8nheiODC3oO3AFHDiFgUqvm8hgpnT2cPk2lpU2VY1TcZ8sW5qUDCxINIPcW
-u1SAsa87IJK3vEzPZfTCs/S6XThoqRfXj0c0Rahj7YFRi/PqIPY0ejwdtmZ9m9pZ
-8Lb0GYmlo44=
------END CERTIFICATE-----
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml
index 369b5820d5..cecd5b18c8 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml
+++ b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml
@@ -1,4 +1,4 @@
-# Copyright © 2018  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
+# Copyright © 2020  AT&T, Amdocs, Bell Canada Intellectual Property.  All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -22,8 +22,3 @@ path.config: /usr/share/logstash/pipeline
 ## Setting true makes logstash check periodically for change in pipeline configurations
 config.reload.automatic: true
 
-## xpack configurations
-#xpack.monitoring.elasticsearch.url: ["http://10.247.186.12:9200", "http://10.247.186.13:9200"]
-#xpack.monitoring.elasticsearch.username: elastic
-#xpack.monitoring.elasticsearch.password: changeme
-#xpack.monitoring.enabled: false
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf
index 05d8085d43..4b05910c02 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf
+++ b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf
@@ -218,6 +218,8 @@ output {
     if "error" in [tags] {
         elasticsearch {
             codec => "json"
+            cacert => "/clamp-cert/ca-certs.pem"
+            ssl_certificate_verification => false
             hosts => ["${elasticsearch_base_url}"]
             user => ["${logstash_user}"]
             password => ["${logstash_pwd}"]
@@ -229,6 +231,8 @@ output {
         elasticsearch {
             codec => "json"
             hosts => ["${elasticsearch_base_url}"]
+            cacert => "/clamp-cert/ca-certs.pem"
+            ssl_certificate_verification => false
             user => ["${logstash_user}"]
             password => ["${logstash_pwd}"]
             document_id => "%{requestID}"
@@ -241,6 +245,8 @@ output {
         elasticsearch {
             codec => "json"
             hosts => ["${elasticsearch_base_url}"]
+            cacert => "/clamp-cert/ca-certs.pem"
+            ssl_certificate_verification => false
             user => ["${logstash_user}"]
             password => ["${logstash_pwd}"]
             index => "events-%{+YYYY.MM.DD}" # creates daily indexes
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml
index 01ee76b7c1..4278a6e6d3 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml
+++ b/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml
@@ -25,13 +25,3 @@ metadata:
     heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-aaf-keys
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml
index 697ebb66b6..7c5c047930 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml
+++ b/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml
@@ -62,13 +62,13 @@ spec:
           - name: request_topic
             value: "{{ .Values.config.requestTopic }}"
           - name: dmaap_base_url
-            value: {{ .Values.config.dmaapScheme }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }}
+            value: {{ ternary "https" "http" .Values.security.ssl.enabled }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }}
           - name: logstash_user
             value: "{{ .Values.config.logstash_user }}"
           - name: logstash_pwd
             value: "{{ .Values.config.logstash_pwd }}"
           - name: elasticsearch_base_url
-            value: "http://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
+            value: "{{ ternary "https" "http" .Values.security.ssl.enabled }}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
           ports:
           - containerPort: {{ .Values.service.internalPort }}
             name: {{ include "common.servicename" . }}
@@ -77,6 +77,7 @@ spec:
               port: {{ .Values.service.internalPort }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
+            timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
 # disable liveness probe when breakpoints set in debugger
           # so K8s doesn't restart unresponsive container
           {{- if eq .Values.liveness.enabled true }}
@@ -85,6 +86,7 @@ spec:
               port: {{ .Values.service.internalPort }}
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
+            timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
           {{ end -}}
           volumeMounts:
           - mountPath: /etc/localtime
@@ -96,8 +98,6 @@ spec:
           - mountPath: /usr/share/logstash/pipeline/logstash.conf
             name: {{ include "common.fullname" . }}
             subPath: pipeline.conf
-          - name: {{ include "common.fullname" . }}-aaf-certs
-            mountPath: /certs.d/
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -120,9 +120,5 @@ spec:
               path: logstash.yml
             - key: pipeline.conf
               path: pipeline.conf
-        - name: {{ include "common.fullname" . }}-aaf-certs
-          secret:
-            secretName: {{ include "common.fullname" . }}-aaf-keys
-
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml
index 20bf974157..9a0321a478 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml
+++ b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml
@@ -30,7 +30,7 @@ flavor: small
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:4.1.3
+image: onap/clamp-dashboard-logstash:5.0.2
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -41,7 +41,8 @@ config:
   elasticsearchServiceName: cdash-es
   elasticsearchPort: 9200
   dmaapHost: message-router
-  dmaapScheme: https
+  dmaapSchemeSSL: https
+  dmaapSchemeNoSSL: http
   dmaapPort: 3905
   dmaapConsumerGroup: "clampdashboard"
   dmaapConsumerId: "clampdashboard"
@@ -60,15 +61,21 @@ affinity: {}
 
 # probe configuration parameters
 liveness:
-  initialDelaySeconds: 120
-  periodSeconds: 10
+  initialDelaySeconds: 900
+  periodSeconds: 20
+  timeoutSeconds: 5
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: true
 
 readiness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
+  initialDelaySeconds: 900
+  periodSeconds: 20
+  timeoutSeconds: 5
+
+security:
+  ssl:
+    enabled: true
 
 service:
   #Example service definition with external, internal and node ports.