aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/clamp/charts
diff options
context:
space:
mode:
authorosgn422w <gervais-martial.ngueko@intl.att.com>2019-08-02 11:31:11 +0200
committerosgn422w <gervais-martial.ngueko@intl.att.com>2019-08-02 11:31:11 +0200
commit6e663e4ee94187168fd9a690f6d4155de9f0ad5c (patch)
treec182149ed8a4e4e082d04790f301735228f3e2f2 /kubernetes/clamp/charts
parent38f74ca0461931a1f1d5fefd0dd91900c57a81ee (diff)
EarlyDrop and security
resolve security isue on kibana and release early drop CLAMP Issue-ID: CLAMP-419 Change-Id: I098f30d251f020470c0f1af1ce309a6a1a3b814d Signed-off-by: osgn422w <gervais-martial.ngueko@intl.att.com>
Diffstat (limited to 'kubernetes/clamp/charts')
-rw-r--r--kubernetes/clamp/charts/clamp-dash-es/values.yaml4
-rw-r--r--kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml8
-rw-r--r--kubernetes/clamp/charts/clamp-dash-kibana/values.yaml4
-rw-r--r--kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf6
-rw-r--r--kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml4
-rw-r--r--kubernetes/clamp/charts/clamp-dash-logstash/values.yaml4
6 files changed, 26 insertions, 4 deletions
diff --git a/kubernetes/clamp/charts/clamp-dash-es/values.yaml b/kubernetes/clamp/charts/clamp-dash-es/values.yaml
index f25e40bf2a..f385128f92 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/values.yaml
+++ b/kubernetes/clamp/charts/clamp-dash-es/values.yaml
@@ -31,8 +31,8 @@ busyboxRepository: registry.hub.docker.com
busyboxImage: library/busybox:latest
# application image
-loggingRepository: docker.elastic.co
-image: elasticsearch/elasticsearch-oss:6.6.2
+repository: nexus3.onap.org:10001
+image: onap/clamp-dashboard-elasticsearch:4.1.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml
index a94413ce06..2173039252 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml
+++ b/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml
@@ -125,3 +125,11 @@ server.ssl.key: {{.Values.config.sslPemkeyFilePath}}
# The default locale. This locale can be used in certain circumstances to substitute any missing
# translations.
#i18n.defaultLocale: "en"
+
+## Search Guard
+#
+xpack.security.enabled: false
+elasticsearch.username: {{.Values.config.elasticUSR}}
+elasticsearch.password: {{.Values.config.elasticPWD}}
+
+searchguard.cookie.password: 123567818187654rwrwfsfshdhdhtegdhfzftdhncn
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml
index 954de3a953..276ac5d32a 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml
+++ b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml
@@ -34,7 +34,7 @@ busyboxImage: library/busybox:latest
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-kibana:4.0.5
+image: onap/clamp-dashboard-kibana:4.1.0
pullPolicy: Always
# flag to enable debugging - application support required
@@ -44,6 +44,8 @@ debugEnabled: false
config:
elasticsearchServiceName: cdash-es
elasticsearchPort: 9200
+ elasticUSR: kibanaserver
+ elasticPWD: kibanaserver
sslEnabled: true
sslPemCertFilePath: /usr/share/kibana/config/keystore/org.onap.clamp.crt.pem
sslPemkeyFilePath: /usr/share/kibana/config/keystore/org.onap.clamp.key.pem
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf
index b4b5071ba5..05d8085d43 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf
+++ b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf
@@ -219,6 +219,8 @@ output {
elasticsearch {
codec => "json"
hosts => ["${elasticsearch_base_url}"]
+ user => ["${logstash_user}"]
+ password => ["${logstash_pwd}"]
index => "errors-%{+YYYY.MM.DD}"
doc_as_upsert => true
}
@@ -227,6 +229,8 @@ output {
elasticsearch {
codec => "json"
hosts => ["${elasticsearch_base_url}"]
+ user => ["${logstash_user}"]
+ password => ["${logstash_pwd}"]
document_id => "%{requestID}"
index => "events-cl-%{+YYYY.MM.DD}" # creates daily indexes for control loop
doc_as_upsert => true
@@ -237,6 +241,8 @@ output {
elasticsearch {
codec => "json"
hosts => ["${elasticsearch_base_url}"]
+ user => ["${logstash_user}"]
+ password => ["${logstash_pwd}"]
index => "events-%{+YYYY.MM.DD}" # creates daily indexes
doc_as_upsert => true
}
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml
index 6c6331a9c2..a72f6b6e78 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml
+++ b/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml
@@ -63,6 +63,10 @@ spec:
value: "{{ .Values.config.requestTopic }}"
- name: dmaap_base_url
value: {{ .Values.config.dmaapScheme }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }}
+ - name: logstash_user
+ value: "{{ .Values.config.logstash_user }}"
+ - name: logstash_pwd
+ value: "{{ .Values.config.logstash_pwd }}"
- name: elasticsearch_base_url
value: "http://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
ports:
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml
index 893860b839..e7ab68fc5b 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml
+++ b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml
@@ -30,7 +30,7 @@ flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:4.0.5
+image: onap/clamp-dashboard-logstash:4.1.0
pullPolicy: Always
# flag to enable debugging - application support required
@@ -48,6 +48,8 @@ config:
eventTopic: "DCAE-CL-EVENT"
notificationTopic: "POLICY-CL-MGT"
requestTopic: "APPC-CL"
+ logstash_user: "logstash"
+ logstash_pwd: "logstash"
# default number of instances
replicaCount: 1