diff options
| author |   osgn422w <gervais-martial.ngueko@intl.att.com> | 2020-09-25 02:28:02 +0200 |
|---|---|---|
| committer |   Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-09-25 09:15:21 +0000 |
| commit | 798144599328ad1a17830a297a0539553f35f97b (patch) | |
| tree | 0934a21a9b91093b30128da564a571a1f5c43369 /kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml | |
| parent | 5686a7b4b7d72c716467827c55737cbdab12a49a (diff) | |
[CLAMP] AAF certificate using certinializer(2)
use of auto-generated certificates via AAF side-car
at OOM deployment time for CLAMP dashboard part.
Issue-ID: CLAMP-884
Change-Id: If1c1cfb7d218060dde129546cadf38647a8d496e
Signed-off-by: osgn422w <gervais-martial.ngueko@intl.att.com>
Diffstat (limited to 'kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml')
| -rw-r--r-- | kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml index 1eb20fce89..9e04d5ae01 100644 --- a/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml +++ b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml @@ -106,14 +106,24 @@ transport.tcp.port: {{.Values.service.externalPort2}} ######## Start OpenDistro for Elasticsearch Security Demo Configuration ######## # WARNING: revise all the lines below before you go into production +{{- if .Values.global.aafEnabled }} +opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }} +opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }} +opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }} +opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }} +opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }} +opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }} +{{- else }} opendistro_security.ssl.transport.pemcert_filepath: esnode.pem opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem -opendistro_security.ssl.transport.enforce_hostname_verification: false -opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}} opendistro_security.ssl.http.pemcert_filepath: esnode.pem opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem +{{- end }} +opendistro_security.ssl.transport.enforce_hostname_verification: false +opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}} + opendistro_security.allow_unsafe_democertificates: true opendistro_security.allow_default_init_securityindex: true opendistro_security.authcz.admin_dn: |