aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/clamp/components/clamp-dash-es/resources
diff options
context:
space:
mode:
authorChrisC <christophe.closset@intl.att.com>2020-09-11 18:39:23 +0200
committerChrisC <christophe.closset@intl.att.com>2020-09-17 15:15:13 +0200
commit2325efd0b6f8b094f6a801bf55d6ff6f53e9cbfa (patch)
treeca6323d4e590c648b333cfc87122018d3e273323 /kubernetes/clamp/components/clamp-dash-es/resources
parent98efeea41f5617760fcc5fdb6718409b69684db9 (diff)
[CLAMP] AAF certificate using certinializer
use of auto-generated certificates via AAF side-car at OOM deployment time for CLAMP. Issue-ID: CLAMP-884 Change-Id: I24f5a119714a5e46c4d0c152c03b6bc545135b8e Signed-off-by: osgn422w <gervais-martial.ngueko@intl.att.com> Signed-off-by: ChrisC <christophe.closset@intl.att.com>
Diffstat (limited to 'kubernetes/clamp/components/clamp-dash-es/resources')
-rw-r--r--kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml128
1 files changed, 128 insertions, 0 deletions
diff --git a/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml
new file mode 100644
index 0000000000..1eb20fce89
--- /dev/null
+++ b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml
@@ -0,0 +1,128 @@
+---
+# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ======================== Elasticsearch Configuration =========================
+#
+# NOTE: Elasticsearch comes with reasonable defaults for most settings.
+# Before you set out to tweak and tune the configuration, make sure you
+# understand what are you trying to accomplish and the consequences.
+#
+# The primary way of configuring a node is via this file. This template lists
+# the most important settings you may want to configure for a production cluster.
+#
+# Please consult the documentation for further information on configuration options:
+# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
+#
+# ---------------------------------- Cluster -----------------------------------
+#
+# Name of the Elasticsearch cluster.
+# A node can only join a cluster when it shares its cluster.name with all the other nodes in the cluster.
+# The default name is elasticsearch, but you should change it to an appropriate name which describes the
+# purpose of the cluster.
+#
+## Default Elasticsearch configuration from elasticsearch-docker.
+## from https://opendistro.github.io/for-elasticsearch-docs/docs/elasticsearch/configuration/
+#
+
+cluster.name: "clamp-dashboard"
+node.name: "cldash-es-node1"
+# ---------------------------------- Network -----------------------------------
+#
+# Set the bind address to a specific IP (IPv4 or IPv6):
+# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a
+# non-loopback address.
+network.host: 0.0.0.0
+#
+# Set a custom port for HTTP: If required, default is 9200-9300
+#
+#http.port: $http.port
+#
+# For more information, consult the network module documentation.
+# ----------------------------------- Paths ------------------------------------
+#
+# The location of the data files of each index / shard allocated on the node. Can hold multiple locations separated by coma.
+# In production, we should not keep this default to "/elasticsearch/data", as on upgrading Elasticsearch, directory structure
+# may change & can deal to data loss.
+path.data: /usr/share/elasticsearch/data
+#
+# Elasticsearch's log files location. In production, we should not keep this default to "/elasticsearch/logs",
+# as on upgrading Elasticsearch, directory structure may change.
+path.logs: /usr/share/elasticsearch/logs
+#
+# ----------------------------------- Memory -----------------------------------
+#
+# It is vitally important to the health of your node that none of the JVM is ever swapped out to disk.
+# Lock the memory on startup.
+#
+bootstrap.memory_lock: false
+#
+# Make sure that the heap size is set to about half the memory available
+# on the system and that the owner of the process is allowed to use this
+# limit.
+#
+# Elasticsearch performs poorly when the system is swapping the memory.
+#
+# --------------------------------- Discovery ----------------------------------
+#
+# Pass an initial list of hosts to perform discovery when new node is started
+# To form a cluster with nodes on other servers, you have to provide a seed list of other nodes in the cluster
+# that are likely to be live and contactable.
+# By default, Elasticsearch will bind to the available loopback addresses and will scan ports 9300 to 9305 to try
+# to connect to other nodes running on the same server.
+# # minimum_master_nodes need to be explicitly set when bound on a public IP
+# # set to 1 to allow single node clusters
+# # Details: https://github.com/elastic/elasticsearch/pull/17288
+discovery.zen.minimum_master_nodes: 1
+discovery.seed_hosts: []
+# # Breaking change in 7.0
+# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes
+cluster.initial_master_nodes:
+ - cldash-es-node1
+# - docker-test-node-1
+# ---------------------------------- Various -----------------------------------
+#
+# Require explicit names when deleting indices:
+#
+#action.destructive_requires_name: true
+# Set a custom port for HTTP: If required, default is 9200-9300
+# This is used for REST APIs
+http.port: {{.Values.service.externalPort}}
+# Port to bind for communication between nodes. Accepts a single value or a range.
+# If a range is specified, the node will bind to the first available port in the range.
+# Defaults to 9300-9400.
+# More info:
+transport.tcp.port: {{.Values.service.externalPort2}}
+
+######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
+# WARNING: revise all the lines below before you go into production
+opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
+opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
+opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.ssl.transport.enforce_hostname_verification: false
+opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
+opendistro_security.ssl.http.pemcert_filepath: esnode.pem
+opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
+opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.allow_unsafe_democertificates: true
+opendistro_security.allow_default_init_securityindex: true
+opendistro_security.authcz.admin_dn:
+ - CN=kirk,OU=client,O=client,L=test, C=de
+
+opendistro_security.audit.type: internal_elasticsearch
+opendistro_security.enable_snapshot_restore_privilege: true
+opendistro_security.check_snapshot_restore_write_privileges: true
+opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
+cluster.routing.allocation.disk.threshold_enabled: false
+node.max_local_storage_nodes: 3
+######## End OpenDistro for Elasticsearch Security Demo Configuration ########