diff options
author | Krzysztof Opasiak <k.opasiak@samsung.com> | 2021-10-06 17:01:28 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2021-10-06 17:01:28 +0000 |
commit | a1b3470744bcf73eb9d11fd9758931b1c8371e83 (patch) | |
tree | 237d6da1ac61435ae8e97bba6019e26e955bc6d0 /kubernetes/policy/components/policy-gui/resources | |
parent | 47b8de5e8160d367f70115bb0c8caa758e60f3f1 (diff) | |
parent | b3aef7b242d410d040f33d0db126d601cce69bee (diff) |
Merge "[POLICY] Add helm chart for policy-gui"
Diffstat (limited to 'kubernetes/policy/components/policy-gui/resources')
-rw-r--r-- | kubernetes/policy/components/policy-gui/resources/config/default.conf | 32 | ||||
-rw-r--r-- | kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml | 59 |
2 files changed, 91 insertions, 0 deletions
diff --git a/kubernetes/policy/components/policy-gui/resources/config/default.conf b/kubernetes/policy/components/policy-gui/resources/config/default.conf new file mode 100644 index 0000000000..98417cd822 --- /dev/null +++ b/kubernetes/policy/components/policy-gui/resources/config/default.conf @@ -0,0 +1,32 @@ +server { + + listen 2443 default ssl; + ssl_protocols TLSv1.2; + {{ if .Values.global.aafEnabled }} + ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}}; + ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}}; + {{ else }} + ssl_certificate /etc/ssl/clamp.pem; + ssl_certificate_key /etc/ssl/clamp.key; + {{ end }} + + ssl_verify_client optional_no_ca; + absolute_redirect off; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri $uri/ =404; + } + + location /clamp/restservices/clds/ { + proxy_pass https://policy-clamp-be:8443/restservices/clds/; + proxy_set_header X-SSL-Cert $ssl_client_escaped_cert; + } + + location = /50x.html { + root /var/lib/nginx/html; + } + error_page 500 502 503 504 /50x.html; + error_log /var/log/nginx/error.log warn; +} diff --git a/kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml new file mode 100644 index 0000000000..0b3951726b --- /dev/null +++ b/kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml @@ -0,0 +1,59 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase |