diff options
Diffstat (limited to 'kubernetes/clamp/charts/clamp-dash-logstash')
6 files changed, 24 insertions, 56 deletions
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/certs/aafca.pem b/kubernetes/clamp/charts/clamp-dash-logstash/resources/certs/aafca.pem deleted file mode 100644 index cf12ec4c61..0000000000 --- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/certs/aafca.pem +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEVDCCAjygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB -RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwNjA1MDg1MTQxWhcN -MjMwNjA1MDg1MTQxWjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG -A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzEwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOXCdZIoWM0EnEEw3qPiVMhAgNolWCTaLt -eI2TjlTQdGDIcXdBZukHdNeOKYzOXRsLt6bLRtd5yARpn53EbzS/dgAyHuaz1HjE -5IPWSFRg9SulfHUmcS+GBt1+KiMJTlOsw6wSA73H/PjjXBbWs/uRJTnaNmV3so7W -DhNW6fHOrbom4p+3FucbB/QAM9b/3l/1LKnRgdXx9tekDnaKN5u3HVBmyOlRhaRp -tscLUCT3jijoGAPRcYZybgrpa0z3iCWquibTO/eLwuO/Dn7yHWau9ZZAHGPBSn9f -TiLKRYV55mNjr3zvs8diTPECFPW8w8sRIH3za1aKHgUC1gd87Yr3AgMBAAGjZjBk -MB0GA1UdDgQWBBQa1FdycErTZ6nr4dxiMbKH0P7vqjAfBgNVHSMEGDAWgBRTVTPy -S+vQUbHBeJrBKDF77+rtSTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE -AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAlA/RTPy5i09fJ4ytSAmAdytMwEwRaU9F -dshG7LU9q95ODsuM79yJvV9+ISIJZRsBqf5PDv93bUCKKHIYGvR6kNd+n3yx/fce -txDkC/tMj1T9D8TuDKAclGEO9K5+1roOQQFxr4SE6XKb/wjn8OMrCoJ75S0F3htF -LKL85T77JeGeNgSk8JEsZvQvj32m0gv9rxi5jM/Zi5E2vxrBR9T1v3kVvlt6+PSF -BoHXROk5HQmdHxnH+VYQtDHSwj9Xe9aoJMyL0WjYKd//8NUO+VACDOtK4Nia6gy9 -m/n9kMASMw6f9iF4n6t4902RWrRKTYM1CVu5wyVklVbEdE9i6Db4CpL9E8HpBUAP -t44JiNzuFkDmSE/z5XuQIimDt6nzOaSF8pX2KHY2ICDLwpMNUvxzqXD9ECbdspiy -JC2RGq8uARGGl6kQQBKDNO8SrO7rSBPANd1+LgqrKbCrHYfvFgkZPgT5MlQi+E1G -LNT+i6fzZha9ed/L6yjl5Em71flJGFwRZl2pfErZRxp8pLPcznYyIpSjcwnqNCRC -orhlp8nheiODC3oO3AFHDiFgUqvm8hgpnT2cPk2lpU2VY1TcZ8sW5qUDCxINIPcW -u1SAsa87IJK3vEzPZfTCs/S6XThoqRfXj0c0Rahj7YFRi/PqIPY0ejwdtmZ9m9pZ -8Lb0GYmlo44= ------END CERTIFICATE----- diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml index 369b5820d5..cecd5b18c8 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml +++ b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml @@ -1,4 +1,4 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,8 +22,3 @@ path.config: /usr/share/logstash/pipeline ## Setting true makes logstash check periodically for change in pipeline configurations config.reload.automatic: true -## xpack configurations -#xpack.monitoring.elasticsearch.url: ["http://10.247.186.12:9200", "http://10.247.186.13:9200"] -#xpack.monitoring.elasticsearch.username: elastic -#xpack.monitoring.elasticsearch.password: changeme -#xpack.monitoring.enabled: false diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf index 05d8085d43..4b05910c02 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf +++ b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf @@ -218,6 +218,8 @@ output { if "error" in [tags] { elasticsearch { codec => "json" + cacert => "/clamp-cert/ca-certs.pem" + ssl_certificate_verification => false hosts => ["${elasticsearch_base_url}"] user => ["${logstash_user}"] password => ["${logstash_pwd}"] @@ -229,6 +231,8 @@ output { elasticsearch { codec => "json" hosts => ["${elasticsearch_base_url}"] + cacert => "/clamp-cert/ca-certs.pem" + ssl_certificate_verification => false user => ["${logstash_user}"] password => ["${logstash_pwd}"] document_id => "%{requestID}" @@ -241,6 +245,8 @@ output { elasticsearch { codec => "json" hosts => ["${elasticsearch_base_url}"] + cacert => "/clamp-cert/ca-certs.pem" + ssl_certificate_verification => false user => ["${logstash_user}"] password => ["${logstash_pwd}"] index => "events-%{+YYYY.MM.DD}" # creates daily indexes diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml index 01ee76b7c1..4278a6e6d3 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml +++ b/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml @@ -25,13 +25,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-aaf-keys - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml index 697ebb66b6..7c5c047930 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml +++ b/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml @@ -62,13 +62,13 @@ spec: - name: request_topic value: "{{ .Values.config.requestTopic }}" - name: dmaap_base_url - value: {{ .Values.config.dmaapScheme }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }} + value: {{ ternary "https" "http" .Values.security.ssl.enabled }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }} - name: logstash_user value: "{{ .Values.config.logstash_user }}" - name: logstash_pwd value: "{{ .Values.config.logstash_pwd }}" - name: elasticsearch_base_url - value: "http://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}" + value: "{{ ternary "https" "http" .Values.security.ssl.enabled }}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}" ports: - containerPort: {{ .Values.service.internalPort }} name: {{ include "common.servicename" . }} @@ -77,6 +77,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} @@ -85,6 +86,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end -}} volumeMounts: - mountPath: /etc/localtime @@ -96,8 +98,6 @@ spec: - mountPath: /usr/share/logstash/pipeline/logstash.conf name: {{ include "common.fullname" . }} subPath: pipeline.conf - - name: {{ include "common.fullname" . }}-aaf-certs - mountPath: /certs.d/ resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -120,9 +120,5 @@ spec: path: logstash.yml - key: pipeline.conf path: pipeline.conf - - name: {{ include "common.fullname" . }}-aaf-certs - secret: - secretName: {{ include "common.fullname" . }}-aaf-keys - imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml index 20bf974157..9a0321a478 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml @@ -30,7 +30,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-logstash:4.1.3 +image: onap/clamp-dashboard-logstash:5.0.2 pullPolicy: Always # flag to enable debugging - application support required @@ -41,7 +41,8 @@ config: elasticsearchServiceName: cdash-es elasticsearchPort: 9200 dmaapHost: message-router - dmaapScheme: https + dmaapSchemeSSL: https + dmaapSchemeNoSSL: http dmaapPort: 3905 dmaapConsumerGroup: "clampdashboard" dmaapConsumerId: "clampdashboard" @@ -60,15 +61,21 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 120 - periodSeconds: 10 + initialDelaySeconds: 900 + periodSeconds: 20 + timeoutSeconds: 5 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 - periodSeconds: 10 + initialDelaySeconds: 900 + periodSeconds: 20 + timeoutSeconds: 5 + +security: + ssl: + enabled: true service: #Example service definition with external, internal and node ports. |