From 6e663e4ee94187168fd9a690f6d4155de9f0ad5c Mon Sep 17 00:00:00 2001 From: osgn422w Date: Fri, 2 Aug 2019 11:31:11 +0200 Subject: [PATCH] EarlyDrop and security resolve security isue on kibana and release early drop CLAMP Issue-ID: CLAMP-419 Change-Id: I098f30d251f020470c0f1af1ce309a6a1a3b814d Signed-off-by: osgn422w --- kubernetes/clamp/charts/clamp-dash-es/values.yaml | 4 ++-- .../clamp/charts/clamp-dash-kibana/resources/config/kibana.yml | 8 ++++++++ kubernetes/clamp/charts/clamp-dash-kibana/values.yaml | 4 +++- .../charts/clamp-dash-logstash/resources/config/pipeline.conf | 6 ++++++ .../clamp/charts/clamp-dash-logstash/templates/deployment.yaml | 4 ++++ kubernetes/clamp/charts/clamp-dash-logstash/values.yaml | 4 +++- kubernetes/clamp/values.yaml | 2 +- 7 files changed, 27 insertions(+), 5 deletions(-) diff --git a/kubernetes/clamp/charts/clamp-dash-es/values.yaml b/kubernetes/clamp/charts/clamp-dash-es/values.yaml index f25e40bf2a..f385128f92 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-es/values.yaml @@ -31,8 +31,8 @@ busyboxRepository: registry.hub.docker.com busyboxImage: library/busybox:latest # application image -loggingRepository: docker.elastic.co -image: elasticsearch/elasticsearch-oss:6.6.2 +repository: nexus3.onap.org:10001 +image: onap/clamp-dashboard-elasticsearch:4.1.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml index a94413ce06..2173039252 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml +++ b/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml @@ -125,3 +125,11 @@ server.ssl.key: {{.Values.config.sslPemkeyFilePath}} # The default locale. This locale can be used in certain circumstances to substitute any missing # translations. #i18n.defaultLocale: "en" + +## Search Guard +# +xpack.security.enabled: false +elasticsearch.username: {{.Values.config.elasticUSR}} +elasticsearch.password: {{.Values.config.elasticPWD}} + +searchguard.cookie.password: 123567818187654rwrwfsfshdhdhtegdhfzftdhncn diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml index 954de3a953..276ac5d32a 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml @@ -34,7 +34,7 @@ busyboxImage: library/busybox:latest # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-kibana:4.0.5 +image: onap/clamp-dashboard-kibana:4.1.0 pullPolicy: Always # flag to enable debugging - application support required @@ -44,6 +44,8 @@ debugEnabled: false config: elasticsearchServiceName: cdash-es elasticsearchPort: 9200 + elasticUSR: kibanaserver + elasticPWD: kibanaserver sslEnabled: true sslPemCertFilePath: /usr/share/kibana/config/keystore/org.onap.clamp.crt.pem sslPemkeyFilePath: /usr/share/kibana/config/keystore/org.onap.clamp.key.pem diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf index b4b5071ba5..05d8085d43 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf +++ b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf @@ -219,6 +219,8 @@ output { elasticsearch { codec => "json" hosts => ["${elasticsearch_base_url}"] + user => ["${logstash_user}"] + password => ["${logstash_pwd}"] index => "errors-%{+YYYY.MM.DD}" doc_as_upsert => true } @@ -227,6 +229,8 @@ output { elasticsearch { codec => "json" hosts => ["${elasticsearch_base_url}"] + user => ["${logstash_user}"] + password => ["${logstash_pwd}"] document_id => "%{requestID}" index => "events-cl-%{+YYYY.MM.DD}" # creates daily indexes for control loop doc_as_upsert => true @@ -237,6 +241,8 @@ output { elasticsearch { codec => "json" hosts => ["${elasticsearch_base_url}"] + user => ["${logstash_user}"] + password => ["${logstash_pwd}"] index => "events-%{+YYYY.MM.DD}" # creates daily indexes doc_as_upsert => true } diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml index 6c6331a9c2..a72f6b6e78 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml +++ b/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml @@ -63,6 +63,10 @@ spec: value: "{{ .Values.config.requestTopic }}" - name: dmaap_base_url value: {{ .Values.config.dmaapScheme }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }} + - name: logstash_user + value: "{{ .Values.config.logstash_user }}" + - name: logstash_pwd + value: "{{ .Values.config.logstash_pwd }}" - name: elasticsearch_base_url value: "http://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}" ports: diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml index 893860b839..e7ab68fc5b 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml @@ -30,7 +30,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-logstash:4.0.5 +image: onap/clamp-dashboard-logstash:4.1.0 pullPolicy: Always # flag to enable debugging - application support required @@ -48,6 +48,8 @@ config: eventTopic: "DCAE-CL-EVENT" notificationTopic: "POLICY-CL-MGT" requestTopic: "APPC-CL" + logstash_user: "logstash" + logstash_pwd: "logstash" # default number of instances replicaCount: 1 diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index 398c9ead9e..f42295ea0e 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -30,7 +30,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp:4.0.5 +image: onap/clamp:4.1.0 pullPolicy: Always # flag to enable debugging - application support required -- 2.16.6