rapps/kibana-8.1.2.yaml - local/oransc/nonrtric-prototyping - Gitiles

 #
 # ============LICENSE_START=======================================================
 #  Copyright (C) 2022 Nordix Foundation.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
 # SPDX-License-Identifier: Apache-2.0
 # ============LICENSE_END=========================================================
 #
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: kibana-config
   namespace: logging
 data:
   kibana.yml: |
    server.name: kibana
    server.host: 0.0.0.0
    elasticsearch.hosts: [ "https://elasticsearch:9200" ]
    xpack.monitoring.ui.container.elasticsearch.enabled: true
    xpack.security.encryptionKey: 38747239hdjksdkjasdu291834zejhb38747239hdj
    xpack.encryptedSavedObjects.encryptionKey: 38747239hdjksdkjasdu291834zejhb38747239hdj
    elasticsearch.username: "kibana_system"
    elasticsearch.password: "secret"
    elasticsearch.ssl:
      certificateAuthorities: /usr/share/kibana/config/certs/ca/ca.crt
      verificationMode: certificate
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: kibana-pw-script
   namespace: logging
 data:
   setup_pw.sh: |
    #!/bin/bash
    KIBANA_HOME=/usr/share/kibana
    ELASTIC_PASSWORD=secret
    KIBANA_PASSWORD=secret
    cd $KIBANA_HOME
    echo "Waiting for Elasticsearch availability";
    until curl -s --cacert /ca-dir/ca.crt https://elasticsearch:9200 | grep -q "missing authentication credentials"; \
    do sleep 30; done;
    echo "Setting kibana_system password";
    until curl -s -X POST --cacert /ca-dir/ca.crt -u elastic:${ELASTIC_PASSWORD} -H "Content-Type: application/json" \
    https://elasticsearch:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; \
    do sleep 10; done;
    echo "All done!";
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: kibana
   namespace: logging
 spec:
   selector:
     matchLabels:
       run: kibana
   template:
     metadata:
       labels:
         run: kibana
     spec:
       containers:
       - name: kibana
         image: docker.elastic.co/kibana/kibana:8.1.2
         ports:
         - containerPort: 5601
           name: http
           protocol: TCP
         volumeMounts:
         - name : config
           mountPath: /usr/share/kibana/config/kibana.yml
           subPath: kibana.yml
           readOnly: true
         - name : kibana-ca-cert
           mountPath: /usr/share/kibana/config/certs/ca
           readOnly: true
       initContainers:
       - name: init-kibana
         image: docker.elastic.co/kibana/kibana:8.1.2
         imagePullPolicy: IfNotPresent
         command: ['/bin/bash', '-c', '/usr/share/kibana/bin/setup_pw.sh']
         volumeMounts:
         - name: kibana-ca-cert
           mountPath: "/ca-dir"
         - name: kibana-pw-init
           mountPath: /usr/share/kibana/bin/setup_pw.sh
           subPath: setup_pw.sh
       volumes:
       - name: config
         configMap:
           name: kibana-config
       - name: kibana-ca-cert
         hostPath:
           # Ensure the file directory is created.
            path: /var/elasticsearch/config/certs/ca
            type: DirectoryOrCreate
       - name: kibana-pw-init
         configMap:
           name: kibana-pw-script
           defaultMode: 0755
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: kibana
   namespace: logging
   labels:
     service: kibana
 spec:
   type: LoadBalancer
   selector:
     run: kibana
   ports:
   - port: 5601
     targetPort: 5601
	#
	# ============LICENSE_START=======================================================
	# Copyright (C) 2022 Nordix Foundation.
	# ================================================================================
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#
	# SPDX-License-Identifier: Apache-2.0
	# ============LICENSE_END=========================================================
	#
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: kibana-config
	namespace: logging
	data:
	kibana.yml: \|
	server.name: kibana
	server.host: 0.0.0.0
	elasticsearch.hosts: [ "https://elasticsearch:9200" ]
	xpack.monitoring.ui.container.elasticsearch.enabled: true
	xpack.security.encryptionKey: 38747239hdjksdkjasdu291834zejhb38747239hdj
	xpack.encryptedSavedObjects.encryptionKey: 38747239hdjksdkjasdu291834zejhb38747239hdj
	elasticsearch.username: "kibana_system"
	elasticsearch.password: "secret"
	elasticsearch.ssl:
	certificateAuthorities: /usr/share/kibana/config/certs/ca/ca.crt
	verificationMode: certificate
	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: kibana-pw-script
	namespace: logging
	data:
	setup_pw.sh: \|
	#!/bin/bash
	KIBANA_HOME=/usr/share/kibana
	ELASTIC_PASSWORD=secret
	KIBANA_PASSWORD=secret
	cd $KIBANA_HOME
	echo "Waiting for Elasticsearch availability";
	until curl -s --cacert /ca-dir/ca.crt https://elasticsearch:9200 \| grep -q "missing authentication credentials"; \
	do sleep 30; done;
	echo "Setting kibana_system password";
	until curl -s -X POST --cacert /ca-dir/ca.crt -u elastic:${ELASTIC_PASSWORD} -H "Content-Type: application/json" \
	https://elasticsearch:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" \| grep -q "^{}"; \
	do sleep 10; done;
	echo "All done!";
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: kibana
	namespace: logging
	spec:
	selector:
	matchLabels:
	run: kibana
	template:
	metadata:
	labels:
	run: kibana
	spec:
	containers:
	- name: kibana
	image: docker.elastic.co/kibana/kibana:8.1.2
	ports:
	- containerPort: 5601
	name: http
	protocol: TCP
	volumeMounts:
	- name : config
	mountPath: /usr/share/kibana/config/kibana.yml
	subPath: kibana.yml
	readOnly: true
	- name : kibana-ca-cert
	mountPath: /usr/share/kibana/config/certs/ca
	readOnly: true
	initContainers:
	- name: init-kibana
	image: docker.elastic.co/kibana/kibana:8.1.2
	imagePullPolicy: IfNotPresent
	command: ['/bin/bash', '-c', '/usr/share/kibana/bin/setup_pw.sh']
	volumeMounts:
	- name: kibana-ca-cert
	mountPath: "/ca-dir"
	- name: kibana-pw-init
	mountPath: /usr/share/kibana/bin/setup_pw.sh
	subPath: setup_pw.sh
	volumes:
	- name: config
	configMap:
	name: kibana-config
	- name: kibana-ca-cert
	hostPath:
	# Ensure the file directory is created.
	path: /var/elasticsearch/config/certs/ca
	type: DirectoryOrCreate
	- name: kibana-pw-init
	configMap:
	name: kibana-pw-script
	defaultMode: 0755
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: kibana
	namespace: logging
	labels:
	service: kibana
	spec:
	type: LoadBalancer
	selector:
	run: kibana
	ports:
	- port: 5601
	targetPort: 5601