From d057e9dae15ab7bb343a3da4f82bcac644cf7e78 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 26 Mar 2025 14:44:35 +0100 Subject: [PATCH] configuration added --- .../openbao-alloy-configmap.yaml | 29 +++++++++++++++++++ .../sidecar-container-alloy-configmap.yaml | 25 ++++++++++++++++ .../ref-implementation/openbao/values.yaml | 24 +++++++++++++++ 3 files changed, 78 insertions(+) create mode 100644 template/stacks/ref-implementation/openbao-alloy-configmap.yaml create mode 100644 template/stacks/ref-implementation/openbao-logging/sidecar-container-alloy-configmap.yaml diff --git a/template/stacks/ref-implementation/openbao-alloy-configmap.yaml b/template/stacks/ref-implementation/openbao-alloy-configmap.yaml new file mode 100644 index 0000000..d6f9bc6 --- /dev/null +++ b/template/stacks/ref-implementation/openbao-alloy-configmap.yaml @@ -0,0 +1,29 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: openbao-logging-setup + namespace: argocd + labels: + env: dev + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder + targetRevision: HEAD + path: "stacks/ref-implementation/openbao-logging" + destination: + server: "https://kubernetes.default.svc" + namespace: openbao + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + selfHeal: true + retry: + limit: -1 + backoff: + duration: 15s + factor: 1 + maxDuration: 15s diff --git a/template/stacks/ref-implementation/openbao-logging/sidecar-container-alloy-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/sidecar-container-alloy-configmap.yaml new file mode 100644 index 0000000..b0129a6 --- /dev/null +++ b/template/stacks/ref-implementation/openbao-logging/sidecar-container-alloy-configmap.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: sidecar-container-alloy-config +data: + config.alloy: | + logging { + level = "info" + format = "logfmt" + } + loki.write "local_loki" { + endpoint { + url = "http://loki-loki-distributed-gateway.monitoring.svc.cluster.local/loki/api/v1/push" + } + } + + local.file_match "applogs" { + path_targets = [{"__path__" = "/openbao/logs/*"}] + sync_period = "5s" + } + + loki.source.file "openbao_logs" { + targets = local.file_match.applogs.targets + forward_to = [loki.write.local_loki.receiver] + } \ No newline at end of file diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 0ff72cf..e984864 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -1,9 +1,32 @@ server: + extraContainers: + - name: grafana-alloy + image: grafana/alloy:latest + ports: + - containerPort: 12345 + securityContext: + runAsUser: 100 + volumeMounts: + - name: log-storage + mountPath: /openbao/logs + - name: alloy-data + mountPath: /var/lib/alloy + - name: config-volume + mountPath: /etc/alloy + volumes: + - name: log-storage + emptyDir: {} + - name: alloy-data + emptyDir: {} + - name: config-volume + configMap: + name: sidecar-container-alloy-config postStart: - sh - -c - | sleep 10 + rm -rf /openbao/data/* # UN-initialises the openbao server (necessary for the new instance to spin up if the pod or container crashes) bao operator init >> /tmp/init.txt cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {} echo $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/initial_token.txt @@ -13,5 +36,6 @@ server: echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt rm /tmp/init.txt + bao audit enable file file_path=/var/log/openbao.log # enables the audit ui: enabled: true