DevFW-CICD/stacks
12
0
Fork 1
Code Issues Pull requests 2 Projects Releases Packages Wiki Activity Actions

configuration added

Browse source
This commit is contained in:
miwr 2025-03-26 14:44:35 +01:00
parent 7179d2568c
commit d057e9dae1
3 changed files with 78 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
template/stacks/ref-implementation/openbao-alloy-configmap.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: openbao-logging-setup
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
targetRevision: HEAD
path: "stacks/ref-implementation/openbao-logging"
destination:
server: "https://kubernetes.default.svc"
namespace: openbao
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
selfHeal: true
retry:
limit: -1
backoff:
duration: 15s
factor: 1
maxDuration: 15s

25
template/stacks/ref-implementation/openbao-logging/sidecar-container-alloy-configmap.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: sidecar-container-alloy-config
data:
config.alloy: |
logging {
level = "info"
format = "logfmt"
}
loki.write "local_loki" {
endpoint {
url = "http://loki-loki-distributed-gateway.monitoring.svc.cluster.local/loki/api/v1/push"
}
}
local.file_match "applogs" {
path_targets = [{"__path__" = "/openbao/logs/*"}]
sync_period = "5s"
}
loki.source.file "openbao_logs" {
targets = local.file_match.applogs.targets
forward_to = [loki.write.local_loki.receiver]
}

24
template/stacks/ref-implementation/openbao/values.yaml
View file

@ -1,9 +1,32 @@
server: server:
extraContainers:
- name: grafana-alloy
image: grafana/alloy:latest
ports:
- containerPort: 12345
securityContext:
runAsUser: 100
volumeMounts:
- name: log-storage
mountPath: /openbao/logs
- name: alloy-data
mountPath: /var/lib/alloy
- name: config-volume
mountPath: /etc/alloy
volumes:
- name: log-storage
emptyDir: {}
- name: alloy-data
emptyDir: {}
- name: config-volume
configMap:
name: sidecar-container-alloy-config
postStart: postStart:
- sh - sh
- -c - -c
- | - |
sleep 10 sleep 10
rm -rf /openbao/data/* # UN-initialises the openbao server (necessary for the new instance to spin up if the pod or container crashes)
bao operator init >> /tmp/init.txt bao operator init >> /tmp/init.txt
cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {} cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {}
echo $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/initial_token.txt echo $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/initial_token.txt
@ -13,5 +36,6 @@ server:
echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt
echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt
rm /tmp/init.txt rm /tmp/init.txt
bao audit enable file file_path=/var/log/openbao.log # enables the audit
ui: ui:
enabled: true enabled: true