runAsUser: 1000 # Run as non-root user

fsGroup: 1000

.idea/workspace.xml

@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="AutoImportSettings">
+    <option name="autoReloadType" value="SELECTIVE" />
+  </component>
+  <component name="ChangeListManager">
+    <list default="true" id="aba99fd0-1896-47d1-9d37-79604db6fea3" name="Changes" comment="">
+      <change beforePath="$PROJECT_DIR$/template/stacks/ref-implementation/openbao.yaml" beforeDir="false" afterPath="$PROJECT_DIR$/template/stacks/ref-implementation/openbao.yaml" afterDir="false" />
+    </list>
+    <option name="SHOW_DIALOG" value="false" />
+    <option name="HIGHLIGHT_CONFLICTS" value="true" />
+    <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
+    <option name="LAST_RESOLUTION" value="IGNORE" />
+  </component>
+  <component name="GOROOT" url="file:///opt/homebrew/opt/go/libexec" />
+  <component name="Git.Settings">
+    <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
+  </component>
+  <component name="ProjectColorInfo"><![CDATA[{
+  "associatedIndex": 3
+}]]></component>
+  <component name="ProjectId" id="2uGUJkvpz6ZVfWTftXZXvoUyrKt" />
+  <component name="ProjectViewState">
+    <option name="hideEmptyMiddlePackages" value="true" />
+    <option name="showLibraryContents" value="true" />
+  </component>
+  <component name="PropertiesComponent"><![CDATA[{
+  "keyToString": {
+    "RunOnceActivity.ShowReadmeOnStart": "true",
+    "RunOnceActivity.git.unshallow": "true",
+    "RunOnceActivity.go.formatter.settings.were.checked": "true",
+    "RunOnceActivity.go.migrated.go.modules.settings": "true",
+    "git-widget-placeholder": "shipping__openbao__logs",
+    "go.import.settings.migrated": "true",
+    "go.sdk.automatically.set": "true",
+    "kotlin-language-version-configured": "true",
+    "last_opened_file_path": "/Users/miwr/stacks",
+    "node.js.detected.package.eslint": "true",
+    "node.js.detected.package.tslint": "true",
+    "node.js.selected.package.eslint": "(autodetect)",
+    "node.js.selected.package.tslint": "(autodetect)",
+    "nodejs_package_manager_path": "npm",
+    "settings.editor.selected.configurable": "de.telekom.mms.mmsaiassist.pluginconfiguration.PluginSettings",
+    "vue.rearranger.settings.migration": "true"
+  }
+}]]></component>
+  <component name="RunManager">
+    <configuration default="true" type="GoApplicationRunConfiguration" factoryName="Go Application">
+      <module name="stacks" />
+      <working_directory value="$PROJECT_DIR$" />
+      <go_parameters value="-i" />
+      <kind />
+      <directory value="$PROJECT_DIR$" />
+      <filePath value="$PROJECT_DIR$" />
+      <method v="2" />
+    </configuration>
+    <configuration default="true" type="GoTestRunConfiguration" factoryName="Go Test">
+      <module name="stacks" />
+      <working_directory value="$PROJECT_DIR$" />
+      <go_parameters value="-i" />
+      <kind />
+      <directory value="$PROJECT_DIR$" />
+      <filePath value="$PROJECT_DIR$" />
+      <framework value="gotest" />
+      <method v="2" />
+    </configuration>
+  </component>
+  <component name="SharedIndexes">
+    <attachedChunks>
+      <set>
+        <option value="bundled-jdk-9823dce3aa75-fdfe4dae3a2d-intellij.indexing.shared.core-IU-243.22562.218" />
+        <option value="bundled-js-predefined-d6986cc7102b-deb605915726-JavaScript-IU-243.22562.218" />
+      </set>
+    </attachedChunks>
+  </component>
+  <component name="SpellCheckerSettings" RuntimeDictionaries="0" Folders="0" CustomDictionaries="0" DefaultDictionary="application-level" UseSingleDictionary="true" transferred="true" />
+  <component name="TaskManager">
+    <task active="true" id="Default" summary="Default task">
+      <changelist id="aba99fd0-1896-47d1-9d37-79604db6fea3" name="Changes" comment="" />
+      <created>1741874334984</created>
+      <option name="number" value="Default" />
+      <option name="presentableId" value="Default" />
+      <updated>1741874334984</updated>
+      <workItem from="1741874336471" duration="392000" />
+    </task>
+    <servers />
+  </component>
+  <component name="TypeScriptGeneratedFilesManager">
+    <option name="version" value="3" />
+  </component>
+  <component name="VgoProject">
+    <settings-migrated>true</settings-migrated>
+  </component>
+</project>

template/stacks/ref-implementation/openbao-alloy-configmap.yaml

@@ -0,0 +1,29 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: openbao-alloy-configmap
+  namespace: argocd
+  labels:
+    env: dev
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    targetRevision: HEAD
+    path: "stacks/ref-implementation/openbao-alloy-configmap"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: openbao
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      selfHeal: true
+    retry:
+      limit: -1
+      backoff:
+        duration: 15s
+        factor: 1
+        maxDuration: 15s

template/stacks/ref-implementation/openbao-alloy-configmap/sidecar-container-alloy-configmap.yaml

@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: sidecar-container-alloy-config
+data:
+  config.yaml: |
+    logging {
+      level  = "info"
+      format = "logfmt"
+    }
+
+    loki.write "local_loki" {
+      endpoint {
+          url = "http://loki-loki-distributed-gateway/loki/api/v1/push"
+      }
+    }
+
+    discovery.kubernetes "pod" {
+      role = "pod"
+    }
+
+    discovery.relabel "openbao_pod_logs" {
+      targets = discovery.kubernetes.pod.targets
+
+      rule {
+        source_labels = ["__meta_kubernetes_pod_name"]
+        action = "keep"
+        regex = "openbao-0"
+      }
+
+      forward_to = [loki.write.local_loki.receiver]
+    }

template/stacks/ref-implementation/openbao.yaml

@@ -23,7 +23,7 @@ spec:
       targetRevision: HEAD
       helm:
         valueFiles:
-          - $values/stacks/ref-implementation/openbao/values.yaml
+          - $values/stacks/ref-implementation/openbao/values.yaml    
     - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
       targetRevision: HEAD
       ref: values

template/stacks/ref-implementation/openbao/values.yaml

@@ -1,4 +1,31 @@
 server:
+  extraContainers:
+    - name: grafana-alloy
+      image: grafana/alloy:latest
+      ports:
+        - containerPort: 12345
+    #  volumeMounts:
+    #    - name: sidecar-container-alloy-config
+    #      mountPath: /etc/alloy/config.yaml
+    #      subPath: config.yaml
+    #  args:
+    #    - --config.file=/etc/alloy/config.yaml
+      volumeMounts:
+        - name: alloy-data
+          mountPath: /var/lib/alloy/data
+      securityContext:
+        runAsUser: 1000
+        fsGroup: 1000
+    
+  volumes:
+    - name: alloy-data
+      emptyDir: {}
+
+  # volumes:
+  #   - name: sidecar-container-alloy-config
+  #     configMap:
+  #       name: sidecar-container-alloy-config
+
   postStart:
     - sh
     - -c
@@ -12,6 +39,8 @@ server:
       echo $(grep "Unseal Key 3:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key3.txt
       echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt
       echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt
+      bao login $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')
+      bao audit enable file file_path=stdout
       rm /tmp/init.txt
 ui:
-  enabled: true
+  enabled: true