runAsUser: 1000 # Run as non-root user

fsGroup: 1000
runAsUser: 0
2025-03-17 15:41:18 +01:00 · 2025-03-17 15:34:43 +01:00 · 2025-03-17 15:30:50 +01:00 · 2025-03-17 15:26:17 +01:00 · 2025-03-17 15:13:12 +01:00 · 2025-03-17 15:05:10 +01:00
5 changed files with 186 additions and 2 deletions
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@ -0,0 +1,94 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
  <component name="AutoImportSettings">
    <option name="autoReloadType" value="SELECTIVE" />
  </component>
  <component name="ChangeListManager">
    <list default="true" id="aba99fd0-1896-47d1-9d37-79604db6fea3" name="Changes" comment="">
      <change beforePath="$PROJECT_DIR$/template/stacks/ref-implementation/openbao.yaml" beforeDir="false" afterPath="$PROJECT_DIR$/template/stacks/ref-implementation/openbao.yaml" afterDir="false" />
    </list>
    <option name="SHOW_DIALOG" value="false" />
    <option name="HIGHLIGHT_CONFLICTS" value="true" />
    <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
    <option name="LAST_RESOLUTION" value="IGNORE" />
  </component>
  <component name="GOROOT" url="file:///opt/homebrew/opt/go/libexec" />
  <component name="Git.Settings">
    <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
  </component>
  <component name="ProjectColorInfo"><![CDATA[{
  "associatedIndex": 3
 }]]></component>
  <component name="ProjectId" id="2uGUJkvpz6ZVfWTftXZXvoUyrKt" />
  <component name="ProjectViewState">
    <option name="hideEmptyMiddlePackages" value="true" />
    <option name="showLibraryContents" value="true" />
  </component>
  <component name="PropertiesComponent"><![CDATA[{
  "keyToString": {
    "RunOnceActivity.ShowReadmeOnStart": "true",
    "RunOnceActivity.git.unshallow": "true",
    "RunOnceActivity.go.formatter.settings.were.checked": "true",
    "RunOnceActivity.go.migrated.go.modules.settings": "true",
    "git-widget-placeholder": "shipping__openbao__logs",
    "go.import.settings.migrated": "true",
    "go.sdk.automatically.set": "true",
    "kotlin-language-version-configured": "true",
    "last_opened_file_path": "/Users/miwr/stacks",
    "node.js.detected.package.eslint": "true",
    "node.js.detected.package.tslint": "true",
    "node.js.selected.package.eslint": "(autodetect)",
    "node.js.selected.package.tslint": "(autodetect)",
    "nodejs_package_manager_path": "npm",
    "settings.editor.selected.configurable": "de.telekom.mms.mmsaiassist.pluginconfiguration.PluginSettings",
    "vue.rearranger.settings.migration": "true"
  }
 }]]></component>
  <component name="RunManager">
    <configuration default="true" type="GoApplicationRunConfiguration" factoryName="Go Application">
      <module name="stacks" />
      <working_directory value="$PROJECT_DIR$" />
      <go_parameters value="-i" />
      <kind />
      <directory value="$PROJECT_DIR$" />
      <filePath value="$PROJECT_DIR$" />
      <method v="2" />
    </configuration>
    <configuration default="true" type="GoTestRunConfiguration" factoryName="Go Test">
      <module name="stacks" />
      <working_directory value="$PROJECT_DIR$" />
      <go_parameters value="-i" />
      <kind />
      <directory value="$PROJECT_DIR$" />
      <filePath value="$PROJECT_DIR$" />
      <framework value="gotest" />
      <method v="2" />
    </configuration>
  </component>
  <component name="SharedIndexes">
    <attachedChunks>
      <set>
        <option value="bundled-jdk-9823dce3aa75-fdfe4dae3a2d-intellij.indexing.shared.core-IU-243.22562.218" />
        <option value="bundled-js-predefined-d6986cc7102b-deb605915726-JavaScript-IU-243.22562.218" />
      </set>
    </attachedChunks>
  </component>
  <component name="SpellCheckerSettings" RuntimeDictionaries="0" Folders="0" CustomDictionaries="0" DefaultDictionary="application-level" UseSingleDictionary="true" transferred="true" />
  <component name="TaskManager">
    <task active="true" id="Default" summary="Default task">
      <changelist id="aba99fd0-1896-47d1-9d37-79604db6fea3" name="Changes" comment="" />
      <created>1741874334984</created>
      <option name="number" value="Default" />
      <option name="presentableId" value="Default" />
      <updated>1741874334984</updated>
      <workItem from="1741874336471" duration="392000" />
    </task>
    <servers />
  </component>
  <component name="TypeScriptGeneratedFilesManager">
    <option name="version" value="3" />
  </component>
  <component name="VgoProject">
    <settings-migrated>true</settings-migrated>
  </component>
 </project>
--- a/template/stacks/ref-implementation/openbao-alloy-configmap.yaml
+++ b/template/stacks/ref-implementation/openbao-alloy-configmap.yaml
@ -0,0 +1,29 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: openbao-alloy-configmap
  namespace: argocd
  labels:
    env: dev
  finalizers:
    - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  source:
    repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
    targetRevision: HEAD
    path: "stacks/ref-implementation/openbao-alloy-configmap"
  destination:
    server: "https://kubernetes.default.svc"
    namespace: openbao
  syncPolicy:
    syncOptions:
      - CreateNamespace=true
    automated:
      selfHeal: true
    retry:
      limit: -1
      backoff:
        duration: 15s
        factor: 1
        maxDuration: 15s
--- a/template/stacks/ref-implementation/openbao-alloy-configmap/sidecar-container-alloy-configmap.yaml
+++ b/template/stacks/ref-implementation/openbao-alloy-configmap/sidecar-container-alloy-configmap.yaml
@ -0,0 +1,32 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: sidecar-container-alloy-config
 data:
  config.yaml: |
    logging {
      level  = "info"
      format = "logfmt"
    }
    loki.write "local_loki" {
      endpoint {
          url = "http://loki-loki-distributed-gateway/loki/api/v1/push"
      }
    }
    discovery.kubernetes "pod" {
      role = "pod"
    }
    discovery.relabel "openbao_pod_logs" {
      targets = discovery.kubernetes.pod.targets
      rule {
        source_labels = ["__meta_kubernetes_pod_name"]
        action = "keep"
        regex = "openbao-0"
      }
      forward_to = [loki.write.local_loki.receiver]
    }
--- a/template/stacks/ref-implementation/openbao/values.yaml
+++ b/template/stacks/ref-implementation/openbao/values.yaml
@ -1,4 +1,31 @@
 server:
  extraContainers:
    - name: grafana-alloy
      image: grafana/alloy:latest
      ports:
        - containerPort: 12345
    #  volumeMounts:
    #    - name: sidecar-container-alloy-config
    #      mountPath: /etc/alloy/config.yaml
    #      subPath: config.yaml
    #  args:
    #    - --config.file=/etc/alloy/config.yaml
      volumeMounts:
        - name: alloy-data
          mountPath: /var/lib/alloy/data
      securityContext:
        runAsUser: 1000
        fsGroup: 1000
  volumes:
    - name: alloy-data
      emptyDir: {}
  # volumes:
  #   - name: sidecar-container-alloy-config
  #     configMap:
  #       name: sidecar-container-alloy-config
  postStart:
    - sh
    - -c
@ -12,6 +39,8 @@ server:
      echo $(grep "Unseal Key 3:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key3.txt
      echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt
      echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt
      bao login $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')
      bao audit enable file file_path=stdout
      rm /tmp/init.txt
 ui:
  enabled: true
Author	SHA1	Message	Date
miwr	e993c274b0	runAsUser: 1000 # Run as non-root user fsGroup: 1000	2025-03-17 15:41:18 +01:00
miwr	46072b8f81	runAsUser: 0	2025-03-17 15:34:43 +01:00
miwr	8617e200ea	securityContext: runAsUser: 1000 fsGroup: 1000	2025-03-17 15:30:50 +01:00
miwr	c30cf9f380	/tmp/alloy/data	2025-03-17 15:26:17 +01:00
miwr	872c9dc8e5	volumes: - name: alloy-data emptyDir: {}	2025-03-17 15:13:12 +01:00
miwr	27dc5966e9	# args: # - --config.file=/etc/alloy/config.yaml	2025-03-17 15:05:10 +01:00
miwr	aeca6100f5	/etc/alloy/config.yaml	2025-03-17 14:49:33 +01:00
miwr	4e673f674d	extraVolumes deprecated	2025-03-17 14:37:58 +01:00
miwr	be1c3cee7a	test	2025-03-17 14:31:26 +01:00
miwr	f0632db48b	extraContainers: - name: grafana-alloy image: grafana/alloy:latest ports: - containerPort: 12345 volumeMounts: - name: sidecar-container-alloy-config mountPath: /etc/alloy subPath: config.yaml args: - --config.file=/etc/alloy/config.yaml	2025-03-17 14:23:11 +01:00
miwr	7b77d870c6	extraVolumes: - name: sidecar-container-alloy-config configMap: name: sidecar-container-alloy-config	2025-03-17 14:17:13 +01:00
miwr	deaed1bdcc	path: "stacks/ref-implementation/openbao-alloy-configmap"	2025-03-17 14:12:18 +01:00
miwr	2890437647	ref-implementation/openbao/sidecar-container-alloy-configmap	2025-03-17 14:07:43 +01:00
miwr	f873cd8aef	new directory for the configmap	2025-03-17 14:00:05 +01:00
miwr	3eec895f67	test	2025-03-17 13:46:53 +01:00
miwr	4b553dd258	config map separately	2025-03-17 13:31:43 +01:00
miwr	f1d940561d	adjustment of openbao.ymal	2025-03-17 13:15:47 +01:00
miwr	e2ad485759	sidecar container added	2025-03-17 12:55:46 +01:00
miwr	29d4ca9fe6	removing alloy as a separate pod in the same namespace	2025-03-13 15:50:17 +01:00
miwr	de8dc94e28	operations/helm/charts/alloy path fixed	2025-03-13 15:16:02 +01:00
miwr	48a28127ce	testing	2025-03-13 15:14:39 +01:00
miwr	83e1215d7d	adding a side-car logging container for openbao	2025-03-13 15:09:06 +01:00
miwr	28916f2278	Merge branch 'alloy_implementation' into shipping_openbao_logs # Conflicts: # .gitignore	2025-03-13 14:59:45 +01:00
miwr	a4502f2ecb	provisional solution for the shipping done	2025-03-13 14:01:45 +01:00
miwr	3dd9b7a544	rm /tmp/init.txt moved a few lines down	2025-03-13 13:52:29 +01:00
miwr	5518e9e2d7	echo deleted	2025-03-13 13:24:44 +01:00
miwr	bc90465579	echos for testing	2025-03-13 13:15:19 +01:00
miwr	524d0c67e0	bao audit enable file file_path=stdout	2025-03-13 13:03:08 +01:00