6 changed files with 201 additions and 6 deletions
--- a/template/stacks/monitoring/alloy/values.yaml
+++ b/template/stacks/monitoring/alloy/values.yaml
@ -1,10 +1,18 @@
 alloy:
  extraPorts:
    - name: "tcpsocket"
      port: 1514
      targetPort: 1514
      protocol: "TCP"
      appProtocol: "tcp"
  uiPathPrefix: "/alloy"
  create: false
  name: alloy-config
  key: config.alloy
  uiPathPrefix: "/alloy"
  configMap:
    content: |-
@ -72,7 +80,11 @@ alloy:
      }
-      loki.source.kubernetes "all_pod_logs" {
+
-        targets    = discovery.relabel.pod_logs.output
+      loki.source.syslog "tcp_socket" {
        listener {
          address = "0.0.0.0:1514"
          labels   = { component = "loki.source.syslog", protocol = "tcp" }
        }
        forward_to = [loki.write.local_loki.receiver]
-      }
+      }
--- a/template/stacks/ref-implementation/openbao-logging-setup.yaml
+++ b/template/stacks/ref-implementation/openbao-logging-setup.yaml
@ -0,0 +1,29 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: openbao-logging-setup
  namespace: argocd
  labels:
    env: dev
  finalizers:
    - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  source:
    repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
    targetRevision: HEAD
    path: "stacks/ref-implementation/openbao-logging"
  destination:
    server: "https://kubernetes.default.svc"
    namespace: openbao
  syncPolicy:
    syncOptions:
      - CreateNamespace=true
    automated:
      selfHeal: true
    retry:
      limit: -1
      backoff:
        duration: 15s
        factor: 1
        maxDuration: 15s
--- a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml
+++ b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml
@ -0,0 +1,37 @@
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
  name: openbao-logging-dir
  namespace: openbao
 spec:
  selector:
    matchLabels:
      app: openbao-logging-dir
  template:
    metadata:
      labels:
        app: openbao-logging-dir
    spec:
      initContainers:
      - name: creator
        image: busybox
        command: ["/bin/sh", "-c"]
        args:
        - |
          set -e
          mkdir -p /var/log/openbao
          chown 100:100 /var/log/openbao
        securityContext:
          runAsUser: 0 
        volumeMounts:
        - name: host-log
          mountPath: /var/log
      containers:
      - name: running-container
        image: busybox
        command: ["sleep", "infinity"]
      volumes:
      - name: host-log
        hostPath:
          path: /var/log
          type: Directory
--- a/template/stacks/ref-implementation/openbao-logging/logrotate.yaml
+++ b/template/stacks/ref-implementation/openbao-logging/logrotate.yaml
@ -0,0 +1,56 @@
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
  name: openbao-logrotate
  namespace: openbao
 spec:
  selector:
    matchLabels:
      app: openbao-logrotate
  template:
    metadata:
      labels:
        app: openbao-logrotate
    spec:
      containers:
      - name: logrotate
        image: alpine
        command: ["/bin/sh", "-c"]
        args:
        - |
          apk add --no-cache logrotate
          while true; do logrotate -f /etc/logrotate.d/openbao; sleep 60; done
        volumeMounts:
        - name: logrotate-config
          mountPath: /etc/logrotate.d/openbao
          subPath: openbao
        - name: host-log
          mountPath: /var/log/openbao
      volumes:
      - name: logrotate-config
        configMap:
          name: openbao-logrotate-config
      - name: host-log
        hostPath:
          path: /var/log
          type: Directory
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: openbao-logrotate-config
  namespace: openbao
 data:
  openbao: |
    /var/log/openbao/openbao/*.log {
    size 5k
    rotate 7
    compress
    missingok
    notifempty
    postrotate
        mkdir pupa
        kill -SIGHUP $(pidof bao)
    endscript
    }
--- a/template/stacks/ref-implementation/openbao-logging/sidecar-container-alloy-configmap.yaml
+++ b/template/stacks/ref-implementation/openbao-logging/sidecar-container-alloy-configmap.yaml
@ -0,0 +1,26 @@
 # apiVersion: v1
 # kind: ConfigMap
 # metadata:
 #   name: sidecar-container-alloy-config
 # data:
 #   config.alloy: |
 #     logging {
 #       level  = "info"
 #       format = "logfmt"
 #     }
 #     loki.write "local_loki" {
 #       endpoint {
 #           url = "http://loki-loki-distributed-gateway.monitoring.svc.cluster.local/loki/api/v1/push"
 #       }
 #     }
 #     local.file_match "applogs" {
 #       path_targets = [{"__path__" = "/openbao/logs/*"}]
 #       sync_period = "5s"
 #     }
 #     loki.source.file "openbao_logs" {
 #       targets    = local.file_match.applogs.targets
 #       forward_to = [loki.write.local_loki.receiver]
 #     }
--- a/template/stacks/ref-implementation/openbao/values.yaml
+++ b/template/stacks/ref-implementation/openbao/values.yaml
@ -1,9 +1,41 @@
 server:
  # extraContainers:
  #   - name: grafana-alloy
  #     image: grafana/alloy:latest
  #     ports:
  #       - containerPort: 12345
  #     securityContext:
  #       runAsUser: 100
  #     volumeMounts:
  #           - name: alloy-data
  #             mountPath: /var/lib/alloy
  #           - name: config-volume
  #             mountPath: /etc/alloy
  #           - name: host-log-storage
  #             mountPath: /openbao/logs
  volumes:
    # - name: alloy-data
    #   emptyDir: {}
    # - name: config-volume
    #   configMap: 
    #     name: sidecar-container-alloy-config
    - name: host-log-storage
      hostPath:
        path: /var/log
        type: Directory
  volumeMounts:
    - mountPath: /openbao/logs
      name: host-log-storage
      readOnly: false
  postStart:
    - sh
    - -c
    - |
      sleep 10
      rm -rf /openbao/data/*
      bao operator init >> /tmp/init.txt
      cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {}
      echo $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/initial_token.txt
@ -12,6 +44,9 @@ server:
      echo $(grep "Unseal Key 3:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key3.txt
      echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt
      echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt
      bao login $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')
      rm /tmp/init.txt
      bao audit enable -path="stdout" file file_path=stdout
      bao audit enable -path="file" file file_path=/openbao/logs/openbao/openbao.log
 ui:
-  enabled: true
+  enabled: true