DevFW-CICD/stacks
DevFW-CICD/stacks
Archived
16
0
Fork 2
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

shipping_openbao_logs #17

Closed
Michal.Wrobel wants to merge 130 commits from shipping_openbao_logs into development
pull from: shipping_openbao_logs
merge into: DevFW-CICD:development
Conversation 1 Commits 130 Files changed 6 +201 -6
6 changed files with 201 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
template/stacks/monitoring/alloy/values.yaml
View file

@ -1,10 +1,18 @@
alloy:
extraPorts:
- name: "tcpsocket"
port: 1514
targetPort: 1514
protocol: "TCP"
appProtocol: "tcp"
uiPathPrefix: "/alloy"
create: false
name: alloy-config
key: config.alloy
uiPathPrefix: "/alloy"
configMap:
content: |-
@ -72,7 +80,11 @@ alloy:
}
loki.source.kubernetes "all_pod_logs" {
targets = discovery.relabel.pod_logs.output
loki.source.syslog "tcp_socket" {
listener {
address = "0.0.0.0:1514"
labels = { component = "loki.source.syslog", protocol = "tcp" }
}
forward_to = [loki.write.local_loki.receiver]
}
}

29
template/stacks/ref-implementation/openbao-logging-setup.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: openbao-logging-setup
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
targetRevision: HEAD
path: "stacks/ref-implementation/openbao-logging"
destination:
server: "https://kubernetes.default.svc"
namespace: openbao
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
selfHeal: true
retry:
limit: -1
backoff:
duration: 15s
factor: 1
maxDuration: 15s

37
template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml Normal file
View file

@ -0,0 +1,37 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: openbao-logging-dir
namespace: openbao
spec:
selector:
matchLabels:
app: openbao-logging-dir
template:
metadata:
labels:
app: openbao-logging-dir
spec:
initContainers:
- name: creator
image: busybox
command: ["/bin/sh", "-c"]
args:
- |
set -e
mkdir -p /var/log/openbao
chown 100:100 /var/log/openbao
securityContext:
runAsUser: 0
volumeMounts:
- name: host-log
mountPath: /var/log
containers:
- name: running-container
image: busybox
command: ["sleep", "infinity"]
volumes:
- name: host-log
hostPath:
path: /var/log
type: Directory

56
template/stacks/ref-implementation/openbao-logging/logrotate.yaml Normal file
View file

@ -0,0 +1,56 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: openbao-logrotate
namespace: openbao
spec:
selector:
matchLabels:
app: openbao-logrotate
template:
metadata:
labels:
app: openbao-logrotate
spec:
containers:
- name: logrotate
image: alpine
command: ["/bin/sh", "-c"]
args:
- |
apk add --no-cache logrotate
while true; do logrotate -f /etc/logrotate.d/openbao; sleep 60; done
volumeMounts:
- name: logrotate-config
mountPath: /etc/logrotate.d/openbao
subPath: openbao
- name: host-log
mountPath: /var/log/openbao
volumes:
- name: logrotate-config
configMap:
name: openbao-logrotate-config
- name: host-log
hostPath:
path: /var/log
type: Directory
---
apiVersion: v1
kind: ConfigMap
metadata:
name: openbao-logrotate-config
namespace: openbao
data:
openbao: |
/var/log/openbao/openbao/*.log {
size 5k
rotate 7
compress
missingok
notifempty
postrotate
mkdir pupa
kill -SIGHUP $(pidof bao)
endscript
}

26
template/stacks/ref-implementation/openbao-logging/sidecar-container-alloy-configmap.yaml Normal file
View file

@ -0,0 +1,26 @@
# apiVersion: v1
# kind: ConfigMap
# metadata:
# name: sidecar-container-alloy-config
# data:
# config.alloy: |
# logging {
# level = "info"
# format = "logfmt"
# }
# loki.write "local_loki" {
# endpoint {
# url = "http://loki-loki-distributed-gateway.monitoring.svc.cluster.local/loki/api/v1/push"
# }
# }
# local.file_match "applogs" {
# path_targets = [{"__path__" = "/openbao/logs/*"}]
# sync_period = "5s"
# }
# loki.source.file "openbao_logs" {
# targets = local.file_match.applogs.targets
# forward_to = [loki.write.local_loki.receiver]
# }

37
template/stacks/ref-implementation/openbao/values.yaml
View file

@ -1,9 +1,41 @@
server:
# extraContainers:
# - name: grafana-alloy
# image: grafana/alloy:latest
# ports:
# - containerPort: 12345
# securityContext:
# runAsUser: 100
# volumeMounts:
# - name: alloy-data
# mountPath: /var/lib/alloy
# - name: config-volume
# mountPath: /etc/alloy
# - name: host-log-storage
# mountPath: /openbao/logs
volumes:
# - name: alloy-data
# emptyDir: {}
# - name: config-volume
# configMap:
# name: sidecar-container-alloy-config
- name: host-log-storage
hostPath:
path: /var/log
type: Directory
volumeMounts:
- mountPath: /openbao/logs
name: host-log-storage
readOnly: false
postStart:
- sh
- -c
- |
sleep 10
rm -rf /openbao/data/*
bao operator init >> /tmp/init.txt
cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {}
echo $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/initial_token.txt
@ -12,6 +44,9 @@ server:
echo $(grep "Unseal Key 3:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key3.txt
echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt
echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt
bao login $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')
rm /tmp/init.txt
bao audit enable -path="stdout" file file_path=stdout
bao audit enable -path="file" file file_path=/openbao/logs/openbao/openbao.log
ui:
enabled: true
enabled: true