From d057e9dae15ab7bb343a3da4f82bcac644cf7e78 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 26 Mar 2025 14:44:35 +0100 Subject: [PATCH 001/106] configuration added --- .../openbao-alloy-configmap.yaml | 29 +++++++++++++++++++ .../sidecar-container-alloy-configmap.yaml | 25 ++++++++++++++++ .../ref-implementation/openbao/values.yaml | 24 +++++++++++++++ 3 files changed, 78 insertions(+) create mode 100644 template/stacks/ref-implementation/openbao-alloy-configmap.yaml create mode 100644 template/stacks/ref-implementation/openbao-logging/sidecar-container-alloy-configmap.yaml diff --git a/template/stacks/ref-implementation/openbao-alloy-configmap.yaml b/template/stacks/ref-implementation/openbao-alloy-configmap.yaml new file mode 100644 index 0000000..d6f9bc6 --- /dev/null +++ b/template/stacks/ref-implementation/openbao-alloy-configmap.yaml @@ -0,0 +1,29 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: openbao-logging-setup + namespace: argocd + labels: + env: dev + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder + targetRevision: HEAD + path: "stacks/ref-implementation/openbao-logging" + destination: + server: "https://kubernetes.default.svc" + namespace: openbao + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + selfHeal: true + retry: + limit: -1 + backoff: + duration: 15s + factor: 1 + maxDuration: 15s diff --git a/template/stacks/ref-implementation/openbao-logging/sidecar-container-alloy-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/sidecar-container-alloy-configmap.yaml new file mode 100644 index 0000000..b0129a6 --- /dev/null +++ b/template/stacks/ref-implementation/openbao-logging/sidecar-container-alloy-configmap.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: sidecar-container-alloy-config +data: + config.alloy: | + logging { + level = "info" + format = "logfmt" + } + loki.write "local_loki" { + endpoint { + url = "http://loki-loki-distributed-gateway.monitoring.svc.cluster.local/loki/api/v1/push" + } + } + + local.file_match "applogs" { + path_targets = [{"__path__" = "/openbao/logs/*"}] + sync_period = "5s" + } + + loki.source.file "openbao_logs" { + targets = local.file_match.applogs.targets + forward_to = [loki.write.local_loki.receiver] + } \ No newline at end of file diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 0ff72cf..e984864 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -1,9 +1,32 @@ server: + extraContainers: + - name: grafana-alloy + image: grafana/alloy:latest + ports: + - containerPort: 12345 + securityContext: + runAsUser: 100 + volumeMounts: + - name: log-storage + mountPath: /openbao/logs + - name: alloy-data + mountPath: /var/lib/alloy + - name: config-volume + mountPath: /etc/alloy + volumes: + - name: log-storage + emptyDir: {} + - name: alloy-data + emptyDir: {} + - name: config-volume + configMap: + name: sidecar-container-alloy-config postStart: - sh - -c - | sleep 10 + rm -rf /openbao/data/* # UN-initialises the openbao server (necessary for the new instance to spin up if the pod or container crashes) bao operator init >> /tmp/init.txt cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {} echo $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/initial_token.txt @@ -13,5 +36,6 @@ server: echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt rm /tmp/init.txt + bao audit enable file file_path=/var/log/openbao.log # enables the audit ui: enabled: true -- 2.45.2 From a9ad7c1c5c00c77c75c8f61979bc3f563d838a59 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 26 Mar 2025 15:24:19 +0100 Subject: [PATCH 002/106] comments deleted --- template/stacks/ref-implementation/openbao/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index e984864..35eb57f 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -26,7 +26,7 @@ server: - -c - | sleep 10 - rm -rf /openbao/data/* # UN-initialises the openbao server (necessary for the new instance to spin up if the pod or container crashes) + rm -rf /openbao/data/* bao operator init >> /tmp/init.txt cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {} echo $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/initial_token.txt @@ -36,6 +36,6 @@ server: echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt rm /tmp/init.txt - bao audit enable file file_path=/var/log/openbao.log # enables the audit + bao audit enable file file_path=/var/log/openbao.log ui: enabled: true -- 2.45.2 From bd89c91d524d2a8ec87ed53f56fe6b51fa71a65f Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 26 Mar 2025 15:31:49 +0100 Subject: [PATCH 003/106] forgot to add login --- template/stacks/ref-implementation/openbao/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 35eb57f..9451314 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -35,6 +35,7 @@ server: echo $(grep "Unseal Key 3:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key3.txt echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt + bao login $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}') rm /tmp/init.txt bao audit enable file file_path=/var/log/openbao.log ui: -- 2.45.2 From aaaf905edc873218b3af3e6ab9844f5fa75646df Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 26 Mar 2025 15:40:05 +0100 Subject: [PATCH 004/106] # rm -rf /openbao/data/* --- template/stacks/ref-implementation/openbao/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 9451314..70cde19 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -26,7 +26,7 @@ server: - -c - | sleep 10 - rm -rf /openbao/data/* + # rm -rf /openbao/data/* bao operator init >> /tmp/init.txt cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {} echo $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/initial_token.txt @@ -37,6 +37,6 @@ server: echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt bao login $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}') rm /tmp/init.txt - bao audit enable file file_path=/var/log/openbao.log + bao audit enable -path="file" file file_path=/var/log/openbao.log ui: enabled: true -- 2.45.2 From 450b5ff1a8b94280c652a2bfe5b4d8aa827da8a1 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 26 Mar 2025 15:42:15 +0100 Subject: [PATCH 005/106] # removed --- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 70cde19..fdedb44 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -26,7 +26,7 @@ server: - -c - | sleep 10 - # rm -rf /openbao/data/* + rm -rf /openbao/data/* bao operator init >> /tmp/init.txt cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {} echo $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/initial_token.txt -- 2.45.2 From 1cb714aabb20296c1124ed1cb75863d32dc2704b Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 26 Mar 2025 15:51:24 +0100 Subject: [PATCH 006/106] volumeMounts: - mountPath: /var/log name: log-storage readOnly: false --- template/stacks/ref-implementation/openbao/values.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index fdedb44..5096f09 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -21,6 +21,12 @@ server: - name: config-volume configMap: name: sidecar-container-alloy-config + + volumeMounts: + - mountPath: /var/log + name: log-storage + readOnly: false + postStart: - sh - -c -- 2.45.2 From 6a5be1257cafd11d9cf899381dbb49d473db67c3 Mon Sep 17 00:00:00 2001 From: miwr Date: Thu, 27 Mar 2025 13:19:45 +0100 Subject: [PATCH 007/106] bao audit enable file file_path=stdout --- template/stacks/ref-implementation/openbao/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 5096f09..88179e0 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -43,6 +43,7 @@ server: echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt bao login $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}') rm /tmp/init.txt + bao audit enable file file_path=stdout bao audit enable -path="file" file file_path=/var/log/openbao.log ui: enabled: true -- 2.45.2 From c79114f4633cb70f14690cdd39f3e724e2e353ff Mon Sep 17 00:00:00 2001 From: miwr Date: Thu, 27 Mar 2025 13:43:26 +0100 Subject: [PATCH 008/106] # bao audit enable file file_path=stdout --- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 88179e0..4c53da3 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -43,7 +43,7 @@ server: echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt bao login $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}') rm /tmp/init.txt - bao audit enable file file_path=stdout + # bao audit enable file file_path=stdout bao audit enable -path="file" file file_path=/var/log/openbao.log ui: enabled: true -- 2.45.2 From 6acd284b83908526b651d539fef9b890e24983f2 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 10:03:59 +0200 Subject: [PATCH 009/106] - name: logrotate image: alpine:latest command: ["/bin/sh", "-c", "while true; do /usr/sbin/logrotate /etc/logrotate.conf; sleep 60; done"] securityContext: runAsUser: 100 volumeMounts: - name: host-log-storage mountPath: /openbao/logs - name: logrotate-config mountPath: /etc/logrotate.conf subPath: logrotate.conf --- .../ref-implementation/openbao/values.yaml | 27 ++++++++++++++----- 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 4c53da3..becbe06 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -6,13 +6,24 @@ server: - containerPort: 12345 securityContext: runAsUser: 100 - volumeMounts: - - name: log-storage - mountPath: /openbao/logs + volumeMounts: - name: alloy-data mountPath: /var/lib/alloy - name: config-volume mountPath: /etc/alloy + - name: host-log-storage + mountPath: /openbao/logs + - name: logrotate + image: alpine:latest + command: ["/bin/sh", "-c", "while true; do /usr/sbin/logrotate /etc/logrotate.conf; sleep 60; done"] + securityContext: + runAsUser: 100 + volumeMounts: + - name: host-log-storage + mountPath: /openbao/logs + - name: logrotate-config + mountPath: /etc/logrotate.conf + subPath: logrotate.conf volumes: - name: log-storage emptyDir: {} @@ -20,11 +31,15 @@ server: emptyDir: {} - name: config-volume configMap: - name: sidecar-container-alloy-config + name: sidecar-container-alloy-config + - name: host-log-storage + hostPath: + path: /var/log + type: Directory volumeMounts: - - mountPath: /var/log - name: log-storage + - mountPath: /openbao/logs + name: host-log-storage readOnly: false postStart: -- 2.45.2 From 3853370a8c8f2af75d3f55496ee4b7aeb2289056 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 10:10:59 +0200 Subject: [PATCH 010/106] # - name: logrotate-config # mountPath: /etc/logrotate.conf # subPath: logrotate.conf --- template/stacks/ref-implementation/openbao/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index becbe06..772a535 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -21,9 +21,9 @@ server: volumeMounts: - name: host-log-storage mountPath: /openbao/logs - - name: logrotate-config - mountPath: /etc/logrotate.conf - subPath: logrotate.conf + # - name: logrotate-config + # mountPath: /etc/logrotate.conf + # subPath: logrotate.conf volumes: - name: log-storage emptyDir: {} -- 2.45.2 From 881b65fcecf338537dbb404d36c19f00f2b124a9 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 10:19:39 +0200 Subject: [PATCH 011/106] apiVersion: apps/v1 kind: DaemonSet metadata: name: openbao-logging-dir namespace: openbao spec: selector: matchLabels: app: openbao-logging-dir template: metadata: labels: app: openbao-logging-dir spec: initContainers: - name: creator image: busybox command: ["/bin/sh", "-c"] args: - | set -e mkdir -p /var/log/openbao chown 100:100 /var/log/openbao securityContext: runAsUser: 0 volumeMounts: - name: host-log mountPath: /var/log containers: - name: running-container image: busybox command: ["sleep", "infinity"] volumes: - name: host-log hostPath: path: /var/log type: Directory --- .../open-bao-logging-setup.yaml | 29 +++++++++++++++ .../create-logging-directory.yaml | 37 +++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 template/stacks/ref-implementation/open-bao-logging-setup.yaml create mode 100644 template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml diff --git a/template/stacks/ref-implementation/open-bao-logging-setup.yaml b/template/stacks/ref-implementation/open-bao-logging-setup.yaml new file mode 100644 index 0000000..5c26dc7 --- /dev/null +++ b/template/stacks/ref-implementation/open-bao-logging-setup.yaml @@ -0,0 +1,29 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: openbao-logging-setup + namespace: argocd + labels: + env: dev + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder + targetRevision: HEAD + path: "stacks/ref-implementation/openbao-logging" + destination: + server: "https://kubernetes.default.svc" + namespace: openbao + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + selfHeal: true + retry: + limit: -1 + backoff: + duration: 15s + factor: 1 + maxDuration: 15s \ No newline at end of file diff --git a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml new file mode 100644 index 0000000..b46e3c0 --- /dev/null +++ b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: openbao-logging-dir + namespace: openbao +spec: + selector: + matchLabels: + app: openbao-logging-dir + template: + metadata: + labels: + app: openbao-logging-dir + spec: + initContainers: + - name: creator + image: busybox + command: ["/bin/sh", "-c"] + args: + - | + set -e + mkdir -p /var/log/openbao + chown 100:100 /var/log/openbao + securityContext: + runAsUser: 0 + volumeMounts: + - name: host-log + mountPath: /var/log + containers: + - name: running-container + image: busybox + command: ["sleep", "infinity"] + volumes: + - name: host-log + hostPath: + path: /var/log + type: Directory \ No newline at end of file -- 2.45.2 From 08471dee479081187e4f9afe6425058b0f80fa30 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 10:25:48 +0200 Subject: [PATCH 012/106] bao audit enable -path="file" file file_path=/var/log/openbao/openbao.log --- template/stacks/ref-implementation/openbao/values.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 772a535..1bcfd39 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -1,5 +1,6 @@ server: - extraContainers: + shareProcessNamespace: true + extraContainers: - name: grafana-alloy image: grafana/alloy:latest ports: @@ -59,6 +60,6 @@ server: bao login $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}') rm /tmp/init.txt # bao audit enable file file_path=stdout - bao audit enable -path="file" file file_path=/var/log/openbao.log + bao audit enable -path="file" file file_path=/var/log/openbao/openbao.log ui: enabled: true -- 2.45.2 From 06303ef35565ede99ce8de6cc4b19ed18bf3ecc1 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 10:30:15 +0200 Subject: [PATCH 013/106] bao audit enable -path="file" file file_path=/openbao/logs/openbao/openbao.log --- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 1bcfd39..ca66789 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -60,6 +60,6 @@ server: bao login $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}') rm /tmp/init.txt # bao audit enable file file_path=stdout - bao audit enable -path="file" file file_path=/var/log/openbao/openbao.log + bao audit enable -path="file" file file_path=/openbao/logs/openbao/openbao.log ui: enabled: true -- 2.45.2 From 30f0c6f2188c0d49d6a34d2545bf62fb6409e808 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 10:54:23 +0200 Subject: [PATCH 014/106] debian:stable-slim --- .../openbao-logging/logrotate-configmap.yaml | 14 ++++++++++++++ .../stacks/ref-implementation/openbao/values.yaml | 5 ++++- 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml new file mode 100644 index 0000000..44712ee --- /dev/null +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: logrotate-config +data: + logrotate.conf: | + /openbao/logs/*.log { + daily + rotate 7 + compress + missingok + notifempty + copytruncate + } \ No newline at end of file diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index ca66789..75edd47 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -15,7 +15,7 @@ server: - name: host-log-storage mountPath: /openbao/logs - name: logrotate - image: alpine:latest + image: debian:stable-slim command: ["/bin/sh", "-c", "while true; do /usr/sbin/logrotate /etc/logrotate.conf; sleep 60; done"] securityContext: runAsUser: 100 @@ -33,6 +33,9 @@ server: - name: config-volume configMap: name: sidecar-container-alloy-config + - name: config-logrotate + configMap: + name: logrotate-config - name: host-log-storage hostPath: path: /var/log -- 2.45.2 From 398c94fbc8ef98c54576457f9c2fefae19d8734f Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 11:02:11 +0200 Subject: [PATCH 015/106] alpine:latest --- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 75edd47..c13da71 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -15,7 +15,7 @@ server: - name: host-log-storage mountPath: /openbao/logs - name: logrotate - image: debian:stable-slim + image: alpine:latest command: ["/bin/sh", "-c", "while true; do /usr/sbin/logrotate /etc/logrotate.conf; sleep 60; done"] securityContext: runAsUser: 100 -- 2.45.2 From a35aefc376157c0bc98e6f8a85594296927427f4 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 11:07:40 +0200 Subject: [PATCH 016/106] image: debian:stable-slim --- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index c13da71..75edd47 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -15,7 +15,7 @@ server: - name: host-log-storage mountPath: /openbao/logs - name: logrotate - image: alpine:latest + image: debian:stable-slim command: ["/bin/sh", "-c", "while true; do /usr/sbin/logrotate /etc/logrotate.conf; sleep 60; done"] securityContext: runAsUser: 100 -- 2.45.2 From 17f578dde2fc020aafcd69760cf8f2f21eaf3e88 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 11:20:56 +0200 Subject: [PATCH 017/106] blacklabelops/logrotate --- .../openbao-logging/logrotate-configmap.yaml | 17 ++++++++++------- .../ref-implementation/openbao/values.yaml | 4 ++-- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml index 44712ee..7cab8de 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml @@ -4,11 +4,14 @@ metadata: name: logrotate-config data: logrotate.conf: | - /openbao/logs/*.log { - daily - rotate 7 - compress - missingok - notifempty - copytruncate + /openbao/logs/openbao/*.log { + size 5k + rotate 7 + compress + missingok + notifempty + postrotate + mkdir pupa + kill -SIGHUP $(pidof bao) + endscript } \ No newline at end of file diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 75edd47..48ed7fe 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -15,8 +15,8 @@ server: - name: host-log-storage mountPath: /openbao/logs - name: logrotate - image: debian:stable-slim - command: ["/bin/sh", "-c", "while true; do /usr/sbin/logrotate /etc/logrotate.conf; sleep 60; done"] + image: blacklabelops/logrotate:latest # MIT-License + # command: ["/bin/sh", "-c", "while true; do /usr/sbin/logrotate /etc/logrotate.conf; sleep 60; done"] securityContext: runAsUser: 100 volumeMounts: -- 2.45.2 From 0485a8fb765be32c9e9886e56a56f0153b1885b5 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 11:42:14 +0200 Subject: [PATCH 018/106] image: skymatic/logrotate:latest --- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 48ed7fe..4e145da 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -15,7 +15,7 @@ server: - name: host-log-storage mountPath: /openbao/logs - name: logrotate - image: blacklabelops/logrotate:latest # MIT-License + image: skymatic/logrotate:latest # MIT License # command: ["/bin/sh", "-c", "while true; do /usr/sbin/logrotate /etc/logrotate.conf; sleep 60; done"] securityContext: runAsUser: 100 -- 2.45.2 From 5e47caaee135e2efc8f77780c2fe96c3fdf30aaa Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 11:54:31 +0200 Subject: [PATCH 019/106] - name: logrotate image: imroc/logrotate:latest env: - name: LOGROTATE_FILE_PATTERN value: "/var/log/nginx/nginx_*.log" - name: LOGROTATE_FILESIZE value: "20M" - name: LOGROTATE_FILENUM value: "10" - name: CRON_EXPR value: "*/1 * * * *" - name: CROND_LOGLEVEL value: "7" --- .../stacks/ref-implementation/openbao/values.yaml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 4e145da..08b87dd 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -15,7 +15,18 @@ server: - name: host-log-storage mountPath: /openbao/logs - name: logrotate - image: skymatic/logrotate:latest # MIT License + image: imroc/logrotate:latest + env: + - name: LOGROTATE_FILE_PATTERN + value: "/var/log/nginx/nginx_*.log" + - name: LOGROTATE_FILESIZE + value: "20M" + - name: LOGROTATE_FILENUM + value: "10" + - name: CRON_EXPR + value: "*/1 * * * *" + - name: CROND_LOGLEVEL + value: "7" # command: ["/bin/sh", "-c", "while true; do /usr/sbin/logrotate /etc/logrotate.conf; sleep 60; done"] securityContext: runAsUser: 100 -- 2.45.2 From 508ecd3f1217b4b0456a3cf71f8fc567aec2e9c5 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 12:07:24 +0200 Subject: [PATCH 020/106] imagePullPolicy: IfNotPresent --- template/stacks/ref-implementation/openbao/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 08b87dd..e1257ff 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -16,6 +16,7 @@ server: mountPath: /openbao/logs - name: logrotate image: imroc/logrotate:latest + imagePullPolicy: IfNotPresent env: - name: LOGROTATE_FILE_PATTERN value: "/var/log/nginx/nginx_*.log" -- 2.45.2 From f6d18428764d6aeed575e67a25d18e353138b1ec Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 12:14:19 +0200 Subject: [PATCH 021/106] image: skymatic/logrotate:latest --- .../stacks/ref-implementation/openbao/values.yaml | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index e1257ff..59223a3 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -15,19 +15,7 @@ server: - name: host-log-storage mountPath: /openbao/logs - name: logrotate - image: imroc/logrotate:latest - imagePullPolicy: IfNotPresent - env: - - name: LOGROTATE_FILE_PATTERN - value: "/var/log/nginx/nginx_*.log" - - name: LOGROTATE_FILESIZE - value: "20M" - - name: LOGROTATE_FILENUM - value: "10" - - name: CRON_EXPR - value: "*/1 * * * *" - - name: CROND_LOGLEVEL - value: "7" + image: skymatic/logrotate:latest # command: ["/bin/sh", "-c", "while true; do /usr/sbin/logrotate /etc/logrotate.conf; sleep 60; done"] securityContext: runAsUser: 100 -- 2.45.2 From e5ccae1aab0ab3a479aa15438346e2139aecdf70 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 12:22:35 +0200 Subject: [PATCH 022/106] - name: logrotate-config mountPath: /etc/logrotate.conf subPath: logrotate.conf readOnly: true --- template/stacks/ref-implementation/openbao/values.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 59223a3..b7781e7 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -22,9 +22,10 @@ server: volumeMounts: - name: host-log-storage mountPath: /openbao/logs - # - name: logrotate-config - # mountPath: /etc/logrotate.conf - # subPath: logrotate.conf + - name: logrotate-config + mountPath: /etc/logrotate.conf + subPath: logrotate.conf + readOnly: true volumes: - name: log-storage emptyDir: {} -- 2.45.2 From 0107666fe2ebaf173c63f1c918eb202dfe8ba5de Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 12:31:38 +0200 Subject: [PATCH 023/106] logrotate-config-volume --- template/stacks/ref-implementation/openbao/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index b7781e7..95143da 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -22,7 +22,7 @@ server: volumeMounts: - name: host-log-storage mountPath: /openbao/logs - - name: logrotate-config + - name: logrotate-config-volume mountPath: /etc/logrotate.conf subPath: logrotate.conf readOnly: true @@ -34,7 +34,7 @@ server: - name: config-volume configMap: name: sidecar-container-alloy-config - - name: config-logrotate + - name: logrotate-config-volume configMap: name: logrotate-config - name: host-log-storage -- 2.45.2 From 631be775f5f43bed3d61fed7d2cd7aea1553afa1 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 13:28:37 +0200 Subject: [PATCH 024/106] chown logrotate:logrotate /var/lib/logrotate.status --- .../grant-priviledges-to-logrotate.yaml | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml diff --git a/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml b/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml new file mode 100644 index 0000000..7db4e5b --- /dev/null +++ b/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: logrotate-priveledges + namespace: openbao +spec: + selector: + matchLabels: + app: ologrotate-priveledges + template: + metadata: + labels: + app: logrotate-priveledges + spec: + initContainers: + - name: creator + image: busybox + command: ["/bin/sh", "-c", "useradd -u 100 logrotate && tail -f /dev/null", "chown logrotate:logrotate /var/lib/logrotate.status"] + securityContext: + runAsUser: 0 + containers: + - name: running-container + image: busybox + command: ["sleep", "infinity"] + restartPolicy: Never \ No newline at end of file -- 2.45.2 From bc6ed363e233a918eb38c66868841f14e92b3d2a Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 13:38:33 +0200 Subject: [PATCH 025/106] logrotate-priviledges --- .../openbao-logging/grant-priviledges-to-logrotate.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml b/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml index 7db4e5b..163cba2 100644 --- a/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml +++ b/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml @@ -1,21 +1,21 @@ apiVersion: apps/v1 kind: DaemonSet metadata: - name: logrotate-priveledges + name: logrotate-priviledges namespace: openbao spec: selector: matchLabels: - app: ologrotate-priveledges + app: logrotate-priviledges template: metadata: labels: - app: logrotate-priveledges + app: logrotate-priviledges spec: initContainers: - name: creator image: busybox - command: ["/bin/sh", "-c", "useradd -u 100 logrotate && tail -f /dev/null", "chown logrotate:logrotate /var/lib/logrotate.status"] + command: ["/bin/sh", "-c", "useradd -u 100 logrotate && tail -f /dev/null", "chown logrotate:logrotate /var/lib"] securityContext: runAsUser: 0 containers: -- 2.45.2 From 5a802be864fecaa0113577103e435e58ba63d970 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 13:45:05 +0200 Subject: [PATCH 026/106] - | set -e useradd -u 100 logrotate chown logrotate:logrotate /var/lib tail -f /dev/null --- .../openbao-logging/grant-priviledges-to-logrotate.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml b/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml index 163cba2..3c26b74 100644 --- a/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml +++ b/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml @@ -15,7 +15,13 @@ spec: initContainers: - name: creator image: busybox - command: ["/bin/sh", "-c", "useradd -u 100 logrotate && tail -f /dev/null", "chown logrotate:logrotate /var/lib"] + command: ["/bin/sh", "-c"] + args: + - | + set -e + useradd -u 100 logrotate + chown logrotate:logrotate /var/lib + tail -f /dev/null securityContext: runAsUser: 0 containers: -- 2.45.2 From a42df6275cc8093c922230f5a4518142f0b71428 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 13:50:24 +0200 Subject: [PATCH 027/106] restart policy removed --- .../openbao-logging/grant-priviledges-to-logrotate.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml b/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml index 3c26b74..4df2fcf 100644 --- a/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml +++ b/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml @@ -27,5 +27,4 @@ spec: containers: - name: running-container image: busybox - command: ["sleep", "infinity"] - restartPolicy: Never \ No newline at end of file + command: ["sleep", "infinity"] \ No newline at end of file -- 2.45.2 From abd7da5cd32eb99d4e71406eff2011fca2d2d98a Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 13:58:12 +0200 Subject: [PATCH 028/106] image: alpine:latest --- .../openbao-logging/grant-priviledges-to-logrotate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml b/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml index 4df2fcf..229e3d1 100644 --- a/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml +++ b/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml @@ -14,7 +14,7 @@ spec: spec: initContainers: - name: creator - image: busybox + image: alpine:latest command: ["/bin/sh", "-c"] args: - | -- 2.45.2 From f13bf825ff92787dcf08a1b738ea014f135ee25a Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 14:03:43 +0200 Subject: [PATCH 029/106] set -e chown 100:100 /var/lib tail -f /dev/null --- .../openbao-logging/grant-priviledges-to-logrotate.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml b/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml index 229e3d1..abe7aa9 100644 --- a/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml +++ b/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml @@ -19,8 +19,7 @@ spec: args: - | set -e - useradd -u 100 logrotate - chown logrotate:logrotate /var/lib + chown 100:100 /var/lib tail -f /dev/null securityContext: runAsUser: 0 -- 2.45.2 From 63b17c9e32e9853fbe44b2c5f560d22c5d2cb10d Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 14:10:34 +0200 Subject: [PATCH 030/106] echo "logrotate:x:100:100::/home/logrotate:/bin/sh" >> /etc/passwd echo "logrotate:x:100:" >> /etc/group --- .../openbao-logging/grant-priviledges-to-logrotate.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml b/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml index abe7aa9..31f85ae 100644 --- a/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml +++ b/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml @@ -19,7 +19,9 @@ spec: args: - | set -e - chown 100:100 /var/lib + echo "logrotate:x:100:100::/home/logrotate:/bin/sh" >> /etc/passwd + echo "logrotate:x:100:" >> /etc/group + chown logrotate:logrotate /var/lib tail -f /dev/null securityContext: runAsUser: 0 -- 2.45.2 From fd02d55ddad322db896a84f4f577dd0d9f8fcf37 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 14:26:58 +0200 Subject: [PATCH 031/106] bao audit enable file file_path=stdout --- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 95143da..a470528 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -63,7 +63,7 @@ server: echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt bao login $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}') rm /tmp/init.txt - # bao audit enable file file_path=stdout + bao audit enable file file_path=stdout bao audit enable -path="file" file file_path=/openbao/logs/openbao/openbao.log ui: enabled: true -- 2.45.2 From 6f3effeaf5cf54569ebd882820b23dbb6a41a1a2 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 14:49:09 +0200 Subject: [PATCH 032/106] # bao audit enable file file_path=stdout --- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index a470528..95143da 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -63,7 +63,7 @@ server: echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt bao login $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}') rm /tmp/init.txt - bao audit enable file file_path=stdout + # bao audit enable file file_path=stdout bao audit enable -path="file" file file_path=/openbao/logs/openbao/openbao.log ui: enabled: true -- 2.45.2 From 888d32c40317431319b18e413ce53d7d055cbe04 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 14:49:48 +0200 Subject: [PATCH 033/106] set -e mkdir -p /var/log/openbao chown 100:100 /var/log/openbao echo "logrotate:x:100:100::/home/logrotate:/bin/sh" >> /etc/passwd echo "logrotate:x:100:" >> /etc/group chown logrotate:logrotate /var/lib --- .../openbao-logging/create-logging-directory.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml index b46e3c0..ced2059 100644 --- a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml +++ b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml @@ -20,7 +20,10 @@ spec: - | set -e mkdir -p /var/log/openbao - chown 100:100 /var/log/openbao + chown 100:100 /var/log/openbao + echo "logrotate:x:100:100::/home/logrotate:/bin/sh" >> /etc/passwd + echo "logrotate:x:100:" >> /etc/group + chown logrotate:logrotate /var/lib securityContext: runAsUser: 0 volumeMounts: -- 2.45.2 From ba9452e03c9ed0fa7e1219f68b9519032084797a Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 14:55:39 +0200 Subject: [PATCH 034/106] chown 100:100 /var/lib --- .../openbao-logging/create-logging-directory.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml index ced2059..d46c6c5 100644 --- a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml +++ b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml @@ -23,7 +23,7 @@ spec: chown 100:100 /var/log/openbao echo "logrotate:x:100:100::/home/logrotate:/bin/sh" >> /etc/passwd echo "logrotate:x:100:" >> /etc/group - chown logrotate:logrotate /var/lib + chown 100:100 /var/lib securityContext: runAsUser: 0 volumeMounts: -- 2.45.2 From 8eae08aaa9990394181c465c2694f1aa24ed6ef3 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 15:04:11 +0200 Subject: [PATCH 035/106] securityContext: runAsUser: 0 --- .../openbao-logging/create-logging-directory.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml index d46c6c5..6f9c4d8 100644 --- a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml +++ b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml @@ -23,6 +23,7 @@ spec: chown 100:100 /var/log/openbao echo "logrotate:x:100:100::/home/logrotate:/bin/sh" >> /etc/passwd echo "logrotate:x:100:" >> /etc/group + mkdir -p /home/logrotate chown 100:100 /var/lib securityContext: runAsUser: 0 @@ -33,6 +34,8 @@ spec: - name: running-container image: busybox command: ["sleep", "infinity"] + securityContext: + runAsUser: 0 volumes: - name: host-log hostPath: -- 2.45.2 From 458414e779ce7e11dc5e8e18ee101d2a6cc02718 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 15:09:30 +0200 Subject: [PATCH 036/106] set -e mkdir -p /var/log/openbao chown 100:100 /var/log/openbao echo "logrotate:x:100:100::/home/logrotate:/bin/sh" >> /etc/passwd echo "logrotate:x:100:" >> /etc/group mkdir -p /home/logrotate # chown 100:100 /var/lib --- .../openbao-logging/create-logging-directory.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml index 6f9c4d8..c23d426 100644 --- a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml +++ b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml @@ -24,7 +24,7 @@ spec: echo "logrotate:x:100:100::/home/logrotate:/bin/sh" >> /etc/passwd echo "logrotate:x:100:" >> /etc/group mkdir -p /home/logrotate - chown 100:100 /var/lib + # chown 100:100 /var/lib securityContext: runAsUser: 0 volumeMounts: -- 2.45.2 From 56c5cc2620d8beb101e6ab31e29ff3e3fbb921ac Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 15:24:21 +0200 Subject: [PATCH 037/106] - name: alloy-data mountPath: /var/lib/ --- template/stacks/ref-implementation/openbao/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 95143da..ad44336 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -20,6 +20,8 @@ server: securityContext: runAsUser: 100 volumeMounts: + - name: alloy-data + mountPath: /var/lib/ - name: host-log-storage mountPath: /openbao/logs - name: logrotate-config-volume -- 2.45.2 From ce5bdf0226df08798113349f191f39f77572be54 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 15:35:06 +0200 Subject: [PATCH 038/106] runAsUser: 1 --- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index ad44336..0d6d7b6 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -18,7 +18,7 @@ server: image: skymatic/logrotate:latest # command: ["/bin/sh", "-c", "while true; do /usr/sbin/logrotate /etc/logrotate.conf; sleep 60; done"] securityContext: - runAsUser: 100 + runAsUser: 1 volumeMounts: - name: alloy-data mountPath: /var/lib/ -- 2.45.2 From f66f437cdfbe8954722baa260dec69cbf01c10b5 Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 15:48:42 +0200 Subject: [PATCH 039/106] runAsUser: 100 --- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 0d6d7b6..ad44336 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -18,7 +18,7 @@ server: image: skymatic/logrotate:latest # command: ["/bin/sh", "-c", "while true; do /usr/sbin/logrotate /etc/logrotate.conf; sleep 60; done"] securityContext: - runAsUser: 1 + runAsUser: 100 volumeMounts: - name: alloy-data mountPath: /var/lib/ -- 2.45.2 From 1164768b9fba717da555657daaed97d7e051022a Mon Sep 17 00:00:00 2001 From: miwr Date: Mon, 31 Mar 2025 15:53:54 +0200 Subject: [PATCH 040/106] runAsUser: 1 --- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index ad44336..0d6d7b6 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -18,7 +18,7 @@ server: image: skymatic/logrotate:latest # command: ["/bin/sh", "-c", "while true; do /usr/sbin/logrotate /etc/logrotate.conf; sleep 60; done"] securityContext: - runAsUser: 100 + runAsUser: 1 volumeMounts: - name: alloy-data mountPath: /var/lib/ -- 2.45.2 From 4f8eb0bc8b2731a715091f9d6c8ec5f2918792d6 Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 10:05:55 +0200 Subject: [PATCH 041/106] chmod o+rwx /var/log/openbao --- .../openbao-logging/create-logging-directory.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml index c23d426..51de6ff 100644 --- a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml +++ b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml @@ -21,6 +21,7 @@ spec: set -e mkdir -p /var/log/openbao chown 100:100 /var/log/openbao + chmod o+rwx /var/log/openbao echo "logrotate:x:100:100::/home/logrotate:/bin/sh" >> /etc/passwd echo "logrotate:x:100:" >> /etc/group mkdir -p /home/logrotate -- 2.45.2 From 06fb6d223f0482dcf9904632c45113fec0c1a5b2 Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 10:21:07 +0200 Subject: [PATCH 042/106] runAsUser: 100 --- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 0d6d7b6..ad44336 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -18,7 +18,7 @@ server: image: skymatic/logrotate:latest # command: ["/bin/sh", "-c", "while true; do /usr/sbin/logrotate /etc/logrotate.conf; sleep 60; done"] securityContext: - runAsUser: 1 + runAsUser: 100 volumeMounts: - name: alloy-data mountPath: /var/lib/ -- 2.45.2 From 6df0858cdf12dc506276bcaff9ece31390524741 Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 10:45:20 +0200 Subject: [PATCH 043/106] - name: init image: alpine:latest --- .../stacks/ref-implementation/openbao/values.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index ad44336..ff02f55 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -1,5 +1,17 @@ server: shareProcessNamespace: true + extraInitContainers: + - name: init + image: alpine:latest + securityContext: + runAsUser: 0 + volumeMounts: + - name: alloy-data + mountPath: /var/lib/alloy + - name: config-volume + mountPath: /etc/alloy + - name: host-log-storage + mountPath: /openbao/logs extraContainers: - name: grafana-alloy image: grafana/alloy:latest -- 2.45.2 From 77b571b768a3e5636a970a94c037c53da4b3f8e4 Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 10:50:59 +0200 Subject: [PATCH 044/106] chown 100:100 /etc/passwd --- .../openbao-logging/create-logging-directory.yaml | 1 + .../stacks/ref-implementation/openbao/values.yaml | 12 ------------ 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml index 51de6ff..e5d92c7 100644 --- a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml +++ b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml @@ -21,6 +21,7 @@ spec: set -e mkdir -p /var/log/openbao chown 100:100 /var/log/openbao + chown 100:100 /etc/passwd chmod o+rwx /var/log/openbao echo "logrotate:x:100:100::/home/logrotate:/bin/sh" >> /etc/passwd echo "logrotate:x:100:" >> /etc/group diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index ff02f55..ad44336 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -1,17 +1,5 @@ server: shareProcessNamespace: true - extraInitContainers: - - name: init - image: alpine:latest - securityContext: - runAsUser: 0 - volumeMounts: - - name: alloy-data - mountPath: /var/lib/alloy - - name: config-volume - mountPath: /etc/alloy - - name: host-log-storage - mountPath: /openbao/logs extraContainers: - name: grafana-alloy image: grafana/alloy:latest -- 2.45.2 From 12a4ed37f72a96642376f8022a32a6aae1c6de3a Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 10:51:43 +0200 Subject: [PATCH 045/106] /etc/group --- .../openbao-logging/create-logging-directory.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml index e5d92c7..710f060 100644 --- a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml +++ b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml @@ -22,6 +22,7 @@ spec: mkdir -p /var/log/openbao chown 100:100 /var/log/openbao chown 100:100 /etc/passwd + chown 100:100 /etc/group chmod o+rwx /var/log/openbao echo "logrotate:x:100:100::/home/logrotate:/bin/sh" >> /etc/passwd echo "logrotate:x:100:" >> /etc/group -- 2.45.2 From 2dc751b5e369f4886d8620d08b5e15e4b33fb14e Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 10:59:09 +0200 Subject: [PATCH 046/106] chmod o+rwx /etc/passwd chmod o+rwx /etc/group --- .../openbao-logging/create-logging-directory.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml index 710f060..8a3d478 100644 --- a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml +++ b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml @@ -21,8 +21,8 @@ spec: set -e mkdir -p /var/log/openbao chown 100:100 /var/log/openbao - chown 100:100 /etc/passwd - chown 100:100 /etc/group + chmod o+rwx /etc/passwd + chmod o+rwx /etc/group chmod o+rwx /var/log/openbao echo "logrotate:x:100:100::/home/logrotate:/bin/sh" >> /etc/passwd echo "logrotate:x:100:" >> /etc/group -- 2.45.2 From cda3fc817978b09b4e59874f01798dac1c1b24c5 Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 11:15:20 +0200 Subject: [PATCH 047/106] extraArgs: - chmod o+rwx /etc/passwd - chmod o+rwx /etc/group --- template/stacks/ref-implementation/openbao/values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index ad44336..95e7a5a 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -49,6 +49,10 @@ server: name: host-log-storage readOnly: false + extraArgs: + - chmod o+rwx /etc/passwd + - chmod o+rwx /etc/group + postStart: - sh - -c -- 2.45.2 From de3194062db60ac434ab4796ef05a6e34df4d990 Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 11:16:07 +0200 Subject: [PATCH 048/106] extraArgs: - | chmod o+rwx /etc/passwd chmod o+rwx /etc/group --- template/stacks/ref-implementation/openbao/values.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 95e7a5a..7442ad3 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -50,8 +50,9 @@ server: readOnly: false extraArgs: - - chmod o+rwx /etc/passwd - - chmod o+rwx /etc/group + - | + chmod o+rwx /etc/passwd + chmod o+rwx /etc/group postStart: - sh -- 2.45.2 From d3b60c036a0f5d263ad85cdc2b90293a4a23323c Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 11:20:56 +0200 Subject: [PATCH 049/106] extraArgs: "chmod o+rwx /etc/passwd" --- template/stacks/ref-implementation/openbao/values.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 7442ad3..f83bb6c 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -49,10 +49,7 @@ server: name: host-log-storage readOnly: false - extraArgs: - - | - chmod o+rwx /etc/passwd - chmod o+rwx /etc/group + extraArgs: "chmod o+rwx /etc/passwd" postStart: - sh -- 2.45.2 From ad761950047d793c301bb86fdfd9831862582252 Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 11:35:26 +0200 Subject: [PATCH 050/106] passwd-user-configmap --- .../openbao-logging/user-configmap.yaml | 9 +++++++++ template/stacks/ref-implementation/openbao/values.yaml | 6 ++++++ 2 files changed, 15 insertions(+) create mode 100644 template/stacks/ref-implementation/openbao-logging/user-configmap.yaml diff --git a/template/stacks/ref-implementation/openbao-logging/user-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/user-configmap.yaml new file mode 100644 index 0000000..be18240 --- /dev/null +++ b/template/stacks/ref-implementation/openbao-logging/user-configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: passwd-user-configmap +data: + passwd: | + root:x:0:0:root:/root:/bin/sh + openbao:x:100:1000::/home/openbao:/sbin/nologin + logrotate:x:100:100::/home/logrotate:/bin/sh \ No newline at end of file diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index f83bb6c..701a6d3 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -39,6 +39,9 @@ server: - name: logrotate-config-volume configMap: name: logrotate-config + - name: passwd-volume + configMap: + name: passwd-user-configmap - name: host-log-storage hostPath: path: /var/log @@ -48,6 +51,9 @@ server: - mountPath: /openbao/logs name: host-log-storage readOnly: false + - mountPath: /etc/passwd + name: passwd-volume + subPath: passwd extraArgs: "chmod o+rwx /etc/passwd" -- 2.45.2 From 37a9a73664814508873aceb0c33441d359b68a28 Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 11:44:19 +0200 Subject: [PATCH 051/106] - name: passwd-volume mountPath: /etc/passwd subPath: passwd --- template/stacks/ref-implementation/openbao/values.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 701a6d3..c1bc63d 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -28,6 +28,9 @@ server: mountPath: /etc/logrotate.conf subPath: logrotate.conf readOnly: true + - name: passwd-volume + mountPath: /etc/passwd + subPath: passwd volumes: - name: log-storage emptyDir: {} @@ -51,11 +54,6 @@ server: - mountPath: /openbao/logs name: host-log-storage readOnly: false - - mountPath: /etc/passwd - name: passwd-volume - subPath: passwd - - extraArgs: "chmod o+rwx /etc/passwd" postStart: - sh -- 2.45.2 From 7cc75f0095bb4a299b2a91cddfe35d1d7d4bbb33 Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 11:44:52 +0200 Subject: [PATCH 052/106] test --- .../ref-implementation/openbao-logging/user-configmap.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/user-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/user-configmap.yaml index be18240..d410b83 100644 --- a/template/stacks/ref-implementation/openbao-logging/user-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/user-configmap.yaml @@ -5,5 +5,4 @@ metadata: data: passwd: | root:x:0:0:root:/root:/bin/sh - openbao:x:100:1000::/home/openbao:/sbin/nologin - logrotate:x:100:100::/home/logrotate:/bin/sh \ No newline at end of file + openbao:x:100:1000::/home/openbao:/sbin/nologin \ No newline at end of file -- 2.45.2 From c9d72e9f90ebfbfdabe8fa9e463b0e6a6af9205d Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 11:57:46 +0200 Subject: [PATCH 053/106] should be done --- .../grant-priviledges-to-logrotate.yaml | 31 ------------------- .../openbao-logging/logrotate-configmap.yaml | 4 +-- ...figmap.yaml => passwd-user-configmap.yaml} | 0 .../sidecar-container-alloy-configmap.yaml | 25 --------------- .../ref-implementation/openbao/values.yaml | 25 +-------------- 5 files changed, 3 insertions(+), 82 deletions(-) delete mode 100644 template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml rename template/stacks/ref-implementation/openbao-logging/{user-configmap.yaml => passwd-user-configmap.yaml} (100%) delete mode 100644 template/stacks/ref-implementation/openbao-logging/sidecar-container-alloy-configmap.yaml diff --git a/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml b/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml deleted file mode 100644 index 31f85ae..0000000 --- a/template/stacks/ref-implementation/openbao-logging/grant-priviledges-to-logrotate.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: logrotate-priviledges - namespace: openbao -spec: - selector: - matchLabels: - app: logrotate-priviledges - template: - metadata: - labels: - app: logrotate-priviledges - spec: - initContainers: - - name: creator - image: alpine:latest - command: ["/bin/sh", "-c"] - args: - - | - set -e - echo "logrotate:x:100:100::/home/logrotate:/bin/sh" >> /etc/passwd - echo "logrotate:x:100:" >> /etc/group - chown logrotate:logrotate /var/lib - tail -f /dev/null - securityContext: - runAsUser: 0 - containers: - - name: running-container - image: busybox - command: ["sleep", "infinity"] \ No newline at end of file diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml index 7cab8de..69ee171 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml @@ -5,13 +5,13 @@ metadata: data: logrotate.conf: | /openbao/logs/openbao/*.log { - size 5k + size 100M rotate 7 compress + delaycompress missingok notifempty postrotate - mkdir pupa kill -SIGHUP $(pidof bao) endscript } \ No newline at end of file diff --git a/template/stacks/ref-implementation/openbao-logging/user-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/passwd-user-configmap.yaml similarity index 100% rename from template/stacks/ref-implementation/openbao-logging/user-configmap.yaml rename to template/stacks/ref-implementation/openbao-logging/passwd-user-configmap.yaml diff --git a/template/stacks/ref-implementation/openbao-logging/sidecar-container-alloy-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/sidecar-container-alloy-configmap.yaml deleted file mode 100644 index b0129a6..0000000 --- a/template/stacks/ref-implementation/openbao-logging/sidecar-container-alloy-configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: sidecar-container-alloy-config -data: - config.alloy: | - logging { - level = "info" - format = "logfmt" - } - loki.write "local_loki" { - endpoint { - url = "http://loki-loki-distributed-gateway.monitoring.svc.cluster.local/loki/api/v1/push" - } - } - - local.file_match "applogs" { - path_targets = [{"__path__" = "/openbao/logs/*"}] - sync_period = "5s" - } - - loki.source.file "openbao_logs" { - targets = local.file_match.applogs.targets - forward_to = [loki.write.local_loki.receiver] - } \ No newline at end of file diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index c1bc63d..474f26c 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -1,27 +1,11 @@ server: shareProcessNamespace: true extraContainers: - - name: grafana-alloy - image: grafana/alloy:latest - ports: - - containerPort: 12345 - securityContext: - runAsUser: 100 - volumeMounts: - - name: alloy-data - mountPath: /var/lib/alloy - - name: config-volume - mountPath: /etc/alloy - - name: host-log-storage - mountPath: /openbao/logs - name: logrotate - image: skymatic/logrotate:latest - # command: ["/bin/sh", "-c", "while true; do /usr/sbin/logrotate /etc/logrotate.conf; sleep 60; done"] + image: skymatic/logrotate:latest # MIT License securityContext: runAsUser: 100 volumeMounts: - - name: alloy-data - mountPath: /var/lib/ - name: host-log-storage mountPath: /openbao/logs - name: logrotate-config-volume @@ -32,13 +16,6 @@ server: mountPath: /etc/passwd subPath: passwd volumes: - - name: log-storage - emptyDir: {} - - name: alloy-data - emptyDir: {} - - name: config-volume - configMap: - name: sidecar-container-alloy-config - name: logrotate-config-volume configMap: name: logrotate-config -- 2.45.2 From fc6ee8bcae24b18ebe39a6781f185a9cc8dabdff Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 12:53:31 +0200 Subject: [PATCH 054/106] 1M --- .../openbao-logging/create-logging-directory.yaml | 9 +-------- .../openbao-logging/logrotate-configmap.yaml | 2 +- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml index 8a3d478..61f45ef 100644 --- a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml +++ b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml @@ -20,14 +20,7 @@ spec: - | set -e mkdir -p /var/log/openbao - chown 100:100 /var/log/openbao - chmod o+rwx /etc/passwd - chmod o+rwx /etc/group - chmod o+rwx /var/log/openbao - echo "logrotate:x:100:100::/home/logrotate:/bin/sh" >> /etc/passwd - echo "logrotate:x:100:" >> /etc/group - mkdir -p /home/logrotate - # chown 100:100 /var/lib + chown 100:100 /var/log/openbao securityContext: runAsUser: 0 volumeMounts: diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml index 69ee171..586c688 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml @@ -5,7 +5,7 @@ metadata: data: logrotate.conf: | /openbao/logs/openbao/*.log { - size 100M + size 1M rotate 7 compress delaycompress -- 2.45.2 From ee630c88b910458b40f78f623f903098bff10eea Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 13:18:44 +0200 Subject: [PATCH 055/106] env: - name: CRON_SCHEDULE value: "0 * * * *" - name: TINI_SUBREAPER value: --- template/stacks/ref-implementation/openbao/values.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 474f26c..be965b9 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -5,6 +5,11 @@ server: image: skymatic/logrotate:latest # MIT License securityContext: runAsUser: 100 + env: + - name: CRON_SCHEDULE + value: "0 * * * *" + - name: TINI_SUBREAPER + value: volumeMounts: - name: host-log-storage mountPath: /openbao/logs -- 2.45.2 From 7b8ea2de6b88e0caf3ca5be756a8e6409ead1254 Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 13:28:10 +0200 Subject: [PATCH 056/106] status --- template/stacks/ref-implementation/openbao/values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index be965b9..15d396d 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -17,6 +17,8 @@ server: mountPath: /etc/logrotate.conf subPath: logrotate.conf readOnly: true + - name: status + mountPath: /var/lib - name: passwd-volume mountPath: /etc/passwd subPath: passwd @@ -27,6 +29,8 @@ server: - name: passwd-volume configMap: name: passwd-user-configmap + - name: status + emptyDir: {} - name: host-log-storage hostPath: path: /var/log -- 2.45.2 From 29ec426778d500ed5903513845edd835d990782b Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 13:36:33 +0200 Subject: [PATCH 057/106] delaycompress rmoved --- .../ref-implementation/openbao-logging/logrotate-configmap.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml index 586c688..0892d64 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml @@ -8,7 +8,6 @@ data: size 1M rotate 7 compress - delaycompress missingok notifempty postrotate -- 2.45.2 From 5200aa748ce66d69931733d5b9dafe26af90677e Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 13:53:08 +0200 Subject: [PATCH 058/106] 5k --- .../ref-implementation/openbao-logging/logrotate-configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml index 0892d64..391afed 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml @@ -5,7 +5,7 @@ metadata: data: logrotate.conf: | /openbao/logs/openbao/*.log { - size 1M + size 5k rotate 7 compress missingok -- 2.45.2 From 71a45cc0b8808082b42fc8110c2a47782d849238 Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 14:04:13 +0200 Subject: [PATCH 059/106] value: "* * * * *" --- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 15d396d..4311e87 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -7,7 +7,7 @@ server: runAsUser: 100 env: - name: CRON_SCHEDULE - value: "0 * * * *" + value: "* * * * *" - name: TINI_SUBREAPER value: volumeMounts: -- 2.45.2 From 485e7720165bd0a7ed9fb3264242f63a735d0402 Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 14:11:35 +0200 Subject: [PATCH 060/106] # - name: status # mountPath: /var/lib --- template/stacks/ref-implementation/openbao/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 4311e87..9653e25 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -17,8 +17,8 @@ server: mountPath: /etc/logrotate.conf subPath: logrotate.conf readOnly: true - - name: status - mountPath: /var/lib + # - name: status + # mountPath: /var/lib - name: passwd-volume mountPath: /etc/passwd subPath: passwd -- 2.45.2 From b5a515c6f9ed165d69531419705405c8da063d88 Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 14:44:46 +0200 Subject: [PATCH 061/106] imroc/logrotate:latest --- .../stacks/ref-implementation/openbao/values.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 9653e25..1a8b164 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -22,6 +22,20 @@ server: - name: passwd-volume mountPath: /etc/passwd subPath: passwd + - name: logrotate + image: imroc/logrotate:latest + imagePullPolicy: IfNotPresent + env: + - name: LOGROTATE_FILE_PATTERN + value: "/openbao/logs/openbao/*.log" + - name: LOGROTATE_FILESIZE + value: "5k" + - name: LOGROTATE_FILENUM + value: "10" + - name: CRON_EXPR + value: "*/1 * * * *" + - name: CROND_LOGLEVEL + value: "7" volumes: - name: logrotate-config-volume configMap: -- 2.45.2 From 49fdf90dd8b7ec72b64d74b91413ebf1a646dcb4 Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 1 Apr 2025 14:49:40 +0200 Subject: [PATCH 062/106] - name: logrotate2 --- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 1a8b164..2b0c7aa 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -22,7 +22,7 @@ server: - name: passwd-volume mountPath: /etc/passwd subPath: passwd - - name: logrotate + - name: logrotate2 image: imroc/logrotate:latest imagePullPolicy: IfNotPresent env: -- 2.45.2 From a2d2bd9b87d16a32404ab59f5aacc00aa7beb257 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 2 Apr 2025 08:59:29 +0200 Subject: [PATCH 063/106] volumeMounts: - name: host-log-storage mountPath: /openbao/logs --- template/stacks/ref-implementation/openbao/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 2b0c7aa..71c2593 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -36,6 +36,9 @@ server: value: "*/1 * * * *" - name: CROND_LOGLEVEL value: "7" + volumeMounts: + - name: host-log-storage + mountPath: /openbao/logs volumes: - name: logrotate-config-volume configMap: -- 2.45.2 From 48fb2c1481d4cd430386df3404371050be906b48 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 2 Apr 2025 09:53:08 +0200 Subject: [PATCH 064/106] size 1M --- .../ref-implementation/openbao-logging/logrotate-configmap.yaml | 2 +- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml index 391afed..0892d64 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml @@ -5,7 +5,7 @@ metadata: data: logrotate.conf: | /openbao/logs/openbao/*.log { - size 5k + size 1M rotate 7 compress missingok diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 71c2593..67f6ec6 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -29,7 +29,7 @@ server: - name: LOGROTATE_FILE_PATTERN value: "/openbao/logs/openbao/*.log" - name: LOGROTATE_FILESIZE - value: "5k" + value: "1M" - name: LOGROTATE_FILENUM value: "10" - name: CRON_EXPR -- 2.45.2 From ca9fd7ba39a1a16b8d2da7486dc9aac294f44477 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 2 Apr 2025 10:08:07 +0200 Subject: [PATCH 065/106] - name: status mountPath: /var/lib --- template/stacks/ref-implementation/openbao/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 67f6ec6..1df2fbb 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -17,8 +17,8 @@ server: mountPath: /etc/logrotate.conf subPath: logrotate.conf readOnly: true - # - name: status - # mountPath: /var/lib + - name: status + mountPath: /var/lib - name: passwd-volume mountPath: /etc/passwd subPath: passwd -- 2.45.2 From 5db72e2dc0e457897b0cfe1d325dc36255375b39 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 2 Apr 2025 10:43:10 +0200 Subject: [PATCH 066/106] cronjob --- .../openbao-logging/logrotate-cronjob.yaml | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml new file mode 100644 index 0000000..12ff152 --- /dev/null +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml @@ -0,0 +1,43 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: example-cronjob + namespace: openbao +spec: + schedule: "*/2 * * * *" + jobTemplate: + spec: + template: + spec: + containers: + - name: logrotate + image: skymatic/logrotate:latest + securityContext: + runAsUser: 100 + command: ["/bin/sh", "-c", "logrotate /etc/logrotate.conf"] + volumeMounts: + - name: host-log-storage + mountPath: /openbao/logs + - name: logrotate-config-volume + mountPath: /etc/logrotate.conf + subPath: logrotate.conf + readOnly: true + - name: passwd-volume + mountPath: /etc/passwd + subPath: passwd + - name: status + mountPath: /var/lib + restartPolicy: OnFailure + volumes: + - name: host-log-storage + hostPath: + path: /var/log + type: Directory + - name: logrotate-config-volume + configMap: + name: logrotate-config + - name: passwd-volume + configMap: + name: passwd-user-configmap + - name: status + emptyDir: {} \ No newline at end of file -- 2.45.2 From 1a85de6cda6a118f2a3cab1cc29d549656d7b02e Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 2 Apr 2025 11:03:54 +0200 Subject: [PATCH 067/106] 5k --- .../ref-implementation/openbao-logging/logrotate-configmap.yaml | 2 +- .../ref-implementation/openbao-logging/logrotate-cronjob.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml index 0892d64..391afed 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml @@ -5,7 +5,7 @@ metadata: data: logrotate.conf: | /openbao/logs/openbao/*.log { - size 1M + size 5k rotate 7 compress missingok diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml index 12ff152..7fed4c3 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml @@ -14,7 +14,7 @@ spec: image: skymatic/logrotate:latest securityContext: runAsUser: 100 - command: ["/bin/sh", "-c", "logrotate /etc/logrotate.conf"] + command: ["/bin/sh", "-c", "logrotate /etc/logrotate.conf && sleep 1000000"] volumeMounts: - name: host-log-storage mountPath: /openbao/logs -- 2.45.2 From c754dc80bc019de119a7bb37fad920a2c300aa80 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 2 Apr 2025 13:32:15 +0200 Subject: [PATCH 068/106] signal-sidecar-script --- .../sidecar-script-configmap.yaml | 15 +++++++++ .../ref-implementation/openbao/values.yaml | 32 +++++++++---------- 2 files changed, 31 insertions(+), 16 deletions(-) create mode 100644 template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml diff --git a/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml new file mode 100644 index 0000000..b7cfd87 --- /dev/null +++ b/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: signal-sidecar-script + namespace: openbao +data: + sidecar.sh: | + #!/bin/sh + echo "Starting sidecar listener on port 8080..." + while true; do + # Listen for an HTTP request (basic netcat-based server) + echo -e "HTTP/1.1 200 OK\n\nSIGHUP sent to OpenBAO" | nc -l -p 8080 -q 1 + # Send SIGHUP signal + kill -SIGHUP $(pidof bao) || echo "OpenBAO process not found" + done diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 1df2fbb..5092396 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -23,22 +23,18 @@ server: mountPath: /etc/passwd subPath: passwd - name: logrotate2 - image: imroc/logrotate:latest - imagePullPolicy: IfNotPresent - env: - - name: LOGROTATE_FILE_PATTERN - value: "/openbao/logs/openbao/*.log" - - name: LOGROTATE_FILESIZE - value: "1M" - - name: LOGROTATE_FILENUM - value: "10" - - name: CRON_EXPR - value: "*/1 * * * *" - - name: CROND_LOGLEVEL - value: "7" + image: apline:latest + command: ["/bin/sh", "-c", "chmod +x /app/sidecar.sh && /app/sidecar.sh"] + securityContext: + runAsUser: 100 + ports: + - containerPort: 8080 volumeMounts: - - name: host-log-storage - mountPath: /openbao/logs + - name: passwd-volume + mountPath: /etc/passwd + subPath: passwd + - name: sidecar-script + mountPath: /app volumes: - name: logrotate-config-volume configMap: @@ -51,7 +47,11 @@ server: - name: host-log-storage hostPath: path: /var/log - type: Directory + type: Directory + - name: sidecar-script + configMap: + name: signal-sidecar-script + defaultMode: 0755 volumeMounts: - mountPath: /openbao/logs -- 2.45.2 From 795d575d5e999bdcc513a4fa533e7a03ba06bf51 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 2 Apr 2025 13:38:34 +0200 Subject: [PATCH 069/106] kill -SIGHUP $(pidof bao) || echo "OpenBAO process not found" mkdir pupa --- .../openbao-logging/sidecar-script-configmap.yaml | 1 + template/stacks/ref-implementation/openbao/values.yaml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml index b7cfd87..50119d8 100644 --- a/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml @@ -12,4 +12,5 @@ data: echo -e "HTTP/1.1 200 OK\n\nSIGHUP sent to OpenBAO" | nc -l -p 8080 -q 1 # Send SIGHUP signal kill -SIGHUP $(pidof bao) || echo "OpenBAO process not found" + mkdir pupa done diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 5092396..74b4f58 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -23,7 +23,7 @@ server: mountPath: /etc/passwd subPath: passwd - name: logrotate2 - image: apline:latest + image: alpine:latest command: ["/bin/sh", "-c", "chmod +x /app/sidecar.sh && /app/sidecar.sh"] securityContext: runAsUser: 100 -- 2.45.2 From cfb473659d5513aae76827ade985c0505daaa410 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 2 Apr 2025 13:46:04 +0200 Subject: [PATCH 070/106] command: ["/bin/sh", "-c", "sleep 1000000000000000000000"] --- .../openbao-logging/sidecar-script-service.yaml | 12 ++++++++++++ .../stacks/ref-implementation/openbao/values.yaml | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 template/stacks/ref-implementation/openbao-logging/sidecar-script-service.yaml diff --git a/template/stacks/ref-implementation/openbao-logging/sidecar-script-service.yaml b/template/stacks/ref-implementation/openbao-logging/sidecar-script-service.yaml new file mode 100644 index 0000000..3c5462c --- /dev/null +++ b/template/stacks/ref-implementation/openbao-logging/sidecar-script-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: sidecar-script-service + namespace: openbao +spec: + selector: + app: logrotate2 + ports: + - protocol: TCP + port: 8080 + targetPort: 8080 diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 74b4f58..81a48ab 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -24,7 +24,7 @@ server: subPath: passwd - name: logrotate2 image: alpine:latest - command: ["/bin/sh", "-c", "chmod +x /app/sidecar.sh && /app/sidecar.sh"] + command: ["/bin/sh", "-c", "sleep 1000000000000000000000"] securityContext: runAsUser: 100 ports: -- 2.45.2 From 0f229f7adb1737aaf78d720b4dc886a1cbf93a76 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 2 Apr 2025 13:51:28 +0200 Subject: [PATCH 071/106] sleep infinity --- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 81a48ab..b0b69b9 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -24,7 +24,7 @@ server: subPath: passwd - name: logrotate2 image: alpine:latest - command: ["/bin/sh", "-c", "sleep 1000000000000000000000"] + command: ["/bin/sh", "-c", "sleep infinity"] securityContext: runAsUser: 100 ports: -- 2.45.2 From 4553289695cd0fbd8753c7c513a27acccb261fa5 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 2 Apr 2025 13:59:01 +0200 Subject: [PATCH 072/106] tmp --- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index b0b69b9..0afc278 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -34,7 +34,7 @@ server: mountPath: /etc/passwd subPath: passwd - name: sidecar-script - mountPath: /app + mountPath: /tmp volumes: - name: logrotate-config-volume configMap: -- 2.45.2 From 8b6b29cb9f15c53371ec36d0392811e7ab3cff29 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 2 Apr 2025 14:21:28 +0200 Subject: [PATCH 073/106] sleep infinity --- .../openbao-logging/logrotate-cronjob.yaml | 2 +- .../openbao-logging/sidecar-script-configmap.yaml | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml index 7fed4c3..67b1bd9 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml @@ -14,7 +14,7 @@ spec: image: skymatic/logrotate:latest securityContext: runAsUser: 100 - command: ["/bin/sh", "-c", "logrotate /etc/logrotate.conf && sleep 1000000"] + command: ["/bin/sh", "-c", "logrotate /etc/logrotate.conf && sleep infinity"] volumeMounts: - name: host-log-storage mountPath: /openbao/logs diff --git a/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml index 50119d8..13cd909 100644 --- a/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml @@ -8,9 +8,7 @@ data: #!/bin/sh echo "Starting sidecar listener on port 8080..." while true; do - # Listen for an HTTP request (basic netcat-based server) - echo -e "HTTP/1.1 200 OK\n\nSIGHUP sent to OpenBAO" | nc -l -p 8080 -q 1 - # Send SIGHUP signal + echo -e "HTTP/1.1 200 OK\n\nSIGHUP sent to OpenBAO" | nc -l -p 8080 kill -SIGHUP $(pidof bao) || echo "OpenBAO process not found" - mkdir pupa + mkdir /tmp/pupa done -- 2.45.2 From 853ce17354d0f52d690cdcf983b20d02bd8587aa Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 2 Apr 2025 14:39:56 +0200 Subject: [PATCH 074/106] app: openbao-0 --- .../openbao-logging/sidecar-script-service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao-logging/sidecar-script-service.yaml b/template/stacks/ref-implementation/openbao-logging/sidecar-script-service.yaml index 3c5462c..cb44183 100644 --- a/template/stacks/ref-implementation/openbao-logging/sidecar-script-service.yaml +++ b/template/stacks/ref-implementation/openbao-logging/sidecar-script-service.yaml @@ -5,7 +5,7 @@ metadata: namespace: openbao spec: selector: - app: logrotate2 + app: openbao-0 ports: - protocol: TCP port: 8080 -- 2.45.2 From a11947c5e7cac263902dc73fae9c43a9ed4445e0 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 2 Apr 2025 14:40:13 +0200 Subject: [PATCH 075/106] kill -SIGHUP $(pidof bao) || echo "OpenBAO process not found" --- .../openbao-logging/sidecar-script-configmap.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml index 13cd909..15056d0 100644 --- a/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml @@ -10,5 +10,4 @@ data: while true; do echo -e "HTTP/1.1 200 OK\n\nSIGHUP sent to OpenBAO" | nc -l -p 8080 kill -SIGHUP $(pidof bao) || echo "OpenBAO process not found" - mkdir /tmp/pupa done -- 2.45.2 From 949cf77c4e17e01a014cd7667e986a6641746b02 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 2 Apr 2025 14:53:08 +0200 Subject: [PATCH 076/106] sighup --- .../openbao-logging/sidecar-script-configmap.yaml | 2 +- template/stacks/ref-implementation/openbao/values.yaml | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml index 15056d0..92ac4f6 100644 --- a/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml @@ -9,5 +9,5 @@ data: echo "Starting sidecar listener on port 8080..." while true; do echo -e "HTTP/1.1 200 OK\n\nSIGHUP sent to OpenBAO" | nc -l -p 8080 - kill -SIGHUP $(pidof bao) || echo "OpenBAO process not found" + kill $(pidof bao) || echo "OpenBAO process not found" done diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 0afc278..c96317c 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -24,7 +24,7 @@ server: subPath: passwd - name: logrotate2 image: alpine:latest - command: ["/bin/sh", "-c", "sleep infinity"] + command: ["/bin/sh", "-c", "/tmp/sidecar.sh"] securityContext: runAsUser: 100 ports: @@ -74,7 +74,6 @@ server: echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt bao login $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}') rm /tmp/init.txt - # bao audit enable file file_path=stdout bao audit enable -path="file" file file_path=/openbao/logs/openbao/openbao.log ui: enabled: true -- 2.45.2 From 6811280b92c4bcfabe5484a213c40f4fdd702ee6 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 2 Apr 2025 15:20:11 +0200 Subject: [PATCH 077/106] - name: sidecar-nginx image: nginx:latest ports: - containerPort: 8080 volumeMounts: - name: idecar-script mountPath: /etc/nginx subPath: nginx.conf subPathExpr: 'nginx.conf' - name: idecar-script mountPath: /tmp/sidecar.sh subPath: sidecar.sh mode: 0755 - name: passwd-volume mountPath: /etc/passwd subPath: passwd --- .../openbao-logging/logrotate-configmap.yaml | 2 +- .../sidecar-script-configmap.yaml | 24 ++++++++++++++----- .../ref-implementation/openbao/values.yaml | 18 +++++++++++++- 3 files changed, 36 insertions(+), 8 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml index 391afed..47c98ae 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml @@ -11,6 +11,6 @@ data: missingok notifempty postrotate - kill -SIGHUP $(pidof bao) + echo -e "POST / HTTP/1.1\r\nHost: sidecar-script-service.openbao.svc.cluster.local:8080\r\nContent-Length: 0\r\n\r\n" | nc sidecar-script-service.openbao.svc.cluster.local 8080 endscript } \ No newline at end of file diff --git a/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml index 92ac4f6..811add3 100644 --- a/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml @@ -5,9 +5,21 @@ metadata: namespace: openbao data: sidecar.sh: | - #!/bin/sh - echo "Starting sidecar listener on port 8080..." - while true; do - echo -e "HTTP/1.1 200 OK\n\nSIGHUP sent to OpenBAO" | nc -l -p 8080 - kill $(pidof bao) || echo "OpenBAO process not found" - done + #!/bin/bash + echo "Sending SIGHUP to OpenBAO..." + kill -SIGHUP $(pidof bao) || echo "OpenBAO process not found" + + nginx.conf: | + events {} + + http { + server { + listen 8080; + + location / { + exec /tmp/sidecar.sh; + default_type text/plain; + return 200 "SIGHUP sent to OpenBAO\n"; + } + } + } \ No newline at end of file diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index c96317c..b4ada12 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -28,13 +28,29 @@ server: securityContext: runAsUser: 100 ports: - - containerPort: 8080 + - containerPort: 8081 volumeMounts: - name: passwd-volume mountPath: /etc/passwd subPath: passwd - name: sidecar-script mountPath: /tmp + - name: sidecar-nginx + image: nginx:latest + ports: + - containerPort: 8080 + volumeMounts: + - name: idecar-script + mountPath: /etc/nginx + subPath: nginx.conf + subPathExpr: 'nginx.conf' + - name: idecar-script + mountPath: /tmp/sidecar.sh + subPath: sidecar.sh + mode: 0755 + - name: passwd-volume + mountPath: /etc/passwd + subPath: passwd volumes: - name: logrotate-config-volume configMap: -- 2.45.2 From dd9ddc8fdb88203bc7dc0186f6fc2a30cc171751 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 2 Apr 2025 15:26:04 +0200 Subject: [PATCH 078/106] sidecar-script --- template/stacks/ref-implementation/openbao/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index b4ada12..16154c8 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -40,11 +40,11 @@ server: ports: - containerPort: 8080 volumeMounts: - - name: idecar-script + - name: sidecar-script mountPath: /etc/nginx subPath: nginx.conf subPathExpr: 'nginx.conf' - - name: idecar-script + - name: sidecar-script mountPath: /tmp/sidecar.sh subPath: sidecar.sh mode: 0755 -- 2.45.2 From 529182ee3d4e5c9e47309cd24b9005eb8952a9a8 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 2 Apr 2025 15:31:38 +0200 Subject: [PATCH 079/106] logrotate-cronjob --- .../openbao-logging/logrotate-cronjob.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml index 67b1bd9..9b51ba1 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml @@ -1,9 +1,8 @@ apiVersion: batch/v1 kind: CronJob metadata: - name: example-cronjob - namespace: openbao -spec: + name: logrotate-cronjob + spec: schedule: "*/2 * * * *" jobTemplate: spec: -- 2.45.2 From a9ae743de992ebb61cd8e0114f9376564b6e6013 Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 22 Apr 2025 14:13:15 +0200 Subject: [PATCH 080/106] subpath --- template/stacks/ref-implementation/openbao/values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 16154c8..34f275b 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -43,7 +43,6 @@ server: - name: sidecar-script mountPath: /etc/nginx subPath: nginx.conf - subPathExpr: 'nginx.conf' - name: sidecar-script mountPath: /tmp/sidecar.sh subPath: sidecar.sh -- 2.45.2 From 350e3a804cfce89b05291033443ab41163dcd75c Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 22 Apr 2025 14:25:44 +0200 Subject: [PATCH 081/106] nginx.conf --- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 34f275b..3479417 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -41,7 +41,7 @@ server: - containerPort: 8080 volumeMounts: - name: sidecar-script - mountPath: /etc/nginx + mountPath: /etc/nginx/nginx.conf subPath: nginx.conf - name: sidecar-script mountPath: /tmp/sidecar.sh -- 2.45.2 From 87ce37972d55a89e6a8a78cacdc58c3ded60251e Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 22 Apr 2025 14:42:37 +0200 Subject: [PATCH 082/106] new service --- .../sidecar-script-configmap.yaml | 24 +++++++------------ .../ref-implementation/openbao/values.yaml | 14 +++++++---- 2 files changed, 18 insertions(+), 20 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml index 811add3..639b8d8 100644 --- a/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml @@ -5,21 +5,15 @@ metadata: namespace: openbao data: sidecar.sh: | - #!/bin/bash + #!/bin/sh echo "Sending SIGHUP to OpenBAO..." kill -SIGHUP $(pidof bao) || echo "OpenBAO process not found" - nginx.conf: | - events {} - - http { - server { - listen 8080; - - location / { - exec /tmp/sidecar.sh; - default_type text/plain; - return 200 "SIGHUP sent to OpenBAO\n"; - } - } - } \ No newline at end of file + start.sh: | + #!/bin/sh + echo "Starting mini HTTP server on port 8080..." + while true; do + # Wait for HTTP POST and respond + { echo -ne "HTTP/1.1 200 OK\r\nContent-Length: 26\r\n\r\nSIGHUP sent to OpenBAO"; \ + /tmp/sidecar.sh; } | nc -l -p 8080 -q 1 + done \ No newline at end of file diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 3479417..e6d8a38 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -35,14 +35,18 @@ server: subPath: passwd - name: sidecar-script mountPath: /tmp - - name: sidecar-nginx - image: nginx:latest + - name: sidecar + image: alpine:latest + command: ["/bin/sh", "/tmp/start.sh"] ports: - - containerPort: 8080 + - containerPort: 8080 volumeMounts: - name: sidecar-script - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf + mountPath: /tmp/sidecar.sh + subPath: sidecar.sh + - name: sidecar-script + mountPath: /tmp/start.sh + subPath: start.sh - name: sidecar-script mountPath: /tmp/sidecar.sh subPath: sidecar.sh -- 2.45.2 From d17861bc87b2470c1143495b2ab4b9dec7653987 Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 22 Apr 2025 14:46:41 +0200 Subject: [PATCH 083/106] another try --- .../ref-implementation/openbao/values.yaml | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index e6d8a38..4157ffa 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -22,19 +22,19 @@ server: - name: passwd-volume mountPath: /etc/passwd subPath: passwd - - name: logrotate2 - image: alpine:latest - command: ["/bin/sh", "-c", "/tmp/sidecar.sh"] - securityContext: - runAsUser: 100 - ports: - - containerPort: 8081 - volumeMounts: - - name: passwd-volume - mountPath: /etc/passwd - subPath: passwd - - name: sidecar-script - mountPath: /tmp + # - name: logrotate2 + # image: alpine:latest + # command: ["/bin/sh", "-c", "/tmp/sidecar.sh"] + # securityContext: + # runAsUser: 100 + # ports: + # - containerPort: 8081 + # volumeMounts: + # - name: passwd-volume + # mountPath: /etc/passwd + # subPath: passwd + # - name: sidecar-script + # mountPath: /tmp - name: sidecar image: alpine:latest command: ["/bin/sh", "/tmp/start.sh"] -- 2.45.2 From 1268e3ea2479ebb296b7447e70315b752246878e Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 22 Apr 2025 14:50:50 +0200 Subject: [PATCH 084/106] unique --- template/stacks/ref-implementation/openbao/values.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 4157ffa..cc6fd3d 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -41,9 +41,6 @@ server: ports: - containerPort: 8080 volumeMounts: - - name: sidecar-script - mountPath: /tmp/sidecar.sh - subPath: sidecar.sh - name: sidecar-script mountPath: /tmp/start.sh subPath: start.sh -- 2.45.2 From 40d1d025a6c520081040659cbb5fed8318416969 Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 22 Apr 2025 15:13:56 +0200 Subject: [PATCH 085/106] new script --- .../sidecar-script-configmap.yaml | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml index 639b8d8..0103127 100644 --- a/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml @@ -11,9 +11,20 @@ data: start.sh: | #!/bin/sh + echo "Starting mini HTTP server on port 8080..." + while true; do - # Wait for HTTP POST and respond - { echo -ne "HTTP/1.1 200 OK\r\nContent-Length: 26\r\n\r\nSIGHUP sent to OpenBAO"; \ - /tmp/sidecar.sh; } | nc -l -p 8080 -q 1 + echo "Waiting for HTTP POST..." + REQUEST=$(nc -l -p 8080) + + echo "$REQUEST" | grep -q "POST /" && { + echo "Received POST request, sending SIGHUP..." + /tmp/sidecar.sh + RESPONSE="HTTP/1.1 200 OK\r\nContent-Length: 26\r\n\r\nSIGHUP sent to OpenBAO" + } || { + RESPONSE="HTTP/1.1 405 Method Not Allowed\r\nContent-Length: 18\r\n\r\nMethod Not Allowed" + } + + echo -e "$RESPONSE" | nc -N localhost 8081 done \ No newline at end of file -- 2.45.2 From 3f6ec41ece250a1fcef0eb3c80f8d16f88465f83 Mon Sep 17 00:00:00 2001 From: miwr Date: Tue, 22 Apr 2025 15:52:16 +0200 Subject: [PATCH 086/106] service corrected --- .../openbao-logging/sidecar-script-service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao-logging/sidecar-script-service.yaml b/template/stacks/ref-implementation/openbao-logging/sidecar-script-service.yaml index cb44183..fcc0291 100644 --- a/template/stacks/ref-implementation/openbao-logging/sidecar-script-service.yaml +++ b/template/stacks/ref-implementation/openbao-logging/sidecar-script-service.yaml @@ -5,7 +5,7 @@ metadata: namespace: openbao spec: selector: - app: openbao-0 + app: openbao ports: - protocol: TCP port: 8080 -- 2.45.2 From d45c89c0b82eec6cfa7ae14c04a6c34acba8e441 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 10:32:16 +0200 Subject: [PATCH 087/106] 3030 --- .../openbao-logging/sidecar-script-configmap.yaml | 6 +++--- .../openbao-logging/sidecar-script-service.yaml | 7 ++++--- template/stacks/ref-implementation/openbao/values.yaml | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml index 0103127..c215cd4 100644 --- a/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/sidecar-script-configmap.yaml @@ -12,11 +12,11 @@ data: start.sh: | #!/bin/sh - echo "Starting mini HTTP server on port 8080..." + echo "Starting mini HTTP server on port 3030..." while true; do echo "Waiting for HTTP POST..." - REQUEST=$(nc -l -p 8080) + REQUEST=$(nc -l -p 3030) echo "$REQUEST" | grep -q "POST /" && { echo "Received POST request, sending SIGHUP..." @@ -26,5 +26,5 @@ data: RESPONSE="HTTP/1.1 405 Method Not Allowed\r\nContent-Length: 18\r\n\r\nMethod Not Allowed" } - echo -e "$RESPONSE" | nc -N localhost 8081 + echo -e "$RESPONSE" | nc -N localhost 3031 done \ No newline at end of file diff --git a/template/stacks/ref-implementation/openbao-logging/sidecar-script-service.yaml b/template/stacks/ref-implementation/openbao-logging/sidecar-script-service.yaml index fcc0291..817ed6c 100644 --- a/template/stacks/ref-implementation/openbao-logging/sidecar-script-service.yaml +++ b/template/stacks/ref-implementation/openbao-logging/sidecar-script-service.yaml @@ -5,8 +5,9 @@ metadata: namespace: openbao spec: selector: - app: openbao + app.kubernetes.io/instance: openbao + component: server ports: - protocol: TCP - port: 8080 - targetPort: 8080 + port: 3030 + targetPort: 3030 diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index cc6fd3d..f370ab5 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -39,7 +39,7 @@ server: image: alpine:latest command: ["/bin/sh", "/tmp/start.sh"] ports: - - containerPort: 8080 + - containerPort: 3030 volumeMounts: - name: sidecar-script mountPath: /tmp/start.sh -- 2.45.2 From e1da09b2cc7c1f124feaa83d38f313e602b9d016 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 10:51:42 +0200 Subject: [PATCH 088/106] push --- .../openbao-alloy-configmap.yaml | 58 +++++++++---------- .../openbao-logging/logrotate-configmap.yaml | 2 +- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-alloy-configmap.yaml b/template/stacks/ref-implementation/openbao-alloy-configmap.yaml index d6f9bc6..5020633 100644 --- a/template/stacks/ref-implementation/openbao-alloy-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-alloy-configmap.yaml @@ -1,29 +1,29 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: openbao-logging-setup - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: default - source: - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder - targetRevision: HEAD - path: "stacks/ref-implementation/openbao-logging" - destination: - server: "https://kubernetes.default.svc" - namespace: openbao - syncPolicy: - syncOptions: - - CreateNamespace=true - automated: - selfHeal: true - retry: - limit: -1 - backoff: - duration: 15s - factor: 1 - maxDuration: 15s +# apiVersion: argoproj.io/v1alpha1 +# kind: Application +# metadata: +# name: openbao-logging-setup +# namespace: argocd +# labels: +# env: dev +# finalizers: +# - resources-finalizer.argocd.argoproj.io +# spec: +# project: default +# source: +# repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder +# targetRevision: HEAD +# path: "stacks/ref-implementation/openbao-logging" +# destination: +# server: "https://kubernetes.default.svc" +# namespace: openbao +# syncPolicy: +# syncOptions: +# - CreateNamespace=true +# automated: +# selfHeal: true +# retry: +# limit: -1 +# backoff: +# duration: 15s +# factor: 1 +# maxDuration: 15s diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml index 47c98ae..bd5c85f 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml @@ -11,6 +11,6 @@ data: missingok notifempty postrotate - echo -e "POST / HTTP/1.1\r\nHost: sidecar-script-service.openbao.svc.cluster.local:8080\r\nContent-Length: 0\r\n\r\n" | nc sidecar-script-service.openbao.svc.cluster.local 8080 + echo -e "POST / HTTP/1.1\r\nHost: sidecar-script-service.openbao.svc.cluster.local:3030\r\nContent-Length: 0\r\n\r\n" | nc sidecar-script-service.openbao.svc.cluster.local 3030 endscript } \ No newline at end of file -- 2.45.2 From 700c242cddb3f3a299115a9f84ce553dd044ac53 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 11:24:03 +0200 Subject: [PATCH 089/106] final touches --- .../openbao-alloy-configmap.yaml | 29 ------------------- ...ogging-setup.yaml => openbao-logging.yaml} | 0 .../openbao-logging/logrotate-configmap.yaml | 2 +- .../openbao-logging/logrotate-cronjob.yaml | 9 +++--- 4 files changed, 6 insertions(+), 34 deletions(-) delete mode 100644 template/stacks/ref-implementation/openbao-alloy-configmap.yaml rename template/stacks/ref-implementation/{open-bao-logging-setup.yaml => openbao-logging.yaml} (100%) diff --git a/template/stacks/ref-implementation/openbao-alloy-configmap.yaml b/template/stacks/ref-implementation/openbao-alloy-configmap.yaml deleted file mode 100644 index 5020633..0000000 --- a/template/stacks/ref-implementation/openbao-alloy-configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# apiVersion: argoproj.io/v1alpha1 -# kind: Application -# metadata: -# name: openbao-logging-setup -# namespace: argocd -# labels: -# env: dev -# finalizers: -# - resources-finalizer.argocd.argoproj.io -# spec: -# project: default -# source: -# repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder -# targetRevision: HEAD -# path: "stacks/ref-implementation/openbao-logging" -# destination: -# server: "https://kubernetes.default.svc" -# namespace: openbao -# syncPolicy: -# syncOptions: -# - CreateNamespace=true -# automated: -# selfHeal: true -# retry: -# limit: -1 -# backoff: -# duration: 15s -# factor: 1 -# maxDuration: 15s diff --git a/template/stacks/ref-implementation/open-bao-logging-setup.yaml b/template/stacks/ref-implementation/openbao-logging.yaml similarity index 100% rename from template/stacks/ref-implementation/open-bao-logging-setup.yaml rename to template/stacks/ref-implementation/openbao-logging.yaml diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml index bd5c85f..e31d9df 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml @@ -5,7 +5,7 @@ metadata: data: logrotate.conf: | /openbao/logs/openbao/*.log { - size 5k + size 10M rotate 7 compress missingok diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml index 9b51ba1..48a4ac8 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml @@ -2,8 +2,9 @@ apiVersion: batch/v1 kind: CronJob metadata: name: logrotate-cronjob - spec: - schedule: "*/2 * * * *" + namespace: openbao +spec: + schedule: "*/10 * * * *" jobTemplate: spec: template: @@ -12,8 +13,8 @@ metadata: - name: logrotate image: skymatic/logrotate:latest securityContext: - runAsUser: 100 - command: ["/bin/sh", "-c", "logrotate /etc/logrotate.conf && sleep infinity"] + runAsUser: 100 + command: ["/bin/sh", "-c", && sleep infinity"] volumeMounts: - name: host-log-storage mountPath: /openbao/logs -- 2.45.2 From 84d4f0af07f3e97b46850c0fe0fccd1517d08851 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 11:26:02 +0200 Subject: [PATCH 090/106] don't sleep --- .../ref-implementation/openbao-logging/logrotate-cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml index 48a4ac8..8f79452 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml @@ -14,7 +14,7 @@ spec: image: skymatic/logrotate:latest securityContext: runAsUser: 100 - command: ["/bin/sh", "-c", && sleep infinity"] + command: ["/bin/sh", "-c"] volumeMounts: - name: host-log-storage mountPath: /openbao/logs -- 2.45.2 From 4d20aeeaac01a8e937f9ea0f1e3e4bffb943ecdb Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 11:34:01 +0200 Subject: [PATCH 091/106] 5 minutes --- .../ref-implementation/openbao-logging/logrotate-cronjob.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml index 8f79452..65b9d9f 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml @@ -4,7 +4,7 @@ metadata: name: logrotate-cronjob namespace: openbao spec: - schedule: "*/10 * * * *" + schedule: "*/5 * * * *" jobTemplate: spec: template: @@ -14,7 +14,7 @@ spec: image: skymatic/logrotate:latest securityContext: runAsUser: 100 - command: ["/bin/sh", "-c"] + # command: ["/bin/sh", "-c", && sleep infinity"] volumeMounts: - name: host-log-storage mountPath: /openbao/logs -- 2.45.2 From 135844644dfa4c2971da27261d32e51c3f761be5 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 11:45:10 +0200 Subject: [PATCH 092/106] command: ["/bin/sh", "-c", "sleep 10"] --- .../ref-implementation/openbao-logging/logrotate-cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml index 65b9d9f..b03ab1e 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml @@ -14,7 +14,7 @@ spec: image: skymatic/logrotate:latest securityContext: runAsUser: 100 - # command: ["/bin/sh", "-c", && sleep infinity"] + command: ["/bin/sh", "-c", "sleep 10"] volumeMounts: - name: host-log-storage mountPath: /openbao/logs -- 2.45.2 From 7dfefa8ac9f0ce5f697b9c6766b15cbd775f2bd5 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 11:45:26 +0200 Subject: [PATCH 093/106] 2M --- .../ref-implementation/openbao-logging/logrotate-configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml index e31d9df..34e2826 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml @@ -5,7 +5,7 @@ metadata: data: logrotate.conf: | /openbao/logs/openbao/*.log { - size 10M + size 2M rotate 7 compress missingok -- 2.45.2 From 1abbd9b64616f10b06b283dc068ea2dc42ce32ae Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 11:56:08 +0200 Subject: [PATCH 094/106] && sleep 10 --- .../ref-implementation/openbao-logging/logrotate-cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml index b03ab1e..324489a 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml @@ -14,7 +14,7 @@ spec: image: skymatic/logrotate:latest securityContext: runAsUser: 100 - command: ["/bin/sh", "-c", "sleep 10"] + command: ["/bin/sh", "-c", && sleep 10"] volumeMounts: - name: host-log-storage mountPath: /openbao/logs -- 2.45.2 From 20a6113403fd54be670b92dd5351b62f50fa1513 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 12:01:20 +0200 Subject: [PATCH 095/106] new changes --- .../ref-implementation/openbao-logging/logrotate-cronjob.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml index 324489a..755d6b9 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml @@ -4,7 +4,7 @@ metadata: name: logrotate-cronjob namespace: openbao spec: - schedule: "*/5 * * * *" + schedule: "*/2 * * * *" jobTemplate: spec: template: @@ -14,7 +14,7 @@ spec: image: skymatic/logrotate:latest securityContext: runAsUser: 100 - command: ["/bin/sh", "-c", && sleep 10"] + command: ["/bin/sh", "-c", "logrotate /etc/logrotate.conf && sleep 10"] volumeMounts: - name: host-log-storage mountPath: /openbao/logs -- 2.45.2 From d1355e47c88fbcf04338097f94b2cd9bb220380f Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 12:56:56 +0200 Subject: [PATCH 096/106] don't compress --- .../ref-implementation/openbao-logging/logrotate-configmap.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml index 34e2826..7cd2a3d 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml @@ -7,7 +7,6 @@ data: /openbao/logs/openbao/*.log { size 2M rotate 7 - compress missingok notifempty postrotate -- 2.45.2 From 58fd63da5490d2132258811659b627baa7ded199 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 13:11:58 +0200 Subject: [PATCH 097/106] 0 * * * * --- .../ref-implementation/openbao-logging/logrotate-configmap.yaml | 2 +- .../ref-implementation/openbao-logging/logrotate-cronjob.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml index 7cd2a3d..b8f9d1a 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml @@ -5,7 +5,7 @@ metadata: data: logrotate.conf: | /openbao/logs/openbao/*.log { - size 2M + size 50M rotate 7 missingok notifempty diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml index 755d6b9..c8b80c4 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml @@ -4,7 +4,7 @@ metadata: name: logrotate-cronjob namespace: openbao spec: - schedule: "*/2 * * * *" + schedule: "0 * * * *" jobTemplate: spec: template: -- 2.45.2 From 01a9c0e0e696d0b8244b7bcf119414edd68cf9ba Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 13:28:18 +0200 Subject: [PATCH 098/106] deleted unneccessary container --- .../stacks/ref-implementation/openbao/values.yaml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index f370ab5..798e909 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -22,19 +22,6 @@ server: - name: passwd-volume mountPath: /etc/passwd subPath: passwd - # - name: logrotate2 - # image: alpine:latest - # command: ["/bin/sh", "-c", "/tmp/sidecar.sh"] - # securityContext: - # runAsUser: 100 - # ports: - # - containerPort: 8081 - # volumeMounts: - # - name: passwd-volume - # mountPath: /etc/passwd - # subPath: passwd - # - name: sidecar-script - # mountPath: /tmp - name: sidecar image: alpine:latest command: ["/bin/sh", "/tmp/start.sh"] -- 2.45.2 From 9c8cdbf7a46f0c931bf5cc555b1208d478d1bec0 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 13:54:07 +0200 Subject: [PATCH 099/106] no logrotate sidecar container --- .../ref-implementation/openbao/values.yaml | 21 ------------------- 1 file changed, 21 deletions(-) diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 798e909..18e79f6 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -1,27 +1,6 @@ server: shareProcessNamespace: true extraContainers: - - name: logrotate - image: skymatic/logrotate:latest # MIT License - securityContext: - runAsUser: 100 - env: - - name: CRON_SCHEDULE - value: "* * * * *" - - name: TINI_SUBREAPER - value: - volumeMounts: - - name: host-log-storage - mountPath: /openbao/logs - - name: logrotate-config-volume - mountPath: /etc/logrotate.conf - subPath: logrotate.conf - readOnly: true - - name: status - mountPath: /var/lib - - name: passwd-volume - mountPath: /etc/passwd - subPath: passwd - name: sidecar image: alpine:latest command: ["/bin/sh", "/tmp/start.sh"] -- 2.45.2 From 7e2243d52da9108c560b162ea1f457c80a413bc3 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 13:59:30 +0200 Subject: [PATCH 100/106] test to ds --- .../create-logging-directory.yaml | 27 ++++++++++++++----- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml index 61f45ef..06321f9 100644 --- a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml +++ b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml @@ -12,7 +12,26 @@ spec: labels: app: openbao-logging-dir spec: - initContainers: + # initContainers: + # - name: creator + # image: busybox + # command: ["/bin/sh", "-c"] + # args: + # - | + # set -e + # mkdir -p /var/log/openbao + # chown 100:100 /var/log/openbao + # securityContext: + # runAsUser: 0 + # volumeMounts: + # - name: host-log + # mountPath: /var/log + containers: + # - name: running-container + # image: busybox + # command: ["sleep", "infinity"] + # securityContext: + # runAsUser: 0 - name: creator image: busybox command: ["/bin/sh", "-c"] @@ -26,12 +45,6 @@ spec: volumeMounts: - name: host-log mountPath: /var/log - containers: - - name: running-container - image: busybox - command: ["sleep", "infinity"] - securityContext: - runAsUser: 0 volumes: - name: host-log hostPath: -- 2.45.2 From 596a234192bf24ad18fe607f9b0f26aefff34c08 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 14:15:44 +0200 Subject: [PATCH 101/106] test --- .../create-logging-directory.yaml | 19 ------------------- .../openbao-logging/logrotate-configmap.yaml | 2 +- .../openbao-logging/logrotate-cronjob.yaml | 2 +- .../ref-implementation/openbao/values.yaml | 6 +++--- 4 files changed, 5 insertions(+), 24 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml index 06321f9..7b2aa6d 100644 --- a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml +++ b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml @@ -12,26 +12,7 @@ spec: labels: app: openbao-logging-dir spec: - # initContainers: - # - name: creator - # image: busybox - # command: ["/bin/sh", "-c"] - # args: - # - | - # set -e - # mkdir -p /var/log/openbao - # chown 100:100 /var/log/openbao - # securityContext: - # runAsUser: 0 - # volumeMounts: - # - name: host-log - # mountPath: /var/log containers: - # - name: running-container - # image: busybox - # command: ["sleep", "infinity"] - # securityContext: - # runAsUser: 0 - name: creator image: busybox command: ["/bin/sh", "-c"] diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml index b8f9d1a..807387b 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-configmap.yaml @@ -5,7 +5,7 @@ metadata: data: logrotate.conf: | /openbao/logs/openbao/*.log { - size 50M + size 1M rotate 7 missingok notifempty diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml index c8b80c4..755d6b9 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml @@ -4,7 +4,7 @@ metadata: name: logrotate-cronjob namespace: openbao spec: - schedule: "0 * * * *" + schedule: "*/2 * * * *" jobTemplate: spec: template: diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 18e79f6..b75b492 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -21,9 +21,9 @@ server: - name: logrotate-config-volume configMap: name: logrotate-config - - name: passwd-volume - configMap: - name: passwd-user-configmap + # - name: passwd-volume + # configMap: + # name: passwd-user-configmap - name: status emptyDir: {} - name: host-log-storage -- 2.45.2 From 86fb4eefa31c1c1cb0161ac8533de1992b71d19c Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 14:17:05 +0200 Subject: [PATCH 102/106] mistake --- .../openbao-logging/logrotate-cronjob.yaml | 6 +++--- template/stacks/ref-implementation/openbao/values.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml index 755d6b9..0cea75d 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml @@ -36,8 +36,8 @@ spec: - name: logrotate-config-volume configMap: name: logrotate-config - - name: passwd-volume - configMap: - name: passwd-user-configmap + # - name: passwd-volume + # configMap: + # name: passwd-user-configmap - name: status emptyDir: {} \ No newline at end of file diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index b75b492..18e79f6 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -21,9 +21,9 @@ server: - name: logrotate-config-volume configMap: name: logrotate-config - # - name: passwd-volume - # configMap: - # name: passwd-user-configmap + - name: passwd-volume + configMap: + name: passwd-user-configmap - name: status emptyDir: {} - name: host-log-storage -- 2.45.2 From feae2ff0102c517f34de3fc596ab83ed7951e7d2 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 14:19:48 +0200 Subject: [PATCH 103/106] another mistake --- .../openbao-logging/logrotate-cronjob.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml index 0cea75d..15d76c5 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml @@ -22,9 +22,9 @@ spec: mountPath: /etc/logrotate.conf subPath: logrotate.conf readOnly: true - - name: passwd-volume - mountPath: /etc/passwd - subPath: passwd + # - name: passwd-volume + # mountPath: /etc/passwd + # subPath: passwd - name: status mountPath: /var/lib restartPolicy: OnFailure -- 2.45.2 From cee7ba8ff32b2f5371ea215ac33499c7ff4c2592 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 14:27:15 +0200 Subject: [PATCH 104/106] - name: passwd-volume mountPath: /etc/passwd subPath: passwd --- .../openbao-logging/logrotate-cronjob.yaml | 12 ++++++------ .../stacks/ref-implementation/openbao/values.yaml | 5 ----- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml index 15d76c5..755d6b9 100644 --- a/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml +++ b/template/stacks/ref-implementation/openbao-logging/logrotate-cronjob.yaml @@ -22,9 +22,9 @@ spec: mountPath: /etc/logrotate.conf subPath: logrotate.conf readOnly: true - # - name: passwd-volume - # mountPath: /etc/passwd - # subPath: passwd + - name: passwd-volume + mountPath: /etc/passwd + subPath: passwd - name: status mountPath: /var/lib restartPolicy: OnFailure @@ -36,8 +36,8 @@ spec: - name: logrotate-config-volume configMap: name: logrotate-config - # - name: passwd-volume - # configMap: - # name: passwd-user-configmap + - name: passwd-volume + configMap: + name: passwd-user-configmap - name: status emptyDir: {} \ No newline at end of file diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml index 18e79f6..ffbfa43 100644 --- a/template/stacks/ref-implementation/openbao/values.yaml +++ b/template/stacks/ref-implementation/openbao/values.yaml @@ -18,14 +18,9 @@ server: mountPath: /etc/passwd subPath: passwd volumes: - - name: logrotate-config-volume - configMap: - name: logrotate-config - name: passwd-volume configMap: name: passwd-user-configmap - - name: status - emptyDir: {} - name: host-log-storage hostPath: path: /var/log -- 2.45.2 From 32f084fcb62b5943adf2e3aef322de20874e5242 Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 14:40:14 +0200 Subject: [PATCH 105/106] ds renewed --- .../create-logging-directory.yaml | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml index 7b2aa6d..0803643 100644 --- a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml +++ b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml @@ -12,7 +12,7 @@ spec: labels: app: openbao-logging-dir spec: - containers: + initContainers: - name: creator image: busybox command: ["/bin/sh", "-c"] @@ -26,6 +26,25 @@ spec: volumeMounts: - name: host-log mountPath: /var/log + containers: + - name: running-container + image: busybox + command: ["sleep", "2"] + securityContext: + runAsUser: 0 + - name: creator + image: busybox + command: ["/bin/sh", "-c"] + args: + - | + set -e + mkdir -p /var/log/openbao + chown 100:100 /var/log/openbao + securityContext: + runAsUser: 0 + volumeMounts: + - name: host-log + mountPath: /var/log volumes: - name: host-log hostPath: -- 2.45.2 From 07ff00fce1c45d680e77039e7b6763e09d403dcf Mon Sep 17 00:00:00 2001 From: miwr Date: Wed, 23 Apr 2025 14:46:27 +0200 Subject: [PATCH 106/106] almost done --- .../openbao-logging/create-logging-directory.yaml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml index 0803643..20192e3 100644 --- a/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml +++ b/template/stacks/ref-implementation/openbao-logging/create-logging-directory.yaml @@ -32,19 +32,6 @@ spec: command: ["sleep", "2"] securityContext: runAsUser: 0 - - name: creator - image: busybox - command: ["/bin/sh", "-c"] - args: - - | - set -e - mkdir -p /var/log/openbao - chown 100:100 /var/log/openbao - securityContext: - runAsUser: 0 - volumeMounts: - - name: host-log - mountPath: /var/log volumes: - name: host-log hostPath: -- 2.45.2