IPCEICIS-3111 #21

Closed

Michal.Wrobel wants to merge 131 commits from IPCEICIS-3111 into development

pull from: IPCEICIS-3111

merge into: DevFW-CICD:development

DevFW-CICD:development

DevFW-CICD:IPCEICIS-2952

DevFW-CICD:modularise_edp

DevFW-CICD:IPCEICIS-2297_working_oidc

DevFW-CICD:michals-silly-game

DevFW-CICD:keycloak_update_test

DevFW-CICD:django-backstage-template

DevFW-CICD:IPCEICIS-2293_oidc_in_forgejo

DevFW-CICD:IPCEICIS-3256

DevFW-CICD:kindserver_development

DevFW-CICD:update_provider_argocd

DevFW-CICD:IPCEICIS-2951

DevFW-CICD:IPCEICIS-3110

DevFW-CICD:shipping_openbao_logs

DevFW-CICD:feature/IPCEICIS-2435_oidc_in_argocd

DevFW-CICD:alloy_implementation

DevFW-CICD:openbao_logs_second_way

DevFW-CICD:root_path_argocd_test

DevFW-CICD:IPCEICIS-2751_backstage

DevFW-CICD:forgego_10_update

DevFW-CICD:IPCEICIS-2435_change_argocd_path_routing_to_domain

DevFW-CICD:IPCEICIS-2643_install_keycloak_and_eso_first

DevFW-CICD:runner-tags

DevFW-CICD:dns_splitting

DevFW-CICD:forgejo_runner_configuration_test

DevFW-CICD:helm_hydrate

DevFW-CICD:feature/externaldns_certmanager_test

DevFW-CICD:main

DevFW-CICD:dns_ssl_test

Conversation 1 Commits 131 Files changed 2 +22 -4

Michal.Wrobel commented 2025-03-26 15:00:21 +00:00

Owner

Copy link

see https://jira.telekom-mms.com/browse/IPCEICIS-3111

⚠️Please squash the commits⚠️

see https://jira.telekom-mms.com/browse/IPCEICIS-3111 ⚠️Please squash the commits⚠️

Michal.Wrobel added 131 commits 2025-03-26 15:00:21 +00:00

bao audit enable file file_path=stdout 524d0c67e0

echos for testing bc90465579

echo deleted 5518e9e2d7

rm /tmp/init.txt moved a few lines down 3dd9b7a544

provisional solution for the shipping done a4502f2ecb

Merge branch 'alloy_implementation' into shipping_openbao_logs ... 28916f2278

# Conflicts:
#	.gitignore

adding a side-car logging container for openbao 83e1215d7d

testing 48a28127ce

operations/helm/charts/alloy path fixed de8dc94e28

removing alloy as a separate pod in the same namespace 29d4ca9fe6

sidecar container added e2ad485759

adjustment of openbao.ymal f1d940561d

config map separately 4b553dd258

test 3eec895f67

new directory for the configmap f873cd8aef

ref-implementation/openbao/sidecar-container-alloy-configmap 2890437647

path: "stacks/ref-implementation/openbao-alloy-configmap" deaed1bdcc

extraVolumes: ... 7b77d870c6

- name: sidecar-container-alloy-config
      configMap:
        name: sidecar-container-alloy-config

extraContainers: ... f0632db48b

- name: grafana-alloy
     image: grafana/alloy:latest
     ports:
       - containerPort: 12345
     volumeMounts:
       - name: sidecar-container-alloy-config
         mountPath: /etc/alloy
         subPath: config.yaml
     args:
       - --config.file=/etc/alloy/config.yaml

test be1c3cee7a

extraVolumes deprecated 4e673f674d

/etc/alloy/config.yaml aeca6100f5

# args: ... 27dc5966e9

#    - --config.file=/etc/alloy/config.yaml

volumes: ... 872c9dc8e5

- name: alloy-data
      emptyDir: {}

/tmp/alloy/data c30cf9f380

securityContext: ... 8617e200ea

runAsUser: 1000
        fsGroup: 1000

runAsUser: 0 46072b8f81

runAsUser: 1000 # Run as non-root user ... e993c274b0

fsGroup: 1000

Merge pull request 'openbao_logs_second_way' (#16) from openbao_logs_second_way into shipping_openbao_logs ... 779df9fb9c

Reviewed-on: #16

runAsUser: 0 67876f18b9

fsGroup: 1000 ... 93fe631736

runAsGroup: 1000
        runAsNonRoot: true
        runAsUser: 100

# volumeMounts: ... 815f6a2822

#   - name: alloy-data
      #     mountPath: /var/lib/alloy/data

# extraContainers: ... b7de02d293

#   - name: grafana-alloy
  #     image: grafana/alloy:latest
  #     ports:
  #       - containerPort: 12345

user 0 43b172d8d4

# volumeMounts: ... 8db5e5950d

#   - name: alloy-data
      #     mountPath: /var/lib/alloy/data
      # securityContext:
      #   runAsUser: 0

["/bin/sh", "-c", "while kill -0 $(pidof main-container) 2>/dev/null; do sleep 1; done; echo 'OpenBao has crashed - giving Alloy time to collect logs...'; sleep 20"] ef22f9e7be

curlimages/curl:latest 57779745e9

busybox e4611e967e

image: alpine:latest bc189a53e0

bao audit enable file file_path=/var/log/openbao.log 46d6a22b65

touch /var/log/openbao.log ... 52f484d463

chmod 644 /var/log/openbao.log
      chown openbao:openbao /var/1og/openbao_audit.log
      bao audit enable file file_path=/var/log/openbao.log

touch /var/log/openbao.log ... ac3988f9ac

chmod 644 /var/log/openbao.log
      chown openbao:openbao /var/1og/openbao_audit.log
      bao audit enable file file_path=/var/log/openbao.log removed

while kill -0 $(pidof openbao) 2>/dev/null; do sleep 1; done; ... abdbcff9fd

echo 'OpenBao has crashed - giving Alloy time to collect logs...' >> var/log/openbao.log;
          sleep 20;
          echo 'Sidecar exiting.';
          exit 1;

# while kill -0 $(pidof openbao) 2>/dev/null; do sleep 1; done; ... 1c71f8555d

# echo 'OpenBao has crashed - giving Alloy time to collect logs...' >> var/log/openbao.log;
          # sleep 20;
          # echo 'Sidecar exiting.';
          # exit 1;

no exit fb0eebef13

while true; do ... 3bb9b4b059

echo 'Hello'
          sleep 5;
          done
        "]

touch /var/log/openbao.log ... 0b5b2b25fd

chmod 644 /var/log/openbao.log
      chown openbao:openbao /var/1og/openbao_audit.log
      bao audit enable file file_path=/var/log/openbao.log

command: ["/bin/sh", "-c", " ... 055713e4a5

while true; do
            echo 'Hello'
          sleep 5;
          done
        "]

command: ["/bin/sh", "-c", " ... 3d39948468

while true; do
            echo 'Hello'
          sleep 5;
          done
        "]

securityContext: ... 3cd6a846b2

runAsUser: 1001

runAsUser: 0 7efc8124b0

runAsUser: 1 18d03cee74

- name: init-log-permissions ... 80ca890f5f

image: busybox
      command: ["sh", "-c", "chown -R 1000:1000 /var/log && chmod -R 775 /var/log"]
      securityContext:
        runAsUser: 0
      volumeMounts:
        - mountPath: /var/log
          name: log-storage

- name: init-log-permissions ... 1938cc8f44

image: busybox
      command: ["sh", "-c", "chown -R 1000:1000 /var/log && chmod -R 775 /var/log"]
      volumeMounts:
        - mountPath: /var/log
          name: log-storage

mountPath: /var/log/test 8f7ccf5fa7

volumes: ... 4d93d50874

- name: log-storage
      path: /var/log/test

emptyDir: {} ... 0971384fd2

volumeMounts:
        - name: log-storage
          mountPath: /var/log/test

volumes: ... cba0a236f5

- name: log-storage
      path: /var/log/test

volumeMounts: ... da3624d82a

- mountPath: /var/log/test
      name: plugins
      readOnly: false

volumeMounts: ... d946b419e7

- mountPath: /
      name: plugins
      readOnly: false

# volumeMounts: ... ac4d10d619

#   - mountPath: /
  #     name: plugins
  #     readOnly: false

volumes: ... ff72720654

- name: log-storage
      emptyDir: {}

volumeMounts: ... e72e440e51

- mountPath: /var/log/test
      name: plugins
      readOnly: false

volumeMounts: ... 5ffb47d1ca

- mountPath: /var/log/test
      name: log-storage
      readOnly: false

touch /var/log/openbao.log ... 12d35ad1e9

chmod 644 /var/log/openbao.log
      chown openbao:openbao /var/log/openbao.log
      bao audit enable file file_path=/var/log/openbao.log removed

mountPath: /openbao/logs e7d693465d

bao audit enable file file_path=/openbao/logs/openbao.log 1bf5b468bc

touch /openbao/logs/openbao.log d51e0859a9

# touch /openbao/logs/openbao.log ... 974e0182cc

# bao audit enable file file_path=/openbao/logs/openbao.log

bao audit enable -path="stdout" file file_path=stdout ... a5ec02205a

bao audit enable -path="file" file file_path=/openbao/logs/openbao.log

local.file_match "openbao_file_logs" { ... 3e1b284e3b

path_targets = [{"__path__" = "/openbao/logs/*"}]
        sync_period = "5s"
      }

      loki.source.file "openbao_logs" {
        targets    = local.file_match.openbao_file_logs.output
        forward_to = [loki.write.local_loki.receiver]
      }

targets = local.file_match.openbao_file_logs.targets 5843e9498b

alloy is back 0dbf646477

name changes c9c67a9d54

path_targets = [{"__path__" = "/var/log/*"}] 285e823936

mountPath: /var/lib/alloy/data 140dddd955

mountPath: /var/lib/alloy/data 005f7503ce

/openbao/logs/pupa2 6385e39067

runAsUser: 100 88df4ea8f4

/var 87522c11db

mountPath: /var/lib 2058f6a36b

mountPath: /var/lib/alloy ec2fc47ea2

- name: config-volume ... 39eab1ef93

configMap:
        name: sidecar-container-alloy-config

- --config.file=/var/lib/alloy/config/config.yaml c376f6d0c6

mountPath: /etc/alloy ... 267a04fee5

items:
                - key: "config.yaml"
                  path: "config.alloy"

- name: config-volume ... d866169744

mountPath: /etc/alloy
              items:
                - key: "config.yaml"
                  path: "config.alloy"

- key: "config.yaml" ... 3db4058181

path: "/config.alloy"
                - key: "config.yaml"
                  path: "/pupa/config.alloy"

config.alloy 02c739524b

path_targets = [{"__path__" = "/openbao/logs/*"}] 350398cb23

url = "http://loki-loki-distributed-gateway.monitoring.svc.cluster.local/loki/api/v1/push" 64677a02d1

log-sidecar removed d21c543f2c

/openbao/logs/alive/main.alive 3937c98d00

touch /shared/main.alive; trap 'rm -f /shared/main.alive; exit 0' TERM; while true; do sleep 1; done 5f5ac62b0b

those command were deleted 4601d2f25d

livenessProbe: ... d41a27305e

enabled: true

livenessProbe: ... f39c8c979b

enabled: true
    execCommand:
      - /bin/sh
      - -c
      - bao status

# bao audit enable -path="stdout" file file_path=stdout ... dcce720122

# bao audit enable -path="file" file file_path=/openbao/logs/openbao.log

### 8f28c30364

bao operator init >> /tmp/init.txt 8d7a7cb1bf

cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {} ... aae508014a

echo $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/initial_token.txt
      echo $(grep "Unseal Key 1:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key1.txt
      echo $(grep "Unseal Key 2:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key2.txt
      echo $(grep "Unseal Key 3:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key3.txt
      echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt
      echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt
      bao login $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')
      rm /tmp/init.txt

sleep 10 2c5cad03c8

100 5086db7cba

# rm /tmp/init.txt 4620a92aee

rm /tmp/init.txt ... 71a5463237

bao audit enable -path="stdout" file file_path=stdout
      bao audit enable -path="file" file file_path=/openbao/logs/openbao.log

no liveness probe 320e67a1d2

- name: host-log ... 547938acd4

hostPath:
        path: /var/log
        type: Directory

logging setup c6e71f8aeb

test be7881e2ec

# bao audit enable -path="file" file file_path=/openbao/logs/openbao.log 2372cefe0b

/openbao/logs/openbao/openbao.log bb3c6cf438

sidecar container detached 5c197fd0f1

apiVersion: v1 ... 278cf798f4

kind: ConfigMap
metadata:
  name: openbao-logrotate-config
  namespace: openbao
data:
  openbao: |
    /var/log/openbao/*.log {
    size 5k
    rotate 7
    compress
    missingok
    notifempty
    postrotate
        kill -SIGHUP $(pidof bao)
    endscript
    }

bao audit enable -path="file" file file_path=/openbao/logs/openbao/openbao.log 42be001b3c

/var/log/openbao/openbao/*.log { c34d538073

mkdir pupa d941d12bcd

sleep 60 5c9b4c679d

loki.source.syslog "tcp_socket" { ... 2a8bdd0f6d

listener {
          address = "0.0.0.0:1514"
        }
        forward_to = [loki.write.local_loki.receiver]
      }

extraPorts: ... 08a4037929

- name: "tcp_socket"
    port: 1514
    targetPort: 1514
    protocol: "TCP"
    appProtocol: "tcp"

extraPorts: ... e901ac85fc

- name: "tcp_socket"
      port: 1514
      targetPort: 1514
      protocol: "TCP"
      appProtocol: "tcp"

# extraPorts: ... c16ad82150

#   - name: "tcp_socket"
  #     port: 1514
  #     targetPort: 1514
  #     protocol: "TCP"
  #     appProtocol: "tcp"

address = "0.0.0.0:12345" d64ecf325b

forward_to = [loki.write.local_loki.receiver] bfc8972580

address = "0.0.0.0:1514" e8c6aeb3c2

extraPorts: ... ecf2ed5787

- name: "tcp_socket"
      port: 1514
      targetPort: 1514
      protocol: "TCP"
      appProtocol: "tcp"

create: false ... 21ce529abe

name: alloy-config
    key: config.alloy

- name: "tcpsocket" a1925e083b

create: false ... 2fda5818ec

name: alloy-config
  key: config.alloy

loki.source.kubernetes "all_pod_logs" { ... 992749c6fc

targets    = discovery.relabel.pod_logs.output
        forward_to = [loki.write.local_loki.receiver]
      }

labels = { component = "loki.source.syslog", protocol = "tcp" } 574fe29565

loki.source.syslog "tcp_socket" { ... 1f429f079b

listener {
          address = "0.0.0.0:1514"
          labels   = { component = "loki.source.syslog", protocol = "tcp" }
        }
        forward_to = [loki.write.local_loki.receiver]
      }

configuration added f9c880549d

Michal.Wrobel closed this pull request 2025-03-26 15:01:42 +00:00

Michal.Wrobel commented 2025-03-26 15:02:06 +00:00

Author

Owner

Copy link

see the comments in the ticket

see the comments in the ticket

Pull request closed

Please reopen this pull request to perform a merge.

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: DevFW-CICD/stacks#21

No description provided.