DevFW-CICD/stacks
12
0
Fork 1
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions

IPCEICIS-3111 #21

Closed
Michal.Wrobel wants to merge 131 commits from IPCEICIS-3111 into development
pull from: IPCEICIS-3111
merge into: DevFW-CICD:development
Conversation 1 Commits 131 Files changed 2 +22 -4

131 commits

Author SHA1 Message Date
miwr
f9c880549d configuration added 2025-03-26 14:51:33 +01:00
miwr
1f429f079b loki.source.syslog "tcp_socket" { 
listener {
          address = "0.0.0.0:1514"
          labels   = { component = "loki.source.syslog", protocol = "tcp" }
        }
        forward_to = [loki.write.local_loki.receiver]
      }
 2025-03-26 13:55:46 +01:00
miwr
574fe29565 labels = { component = "loki.source.syslog", protocol = "tcp" } 2025-03-26 13:46:08 +01:00
miwr
992749c6fc loki.source.kubernetes "all_pod_logs" { 
targets    = discovery.relabel.pod_logs.output
        forward_to = [loki.write.local_loki.receiver]
      }
 2025-03-26 13:16:02 +01:00
miwr
2fda5818ec create: false 
name: alloy-config
  key: config.alloy
 2025-03-26 13:03:23 +01:00
miwr
a1925e083b - name: "tcpsocket" 2025-03-26 12:56:03 +01:00
miwr
21ce529abe create: false 
name: alloy-config
    key: config.alloy
 2025-03-26 12:50:13 +01:00
miwr
ecf2ed5787 extraPorts: 
- name: "tcp_socket"
      port: 1514
      targetPort: 1514
      protocol: "TCP"
      appProtocol: "tcp"
 2025-03-26 12:43:02 +01:00
miwr
e8c6aeb3c2 address = "0.0.0.0:1514" 2025-03-26 12:38:39 +01:00
miwr
bfc8972580 forward_to = [loki.write.local_loki.receiver] 2025-03-26 12:34:48 +01:00
miwr
d64ecf325b address = "0.0.0.0:12345" 2025-03-26 12:30:30 +01:00
miwr
c16ad82150 # extraPorts: 
#   - name: "tcp_socket"
  #     port: 1514
  #     targetPort: 1514
  #     protocol: "TCP"
  #     appProtocol: "tcp"
 2025-03-26 12:28:37 +01:00
miwr
e901ac85fc extraPorts: 
- name: "tcp_socket"
      port: 1514
      targetPort: 1514
      protocol: "TCP"
      appProtocol: "tcp"
 2025-03-26 11:53:11 +01:00
miwr
08a4037929 extraPorts: 
- name: "tcp_socket"
    port: 1514
    targetPort: 1514
    protocol: "TCP"
    appProtocol: "tcp"
 2025-03-26 11:46:02 +01:00
miwr
2a8bdd0f6d loki.source.syslog "tcp_socket" { 
listener {
          address = "0.0.0.0:1514"
        }
        forward_to = [loki.write.local_loki.receiver]
      }
 2025-03-26 11:01:33 +01:00
miwr
5c9b4c679d sleep 60 2025-03-25 15:16:07 +01:00
miwr
d941d12bcd mkdir pupa 2025-03-25 15:02:50 +01:00
miwr
c34d538073 /var/log/openbao/openbao/*.log { 2025-03-25 14:08:02 +01:00
miwr
42be001b3c bao audit enable -path="file" file file_path=/openbao/logs/openbao/openbao.log 2025-03-25 13:59:25 +01:00
miwr
278cf798f4 apiVersion: v1 
kind: ConfigMap
metadata:
  name: openbao-logrotate-config
  namespace: openbao
data:
  openbao: |
    /var/log/openbao/*.log {
    size 5k
    rotate 7
    compress
    missingok
    notifempty
    postrotate
        kill -SIGHUP $(pidof bao)
    endscript
    }
 2025-03-25 13:52:55 +01:00
miwr
5c197fd0f1 sidecar container detached 2025-03-25 13:26:28 +01:00
miwr
bb3c6cf438 /openbao/logs/openbao/openbao.log 2025-03-25 13:19:15 +01:00
miwr
2372cefe0b # bao audit enable -path="file" file file_path=/openbao/logs/openbao.log 2025-03-25 13:13:39 +01:00
miwr
be7881e2ec test 2025-03-25 13:03:29 +01:00
miwr
c6e71f8aeb logging setup 2025-03-25 12:51:00 +01:00
miwr
547938acd4 - name: host-log 
hostPath:
        path: /var/log
        type: Directory
 2025-03-25 11:18:52 +01:00
miwr
320e67a1d2 no liveness probe 2025-03-24 14:50:16 +01:00
miwr
71a5463237 rm /tmp/init.txt 
bao audit enable -path="stdout" file file_path=stdout
      bao audit enable -path="file" file file_path=/openbao/logs/openbao.log
 2025-03-24 14:20:54 +01:00
miwr
4620a92aee # rm /tmp/init.txt 2025-03-24 13:57:39 +01:00
miwr
5086db7cba 100 2025-03-24 13:50:33 +01:00
miwr
2c5cad03c8 sleep 10 2025-03-24 13:50:07 +01:00
miwr
aae508014a cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {} 
echo $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/initial_token.txt
      echo $(grep "Unseal Key 1:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key1.txt
      echo $(grep "Unseal Key 2:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key2.txt
      echo $(grep "Unseal Key 3:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key3.txt
      echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt
      echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt
      bao login $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')
      rm /tmp/init.txt
 2025-03-24 13:41:47 +01:00
miwr
8d7a7cb1bf bao operator init >> /tmp/init.txt 2025-03-24 13:38:15 +01:00
miwr
8f28c30364 ### 2025-03-24 13:33:13 +01:00
miwr
dcce720122 # bao audit enable -path="stdout" file file_path=stdout 
# bao audit enable -path="file" file file_path=/openbao/logs/openbao.log
 2025-03-24 13:32:40 +01:00
miwr
f39c8c979b livenessProbe: 
enabled: true
    execCommand:
      - /bin/sh
      - -c
      - bao status
 2025-03-24 13:12:46 +01:00
miwr
d41a27305e livenessProbe: 
enabled: true
 2025-03-24 12:54:27 +01:00
miwr
4601d2f25d those command were deleted 2025-03-20 16:18:43 +01:00
miwr
5f5ac62b0b touch /shared/main.alive; trap 'rm -f /shared/main.alive; exit 0' TERM; while true; do sleep 1; done 2025-03-20 16:14:03 +01:00
miwr
3937c98d00 /openbao/logs/alive/main.alive 2025-03-20 16:03:21 +01:00
miwr
d21c543f2c log-sidecar removed 2025-03-20 15:50:04 +01:00
miwr
64677a02d1 url = "http://loki-loki-distributed-gateway.monitoring.svc.cluster.local/loki/api/v1/push" 2025-03-20 15:14:01 +01:00
miwr
350398cb23 path_targets = [{"__path__" = "/openbao/logs/*"}] 2025-03-20 14:44:48 +01:00
miwr
02c739524b config.alloy 2025-03-20 14:39:03 +01:00
miwr
3db4058181 - key: "config.yaml" 
path: "/config.alloy"
                - key: "config.yaml"
                  path: "/pupa/config.alloy"
 2025-03-20 14:34:51 +01:00
miwr
d866169744 - name: config-volume 
mountPath: /etc/alloy
              items:
                - key: "config.yaml"
                  path: "config.alloy"
 2025-03-20 14:28:27 +01:00
miwr
267a04fee5 mountPath: /etc/alloy 
items:
                - key: "config.yaml"
                  path: "config.alloy"
 2025-03-20 14:23:57 +01:00
miwr
c376f6d0c6 - --config.file=/var/lib/alloy/config/config.yaml 2025-03-20 14:09:45 +01:00
miwr
39eab1ef93 - name: config-volume 
configMap:
        name: sidecar-container-alloy-config
 2025-03-20 14:00:59 +01:00
miwr
ec2fc47ea2 mountPath: /var/lib/alloy 2025-03-20 13:52:04 +01:00
miwr
2058f6a36b mountPath: /var/lib 2025-03-20 13:48:12 +01:00
miwr
87522c11db /var 2025-03-20 13:39:35 +01:00
miwr
88df4ea8f4 runAsUser: 100 2025-03-20 13:30:37 +01:00
miwr
6385e39067 /openbao/logs/pupa2 2025-03-20 13:12:50 +01:00
miwr
005f7503ce mountPath: /var/lib/alloy/data 2025-03-20 13:05:44 +01:00
miwr
140dddd955 mountPath: /var/lib/alloy/data 2025-03-20 12:58:23 +01:00
miwr
285e823936 path_targets = [{"__path__" = "/var/log/*"}] 2025-03-20 12:55:00 +01:00
miwr
c9c67a9d54 name changes 2025-03-20 12:36:57 +01:00
miwr
0dbf646477 alloy is back 2025-03-20 12:36:18 +01:00
miwr
5843e9498b targets = local.file_match.openbao_file_logs.targets 2025-03-20 11:33:08 +01:00
miwr
3e1b284e3b local.file_match "openbao_file_logs" { 
path_targets = [{"__path__" = "/openbao/logs/*"}]
        sync_period = "5s"
      }

      loki.source.file "openbao_logs" {
        targets    = local.file_match.openbao_file_logs.output
        forward_to = [loki.write.local_loki.receiver]
      }
 2025-03-20 11:26:21 +01:00
miwr
a5ec02205a bao audit enable -path="stdout" file file_path=stdout 
bao audit enable -path="file" file file_path=/openbao/logs/openbao.log
 2025-03-20 11:03:57 +01:00
miwr
974e0182cc # touch /openbao/logs/openbao.log 
# bao audit enable file file_path=/openbao/logs/openbao.log
 2025-03-20 10:45:12 +01:00
miwr
d51e0859a9 touch /openbao/logs/openbao.log 2025-03-19 16:34:32 +01:00
miwr
1bf5b468bc bao audit enable file file_path=/openbao/logs/openbao.log 2025-03-19 16:25:16 +01:00
miwr
e7d693465d mountPath: /openbao/logs 2025-03-19 15:02:47 +01:00
miwr
12d35ad1e9 touch /var/log/openbao.log 
chmod 644 /var/log/openbao.log
      chown openbao:openbao /var/log/openbao.log
      bao audit enable file file_path=/var/log/openbao.log removed
 2025-03-19 14:48:25 +01:00
miwr
5ffb47d1ca volumeMounts: 
- mountPath: /var/log/test
      name: log-storage
      readOnly: false
 2025-03-19 14:44:29 +01:00
miwr
e72e440e51 volumeMounts: 
- mountPath: /var/log/test
      name: plugins
      readOnly: false
 2025-03-19 14:40:57 +01:00
miwr
ff72720654 volumes: 
- name: log-storage
      emptyDir: {}
 2025-03-19 14:35:18 +01:00
miwr
ac4d10d619 # volumeMounts: 
#   - mountPath: /
  #     name: plugins
  #     readOnly: false
 2025-03-19 14:30:00 +01:00
miwr
d946b419e7 volumeMounts: 
- mountPath: /
      name: plugins
      readOnly: false
 2025-03-19 14:27:04 +01:00
miwr
da3624d82a volumeMounts: 
- mountPath: /var/log/test
      name: plugins
      readOnly: false
 2025-03-19 14:20:57 +01:00
miwr
cba0a236f5 volumes: 
- name: log-storage
      path: /var/log/test
 2025-03-19 14:14:07 +01:00
miwr
0971384fd2 emptyDir: {} 
volumeMounts:
        - name: log-storage
          mountPath: /var/log/test
 2025-03-19 14:06:21 +01:00
miwr
4d93d50874 volumes: 
- name: log-storage
      path: /var/log/test
 2025-03-19 13:58:20 +01:00
miwr
8f7ccf5fa7 mountPath: /var/log/test 2025-03-19 13:53:13 +01:00
miwr
1938cc8f44 - name: init-log-permissions 
image: busybox
      command: ["sh", "-c", "chown -R 1000:1000 /var/log && chmod -R 775 /var/log"]
      volumeMounts:
        - mountPath: /var/log
          name: log-storage
 2025-03-19 13:24:40 +01:00
miwr
80ca890f5f - name: init-log-permissions 
image: busybox
      command: ["sh", "-c", "chown -R 1000:1000 /var/log && chmod -R 775 /var/log"]
      securityContext:
        runAsUser: 0
      volumeMounts:
        - mountPath: /var/log
          name: log-storage
 2025-03-19 13:20:34 +01:00
miwr
18d03cee74 runAsUser: 1 2025-03-19 11:47:50 +01:00
miwr
7efc8124b0 runAsUser: 0 2025-03-19 11:39:53 +01:00
miwr
3cd6a846b2 securityContext: 
runAsUser: 1001
 2025-03-19 11:35:16 +01:00
miwr
3d39948468 command: ["/bin/sh", "-c", " 
while true; do
            echo 'Hello'
          sleep 5;
          done
        "]
 2025-03-19 11:18:38 +01:00
miwr
055713e4a5 command: ["/bin/sh", "-c", " 
while true; do
            echo 'Hello'
          sleep 5;
          done
        "]
 2025-03-19 11:02:44 +01:00
miwr
0b5b2b25fd touch /var/log/openbao.log 
chmod 644 /var/log/openbao.log
      chown openbao:openbao /var/1og/openbao_audit.log
      bao audit enable file file_path=/var/log/openbao.log
 2025-03-19 10:47:00 +01:00
miwr
3bb9b4b059 while true; do 
echo 'Hello'
          sleep 5;
          done
        "]
 2025-03-19 10:33:33 +01:00
miwr
fb0eebef13 no exit 2025-03-19 10:26:14 +01:00
miwr
1c71f8555d # while kill -0 $(pidof openbao) 2>/dev/null; do sleep 1; done; 
# echo 'OpenBao has crashed - giving Alloy time to collect logs...' >> var/log/openbao.log;
          # sleep 20;
          # echo 'Sidecar exiting.';
          # exit 1;
 2025-03-19 10:25:44 +01:00
miwr
abdbcff9fd while kill -0 $(pidof openbao) 2>/dev/null; do sleep 1; done; 
echo 'OpenBao has crashed - giving Alloy time to collect logs...' >> var/log/openbao.log;
          sleep 20;
          echo 'Sidecar exiting.';
          exit 1;
 2025-03-19 10:18:19 +01:00
miwr
ac3988f9ac touch /var/log/openbao.log 
chmod 644 /var/log/openbao.log
      chown openbao:openbao /var/1og/openbao_audit.log
      bao audit enable file file_path=/var/log/openbao.log removed
 2025-03-18 14:34:59 +01:00
miwr
52f484d463 touch /var/log/openbao.log 
chmod 644 /var/log/openbao.log
      chown openbao:openbao /var/1og/openbao_audit.log
      bao audit enable file file_path=/var/log/openbao.log
 2025-03-18 14:28:14 +01:00
miwr
46d6a22b65 bao audit enable file file_path=/var/log/openbao.log 2025-03-18 14:21:41 +01:00
miwr
bc189a53e0 image: alpine:latest 2025-03-18 13:38:40 +01:00
miwr
e4611e967e busybox 2025-03-18 13:35:34 +01:00
miwr
57779745e9 curlimages/curl:latest 2025-03-18 13:12:09 +01:00
miwr
ef22f9e7be ["/bin/sh", "-c", "while kill -0 $(pidof main-container) 2>/dev/null; do sleep 1; done; echo 'OpenBao has crashed - giving Alloy time to collect logs...'; sleep 20"] 2025-03-18 12:59:08 +01:00
miwr
8db5e5950d # volumeMounts: 
#   - name: alloy-data
      #     mountPath: /var/lib/alloy/data
      # securityContext:
      #   runAsUser: 0
 2025-03-18 12:47:09 +01:00
miwr
43b172d8d4 user 0 2025-03-18 12:14:27 +01:00
miwr
b7de02d293 # extraContainers: 
#   - name: grafana-alloy
  #     image: grafana/alloy:latest
  #     ports:
  #       - containerPort: 12345
 2025-03-18 12:04:53 +01:00
miwr
815f6a2822 # volumeMounts: 
#   - name: alloy-data
      #     mountPath: /var/lib/alloy/data
 2025-03-18 12:00:36 +01:00
miwr
93fe631736 fsGroup: 1000 
runAsGroup: 1000
        runAsNonRoot: true
        runAsUser: 100
 2025-03-18 11:51:26 +01:00
miwr
67876f18b9 runAsUser: 0 2025-03-18 11:39:10 +01:00
Michal.Wrobel
779df9fb9c Merge pull request 'openbao_logs_second_way' (#16) from openbao_logs_second_way into shipping_openbao_logs 
Reviewed-on: #16
 2025-03-18 09:17:40 +00:00
miwr
e993c274b0 runAsUser: 1000 # Run as non-root user 
fsGroup: 1000
 2025-03-17 15:41:18 +01:00
miwr
46072b8f81 runAsUser: 0 2025-03-17 15:34:43 +01:00
miwr
8617e200ea securityContext: 
runAsUser: 1000
        fsGroup: 1000
 2025-03-17 15:30:50 +01:00
miwr
c30cf9f380 /tmp/alloy/data 2025-03-17 15:26:17 +01:00
miwr
872c9dc8e5 volumes: 
- name: alloy-data
      emptyDir: {}
 2025-03-17 15:13:12 +01:00
miwr
27dc5966e9 # args: 
#    - --config.file=/etc/alloy/config.yaml
 2025-03-17 15:05:10 +01:00
miwr
aeca6100f5 /etc/alloy/config.yaml 2025-03-17 14:49:33 +01:00
miwr
4e673f674d extraVolumes deprecated 2025-03-17 14:37:58 +01:00
miwr
be1c3cee7a test 2025-03-17 14:31:26 +01:00
miwr
f0632db48b extraContainers: 
- name: grafana-alloy
     image: grafana/alloy:latest
     ports:
       - containerPort: 12345
     volumeMounts:
       - name: sidecar-container-alloy-config
         mountPath: /etc/alloy
         subPath: config.yaml
     args:
       - --config.file=/etc/alloy/config.yaml
 2025-03-17 14:23:11 +01:00
miwr
7b77d870c6 extraVolumes: 
- name: sidecar-container-alloy-config
      configMap:
        name: sidecar-container-alloy-config
 2025-03-17 14:17:13 +01:00
miwr
deaed1bdcc path: "stacks/ref-implementation/openbao-alloy-configmap" 2025-03-17 14:12:18 +01:00
miwr
2890437647 ref-implementation/openbao/sidecar-container-alloy-configmap 2025-03-17 14:07:43 +01:00
miwr
f873cd8aef new directory for the configmap 2025-03-17 14:00:05 +01:00
miwr
3eec895f67 test 2025-03-17 13:46:53 +01:00
miwr
4b553dd258 config map separately 2025-03-17 13:31:43 +01:00
miwr
f1d940561d adjustment of openbao.ymal 2025-03-17 13:15:47 +01:00
miwr
e2ad485759 sidecar container added 2025-03-17 12:55:46 +01:00
miwr
29d4ca9fe6 removing alloy as a separate pod in the same namespace 2025-03-13 15:50:17 +01:00
miwr
de8dc94e28 operations/helm/charts/alloy path fixed 2025-03-13 15:16:02 +01:00
miwr
48a28127ce testing 2025-03-13 15:14:39 +01:00
miwr
83e1215d7d adding a side-car logging container for openbao 2025-03-13 15:09:06 +01:00
miwr
28916f2278 Merge branch 'alloy_implementation' into shipping_openbao_logs 
# Conflicts:
#	.gitignore
 2025-03-13 14:59:45 +01:00
miwr
a4502f2ecb provisional solution for the shipping done 2025-03-13 14:01:45 +01:00
miwr
3dd9b7a544 rm /tmp/init.txt moved a few lines down 2025-03-13 13:52:29 +01:00
miwr
5518e9e2d7 echo deleted 2025-03-13 13:24:44 +01:00
miwr
bc90465579 echos for testing 2025-03-13 13:15:19 +01:00
miwr
524d0c67e0 bao audit enable file file_path=stdout 2025-03-13 13:03:08 +01:00