From 148db176a026bd45951bbee0b9a8177dcf14509d Mon Sep 17 00:00:00 2001 From: Aron Kaufmann Date: Fri, 14 Jun 2024 08:52:00 +0200 Subject: [PATCH 01/12] added possibility for secretKeyRef for metering truststorePassword added new values to values.yaml --- apigateway/helm/values.yaml | 10 ++++++++++ common/helm/templates/_metering.tpl | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/apigateway/helm/values.yaml b/apigateway/helm/values.yaml index 2c3e7da..8a8cbed 100644 --- a/apigateway/helm/values.yaml +++ b/apigateway/helm/values.yaml @@ -492,6 +492,16 @@ metering: # -- The password for the metering client truststore. # Configure this property only if you use a truststore. trustStorePassword: + # -- Configuration for secretKeyRef containing the password for the metering client truststore. + # Configure this property only if you use a truststore. + # Mutually exclusive with providing the password directly over metering.trustStorePassword. + truststorePasswordFromSecret: + # -- enable secretKeyRef instead of providing password directly + enabled: false + # -- Name of the referenced secret + secretName: "" + # -- Key containing the truststore password in the referenced secret + secretKey: "" elasticsearch: diff --git a/common/helm/templates/_metering.tpl b/common/helm/templates/_metering.tpl index 20ea229..33264fa 100644 --- a/common/helm/templates/_metering.tpl +++ b/common/helm/templates/_metering.tpl @@ -27,7 +27,15 @@ Usage: value: "{{ .Values.metering.logLevel }}" - name: "METERING_TRUSTSTORE_FILE" value: "{{ .Values.metering.trustStoreFile }}" +{{- if .Values.metering.truststorePasswordFromSecret.enabled -}} +- name: "METERING_TRUSTSTORE_PASSWORD" + valueFrom: + secretKeyRef: + name: {{ .Values.metering.truststorePasswordFromSecret.secretName }} + key: {{ .Values.metering.truststorePasswordFromSecret.secretKey }} +{{- else -}} - name: "METERING_TRUSTSTORE_PASSWORD" value: "{{ .Values.metering.trustStorePassword }}" {{- end -}} +{{- end -}} {{- end }} \ No newline at end of file From 6bdf122d2abbc060fdf1952e81eace4ce376d3b8 Mon Sep 17 00:00:00 2001 From: Aron Kaufmann Date: Fri, 14 Jun 2024 08:52:16 +0200 Subject: [PATCH 02/12] added possibility for secretKeyRef for metering truststorePassword added new values to values.yaml and updating helm/README.me from values.yaml --- apigateway/helm/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/apigateway/helm/README.md b/apigateway/helm/README.md index 1b72d46..ba24db0 100644 --- a/apigateway/helm/README.md +++ b/apigateway/helm/README.md @@ -353,6 +353,10 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use | metering.serverUrl | string | `"https://metering.softwareag.cloud/api/measurements"` | The URL of the metering aggregator server REST API. | | metering.trustStoreFile | string | `nil` | The absolute path to the metering client truststore that is used for HTTPS connections. Add this value in any of the following cases: *If you use the Software AG Metering Server on premises (via HTTPS) and the certificates in the truststore do not match the certificates configured in Software AG Runtime (CTP). *If you use a metering proxy that terminates the SSL connection to the Metering Server in Software AG Cloud. | | metering.trustStorePassword | string | `nil` | The password for the metering client truststore. Configure this property only if you use a truststore. | +| metering.truststorePasswordFromSecret | object | `{"enabled":false,"secretKey":"","secretName":""}` | Configuration for secretKeyRef containing the password for the metering client truststore. Configure this property only if you use a truststore. Mutually exclusive with providing the password directly over metering.trustStorePassword. | +| metering.truststorePasswordFromSecret.enabled | bool | `false` | enable secretKeyRef instead of providing password directly | +| metering.truststorePasswordFromSecret.secretKey | string | `""` | Key containing the truststore password in the referenced secret | +| metering.truststorePasswordFromSecret.secretName | string | `""` | Name of the referenced secret | | nameOverride | string | `""` | Overwrites Chart name of release name in workload name. As default, the workload name is release name + '-' + Chart name. The workload name is at the end release name + '-' + value of `nameOverride`. | | nodeSelector | object | `{}` | | | podAnnotations | object | `{}` | | From b6c0540513595d68b008f7cccc38f9cf8ffcebf7 Mon Sep 17 00:00:00 2001 From: Aron Kaufmann Date: Fri, 14 Jun 2024 09:47:54 +0200 Subject: [PATCH 03/12] upped chart version added new version to readme --- apigateway/helm/Chart.yaml | 2 +- apigateway/helm/README.md.gotmpl | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/apigateway/helm/Chart.yaml b/apigateway/helm/Chart.yaml index fdbfccc..67fb9de 100644 --- a/apigateway/helm/Chart.yaml +++ b/apigateway/helm/Chart.yaml @@ -33,7 +33,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.2.4 +version: 1.2.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/apigateway/helm/README.md.gotmpl b/apigateway/helm/README.md.gotmpl index 553117c..74a8a0d 100644 --- a/apigateway/helm/README.md.gotmpl +++ b/apigateway/helm/README.md.gotmpl @@ -166,5 +166,6 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use | `1.2.2` | Option in `values.yaml` to create a ServiceMonitor added. | | `1.2.3` | Job template added to create house keeping (cron) jobs. | | `1.2.4` | Added Kibana extra container configuration, set by Values.kibana.extraContainers.
Added ServiceMonitor matchLabel for a specific service. The service is set by .Values.serviceMonitor.serviceName defaulting to API Gateways runtime service. | +| `1.2.5` | Added possibility to read metering truststore password by secretKeyRef. | {{ template "chart.valuesSection" . }} From aa2e8d427a8dd35cece3ac101cc5903679cbaa68 Mon Sep 17 00:00:00 2001 From: Aron Kaufmann Date: Fri, 14 Jun 2024 09:48:27 +0200 Subject: [PATCH 04/12] upped chart version added new version to readme and updating helm/README.me from values.yaml --- apigateway/helm/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/apigateway/helm/README.md b/apigateway/helm/README.md index ba24db0..32ffb55 100644 --- a/apigateway/helm/README.md +++ b/apigateway/helm/README.md @@ -165,6 +165,7 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use | `1.2.2` | Option in `values.yaml` to create a ServiceMonitor added. | | `1.2.3` | Job template added to create house keeping (cron) jobs. | | `1.2.4` | Added Kibana extra container configuration, set by Values.kibana.extraContainers.
Added ServiceMonitor matchLabel for a specific service. The service is set by .Values.serviceMonitor.serviceName defaulting to API Gateways runtime service. | +| `1.2.5` | Added possibility to read metering truststore password by secretKeyRef. | ## Values From e7b0b472ddf339058fefff3352ef9188008d72ed Mon Sep 17 00:00:00 2001 From: Aron Kaufmann Date: Fri, 14 Jun 2024 12:11:07 +0200 Subject: [PATCH 05/12] added extraVolumes and extraVolumeMounts to kibana --- apigateway/helm/templates/kibana.yaml | 14 ++++++++++++-- apigateway/helm/values.yaml | 6 ++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/apigateway/helm/templates/kibana.yaml b/apigateway/helm/templates/kibana.yaml index 9e6eabb..9ef385e 100644 --- a/apigateway/helm/templates/kibana.yaml +++ b/apigateway/helm/templates/kibana.yaml @@ -83,14 +83,19 @@ spec: initContainers: {{- toYaml .Values.kibana.extraInitContainers | nindent 8 }} {{- end }} - {{- if .Values.kibana.tls.enabled }} + {{- if or (eq .Values.kibana.tls.enabled true) (eq .Values.kibana.extraVolumes true) }} volumes: + {{- if .Values.kibana.tls.enabled }} - name: elasticsearch-certs secret: secretName: {{ .Values.kibana.tls.secretName }} items: - key: {{ .Values.kibana.tls.trustStoreName }} path: truststore.p12 + {{- end }} + {{- if .Values.kibana.extraVolumes }} + {{- toYaml .Values.kibana.extraVolumes | nindent 8 }} + {{- end }} {{- end }} containers: - name: kibana @@ -124,12 +129,17 @@ spec: livenessProbe: {{- toYaml .Values.kibana.livenessProbe | nindent 12 }} {{- end }} - {{- if .Values.kibana.tls.enabled }} + {{- if or (eq .Values.kibana.tls.enabled true) (eq .Values.kibana.extraVolumeMounts true) }} volumeMounts: + {{- if .Values.kibana.tls.enabled }} - name: elasticsearch-certs mountPath: /usr/share/kibana/config/elasticsearch-certs/truststore.p12 subPath: truststore.p12 readOnly: true + {{- end }} + {{- if .Values.kibana.extraVolumeMounts }} + {{- toYaml .Values.kibana.extraVolumeMounts | nindent 12 }} + {{- end }} {{- end }} {{- if .Values.kibana.extraContainers }} {{- toYaml .Values.kibana.extraContainers | nindent 8 }} diff --git a/apigateway/helm/values.yaml b/apigateway/helm/values.yaml index 8a8cbed..94b0a9f 100644 --- a/apigateway/helm/values.yaml +++ b/apigateway/helm/values.yaml @@ -645,6 +645,12 @@ kibana: # -- The securityContext for kibana container. securityContext: {} + # -- The definition of extra volumes for kibana. + extraVolumes: [] + + # -- The definition of extra volumeMounts for kibana. + extraVolumeMounts: [] + # -- The definition of extra containers for kibana. extraContainers: [] From acb62808af88be6af40d5225392a5440c284c54e Mon Sep 17 00:00:00 2001 From: Aron Kaufmann Date: Fri, 14 Jun 2024 12:11:21 +0200 Subject: [PATCH 06/12] added extraVolumes and extraVolumeMounts to kibana and updating helm/README.me from values.yaml --- apigateway/helm/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apigateway/helm/README.md b/apigateway/helm/README.md index 32ffb55..6662b33 100644 --- a/apigateway/helm/README.md +++ b/apigateway/helm/README.md @@ -318,6 +318,8 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use | kibana.extraContainers | list | `[]` | The definition of extra containers for kibana. | | kibana.extraInitContainers | list | `[]` | The definition of extra initContainers for kibana. | | kibana.extraLabels | object | `{}` | Additional labels to be added to kibana pod labels. | +| kibana.extraVolumeMounts | list | `[]` | The definition of extra volumeMounts for kibana. | +| kibana.extraVolumes | list | `[]` | The definition of extra volumes for kibana. | | kibana.image | string | `nil` | The image that should be used. By default ECK will use the official Elasticsearch images. Overwrite this to use an image from an internal registry or any custom images. Make sure that the image corresponds to the version field. | | kibana.livenessProbe | object | `{}` | Configure Kibana's livenessProbe. | | kibana.podSecurityContext | object | `{}` | The pod securityContext for kibana pod. | From e98a6ee25a325509dcfbfd4a4e621ba2b1b96e54 Mon Sep 17 00:00:00 2001 From: Aron Kaufmann Date: Fri, 14 Jun 2024 12:50:19 +0200 Subject: [PATCH 07/12] added custom logging configuration to kibana --- apigateway/helm/templates/kibana.yaml | 15 +++++++++++++++ apigateway/helm/values.yaml | 24 ++++++++++++++++++++++++ 2 files changed, 39 insertions(+) diff --git a/apigateway/helm/templates/kibana.yaml b/apigateway/helm/templates/kibana.yaml index 9ef385e..d2c18f1 100644 --- a/apigateway/helm/templates/kibana.yaml +++ b/apigateway/helm/templates/kibana.yaml @@ -50,6 +50,21 @@ spec: {{- else }} elasticsearch.ssl.verificationMode: none {{- end }} + {{- if .Values.kibana.customLogging.enabled }} + logging: + {{- if .Values.kibana.customLogging.appenders }} + appenders: + {{- toYaml .Values.kibana.customLogging.appenders | nindent 8 }} + {{- end }} + {{- if .Values.kibana.customLogging.root }} + root: + {{- toYaml .Values.kibana.customLogging.root | nindent 8 }} + {{- end }} + {{- if .Values.kibana.customLogging.loggers }} + loggers: + {{- toYaml .Values.kibana.customLogging.loggers | nindent 8 }} + {{- end }} + {{- end }} http: tls: selfSignedCertificate: diff --git a/apigateway/helm/values.yaml b/apigateway/helm/values.yaml index 94b0a9f..fdeac77 100644 --- a/apigateway/helm/values.yaml +++ b/apigateway/helm/values.yaml @@ -645,6 +645,30 @@ kibana: # -- The securityContext for kibana container. securityContext: {} + # -- Custom logging configuration for kibana container. + customLogging: + # -- Enable custom logging configuration. + enabled: false + # -- Define appenders for custom logging config. + # Example for logging to file: + # file: + # type: file + # fileName: /usr/share/kibana/logs/kibana.log + # layout: + # type: pattern + appenders: {} + # -- Define which appenders are used by root logger. + # Example for logging to file additionally to default/console: + # appenders: [file, default] + # level: warn + root: {} + # -- Define loggers other than root logger. + # Example for custom server logger: + # - name: server + # appenders: [console] + # level: warn + loggers: [] + # -- The definition of extra volumes for kibana. extraVolumes: [] From 0db6a50193f49db4e547a051fef2deddd252561d Mon Sep 17 00:00:00 2001 From: Aron Kaufmann Date: Fri, 14 Jun 2024 12:50:33 +0200 Subject: [PATCH 08/12] added custom logging configuration to kibana and updating helm/README.me from values.yaml --- apigateway/helm/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/apigateway/helm/README.md b/apigateway/helm/README.md index 6662b33..7b7e543 100644 --- a/apigateway/helm/README.md +++ b/apigateway/helm/README.md @@ -315,6 +315,11 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use | kibana.allowAnonymousStatus | bool | `true` | Enable anonymous access to /api/status. | | kibana.annotations | object | `{}` | Annotations for Kibana | | kibana.count | int | `1` | | +| kibana.customLogging | object | `{"appenders":{},"enabled":false,"loggers":[],"root":{}}` | Custom logging configuration for kibana container. | +| kibana.customLogging.appenders | object | `{}` | Define appenders for custom logging config. Example for logging to file: file: type: file fileName: /usr/share/kibana/logs/kibana.log layout: type: pattern | +| kibana.customLogging.enabled | bool | `false` | Enable custom logging configuration. | +| kibana.customLogging.loggers | list | `[]` | Define loggers other than root logger. Example for custom server logger: - name: server appenders: [console] level: warn | +| kibana.customLogging.root | object | `{}` | Define which appenders are used by root logger. Example for logging to file additionally to default/console: appenders: [file, default] level: warn | | kibana.extraContainers | list | `[]` | The definition of extra containers for kibana. | | kibana.extraInitContainers | list | `[]` | The definition of extra initContainers for kibana. | | kibana.extraLabels | object | `{}` | Additional labels to be added to kibana pod labels. | From 26e5bdbdb8cd1926339e0350165a75df527dcfba Mon Sep 17 00:00:00 2001 From: Aron Kaufmann Date: Fri, 14 Jun 2024 12:58:04 +0200 Subject: [PATCH 09/12] workaround according to github helm issue: https://github.com/helm/helm/issues/6376 --- apigateway/helm/templates/kibana.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apigateway/helm/templates/kibana.yaml b/apigateway/helm/templates/kibana.yaml index d2c18f1..18520e2 100644 --- a/apigateway/helm/templates/kibana.yaml +++ b/apigateway/helm/templates/kibana.yaml @@ -98,7 +98,7 @@ spec: initContainers: {{- toYaml .Values.kibana.extraInitContainers | nindent 8 }} {{- end }} - {{- if or (eq .Values.kibana.tls.enabled true) (eq .Values.kibana.extraVolumes true) }} + {{- if or (eq .Values.kibana.tls.enabled true) (eq (default .Values.kibana.extraVolumes false) true) }} volumes: {{- if .Values.kibana.tls.enabled }} - name: elasticsearch-certs @@ -144,7 +144,7 @@ spec: livenessProbe: {{- toYaml .Values.kibana.livenessProbe | nindent 12 }} {{- end }} - {{- if or (eq .Values.kibana.tls.enabled true) (eq .Values.kibana.extraVolumeMounts true) }} + {{- if or (eq .Values.kibana.tls.enabled true) (eq (default .Values.kibana.extraVolumeMounts false) true) }} volumeMounts: {{- if .Values.kibana.tls.enabled }} - name: elasticsearch-certs From 0116277e2c3c80be0bc1ccf289e69a0dc7c03e7e Mon Sep 17 00:00:00 2001 From: Aron Kaufmann Date: Fri, 14 Jun 2024 13:21:49 +0200 Subject: [PATCH 10/12] try other syntax --- apigateway/helm/templates/kibana.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apigateway/helm/templates/kibana.yaml b/apigateway/helm/templates/kibana.yaml index 18520e2..5b3ecb2 100644 --- a/apigateway/helm/templates/kibana.yaml +++ b/apigateway/helm/templates/kibana.yaml @@ -98,7 +98,7 @@ spec: initContainers: {{- toYaml .Values.kibana.extraInitContainers | nindent 8 }} {{- end }} - {{- if or (eq .Values.kibana.tls.enabled true) (eq (default .Values.kibana.extraVolumes false) true) }} + {{- if or ( .Values.kibana.tls.enabled ) ( .Values.kibana.extraVolumes ) }} volumes: {{- if .Values.kibana.tls.enabled }} - name: elasticsearch-certs @@ -144,7 +144,7 @@ spec: livenessProbe: {{- toYaml .Values.kibana.livenessProbe | nindent 12 }} {{- end }} - {{- if or (eq .Values.kibana.tls.enabled true) (eq (default .Values.kibana.extraVolumeMounts false) true) }} + {{- if or ( .Values.kibana.tls.enabled ) ( .Values.kibana.extraVolumeMounts ) }} volumeMounts: {{- if .Values.kibana.tls.enabled }} - name: elasticsearch-certs From d1d15d627218c97d2d667b06c99328cce227a3b6 Mon Sep 17 00:00:00 2001 From: Aron Kaufmann Date: Fri, 14 Jun 2024 13:28:02 +0200 Subject: [PATCH 11/12] updated readme --- apigateway/helm/README.md.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apigateway/helm/README.md.gotmpl b/apigateway/helm/README.md.gotmpl index 74a8a0d..1fd15fe 100644 --- a/apigateway/helm/README.md.gotmpl +++ b/apigateway/helm/README.md.gotmpl @@ -166,6 +166,6 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use | `1.2.2` | Option in `values.yaml` to create a ServiceMonitor added. | | `1.2.3` | Job template added to create house keeping (cron) jobs. | | `1.2.4` | Added Kibana extra container configuration, set by Values.kibana.extraContainers.
Added ServiceMonitor matchLabel for a specific service. The service is set by .Values.serviceMonitor.serviceName defaulting to API Gateways runtime service. | -| `1.2.5` | Added possibility to read metering truststore password by secretKeyRef. | +| `1.2.5` | Added possibility to read metering truststore password by secretKeyRef.
Added custom logging configuration for Kibana. | {{ template "chart.valuesSection" . }} From f082512cac9e061977cfab786f31701da3f8bd2c Mon Sep 17 00:00:00 2001 From: Aron Kaufmann Date: Fri, 14 Jun 2024 13:28:34 +0200 Subject: [PATCH 12/12] updated readme and updating helm/README.me from values.yaml --- apigateway/helm/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apigateway/helm/README.md b/apigateway/helm/README.md index 7b7e543..2fdff3c 100644 --- a/apigateway/helm/README.md +++ b/apigateway/helm/README.md @@ -165,7 +165,7 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use | `1.2.2` | Option in `values.yaml` to create a ServiceMonitor added. | | `1.2.3` | Job template added to create house keeping (cron) jobs. | | `1.2.4` | Added Kibana extra container configuration, set by Values.kibana.extraContainers.
Added ServiceMonitor matchLabel for a specific service. The service is set by .Values.serviceMonitor.serviceName defaulting to API Gateways runtime service. | -| `1.2.5` | Added possibility to read metering truststore password by secretKeyRef. | +| `1.2.5` | Added possibility to read metering truststore password by secretKeyRef.
Added custom logging configuration for Kibana. | ## Values