Merge pull request #443 from bcgov/adding-splunk

adding in splunk integration dev, test, prod
bcgov · Sep 26, 2023 · 2735de8 · 2735de8
2 parents 23b6dd0 + 836f5d4
commit 2735de8
Show file tree

Hide file tree

Showing 5 changed files with 99 additions and 3 deletions.
diff --git a/.github/workflows/deploy-to-openshift-backend-dev.yml b/.github/workflows/deploy-to-openshift-backend-dev.yml
@@ -9,7 +9,7 @@ env:
   # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
   OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-dev
 
-  # SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}
+  SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}
 
     # 🖊️ EDIT to change the image registry settings.
   # Registries such as GHCR, Quay.io, and Docker Hub are supported.
@@ -155,6 +155,9 @@ jobs:
         oc process -f tools/openshift/backend.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} -p HOST_ROUTE=${{ env.HOST_ROUTE }}\
         | oc apply -f -
 
+        # Process update-configmap
+        curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh | bash /dev/stdin dev ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.SPLUNK_TOKEN }}
+
         # Start rollout (if necessary) and follow it
         oc rollout latest dc/${{ env.APP_NAME }}-${{ env.APP_NAME_BACKEND }} 2> /dev/null \
         || true && echo "Rollout in progress"

diff --git a/.github/workflows/deploy-to-openshift-backend-prod.yml b/.github/workflows/deploy-to-openshift-backend-prod.yml
@@ -9,7 +9,7 @@ env:
   # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
   OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-prod
 
-  # SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}
+  SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}
 
     # 🖊️ EDIT to change the image registry settings.
   # Registries such as GHCR, Quay.io, and Docker Hub are supported.
@@ -126,6 +126,9 @@ jobs:
         oc process -f tools/openshift/backend.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p TAG=${{ steps.get-latest-tag.outputs.tag }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} -p HOST_ROUTE=${{ env.HOST_ROUTE }}\
         | oc apply -f -
 
+        # Process update-configmap
+        curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh | bash /dev/stdin prod ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.SPLUNK_TOKEN }}
+
         # Start rollout (if necessary) and follow it
         oc rollout latest dc/${{ env.APP_NAME }}-${{ env.APP_NAME_BACKEND }} 2> /dev/null \
         || true && echo "Rollout in progress"

diff --git a/.github/workflows/deploy-to-openshift-backend-test.yml b/.github/workflows/deploy-to-openshift-backend-test.yml
@@ -9,7 +9,7 @@ env:
   # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
   OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-test
 
-  # SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}
+  SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}
 
     # 🖊️ EDIT to change the image registry settings.
   # Registries such as GHCR, Quay.io, and Docker Hub are supported.
@@ -123,6 +123,9 @@ jobs:
         oc process -f tools/openshift/backend.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p TAG=${{ steps.get-latest-tag.outputs.tag }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} -p HOST_ROUTE=${{ env.HOST_ROUTE }}\
         | oc apply -f -
 
+        # Process update-configmap
+        curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh | bash /dev/stdin test ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.SPLUNK_TOKEN }}
+
         # Start rollout (if necessary) and follow it
         oc rollout latest dc/${{ env.APP_NAME }}-${{ env.APP_NAME_BACKEND }}} 2> /dev/null \
         || true && echo "Rollout in progress"

diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh
@@ -0,0 +1,46 @@
+envValue=$1
+APP_NAME=$2
+OPENSHIFT_NAMESPACE=$3
+SPLUNK_TOKEN=$4
+
+SPLUNK_URL="gww.splunk.educ.gov.bc.ca"
+FLB_CONFIG="[SERVICE]
+   Flush        1
+   Daemon       Off
+   Log_Level    debug
+   HTTP_Server   On
+   HTTP_Listen   0.0.0.0
+   Parsers_File parsers.conf
+[INPUT]
+   Name   tail
+   Path   /mnt/log/*
+   Parser docker
+   Mem_Buf_Limit 20MB
+[FILTER]
+   Name record_modifier
+   Match *
+   Record hostname \${HOSTNAME}
+[OUTPUT]
+   Name   stdout
+   Match  *
+[OUTPUT]
+   Name  splunk
+   Match *
+   Host  $SPLUNK_URL
+   Port  443
+   TLS         On
+   TLS.Verify  Off
+   Message_Key $APP_NAME
+   Splunk_Token $SPLUNK_TOKEN
+"
+PARSER_CONFIG="
+[PARSER]
+    Name        docker
+    Format      json
+"
+
+echo Creating config map $APP_NAME-flb-sc-config-map
+oc create -n $OPENSHIFT_NAMESPACE-$envValue configmap $APP_NAME-flb-sc-config-map \
+--from-literal=fluent-bit.conf="$FLB_CONFIG" \
+--from-literal=parsers.conf="$PARSER_CONFIG" \
+--dry-run -o yaml | oc apply -f -
diff --git a/tools/openshift/backend.dc.yaml b/tools/openshift/backend.dc.yaml
@@ -78,12 +78,53 @@ objects:
             limits:
               cpu: "${MAX_CPU}"
               memory: "${MAX_MEM}"
+        - image: artifacts.developer.gov.bc.ca/docker-remote/fluent/fluent-bit:1.5.7
+          name: "${APP_NAME}-fluent-bit-sidecar"
+          imagePullPolicy: Always
+          imagePullSecrets:
+            - name: artifactory-creds
+          volumeMounts:
+            - name: log-storage
+              mountPath: /mnt/log
+            - name: flb-sc-config-volume
+              mountPath: /fluent-bit/etc/
+          readinessProbe:
+            tcpSocket:
+              port: 2020
+            initialDelaySeconds: 10
+            periodSeconds: 30
+            timeoutSeconds: 5
+            failureThreshold: 5
+            successThreshold: 1
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 2020
+            initialDelaySeconds: 10
+            periodSeconds: 30
+            timeoutSeconds: 5
+            failureThreshold: 5
+            successThreshold: 1
+          ports:
+            - containerPort: 2020
+              protocol: TCP
+              name: metrics
+          resources:
+            requests:
+              cpu: "5m"
+              memory: "32Mi"
+            limits:
+              cpu: "15m"
+              memory: "64Mi"
         volumes:
         - name: log-storage
           emptyDir: {}
         - name: tls-certs
           secret:
             secretName: ccof-backend-cert
+        - name: flb-sc-config-volume
+          configMap:
+            name: "${APP_NAME}-flb-sc-config-map"
     test: false
     triggers:
     - type: ConfigChange