Add possibility to read metering truststore Password by secretKeyRef

apigateway/helm/Chart.yaml

@@ -33,7 +33,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.2.4
+version: 1.2.5
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

apigateway/helm/README.md

@@ -165,6 +165,7 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use
 | `1.2.2` | Option in `values.yaml` to create a ServiceMonitor added. |
 | `1.2.3` | Job template added to create house keeping (cron) jobs.  |
 | `1.2.4` | Added Kibana extra container configuration, set by Values.kibana.extraContainers. <br> Added ServiceMonitor matchLabel for a specific service. The service is set by .Values.serviceMonitor.serviceName defaulting to API Gateways runtime service. |
+| `1.2.5` | Added possibility to read metering truststore password by secretKeyRef. <br> Added custom logging configuration for Kibana. |
 
 ## Values
 
@@ -314,9 +315,16 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use
 | kibana.allowAnonymousStatus | bool | `true` | Enable anonymous access to /api/status. |
 | kibana.annotations | object | `{}` | Annotations for Kibana |
 | kibana.count | int | `1` |  |
+| kibana.customLogging | object | `{"appenders":{},"enabled":false,"loggers":[],"root":{}}` | Custom logging configuration for kibana container. |
+| kibana.customLogging.appenders | object | `{}` | Define appenders for custom logging config. Example for logging to file: file:   type: file   fileName: /usr/share/kibana/logs/kibana.log   layout:     type: pattern |
+| kibana.customLogging.enabled | bool | `false` | Enable custom logging configuration. |
+| kibana.customLogging.loggers | list | `[]` | Define loggers other than root logger. Example for custom server logger: - name: server   appenders: [console]   level: warn |
+| kibana.customLogging.root | object | `{}` | Define which appenders are used by root logger. Example for logging to file additionally to default/console:   appenders: [file, default]   level: warn |
 | kibana.extraContainers | list | `[]` | The definition of extra containers for kibana. |
 | kibana.extraInitContainers | list | `[]` | The definition of extra initContainers for kibana. |
 | kibana.extraLabels | object | `{}` | Additional labels to be added to kibana pod labels. |
+| kibana.extraVolumeMounts | list | `[]` | The definition of extra volumeMounts for kibana. |
+| kibana.extraVolumes | list | `[]` | The definition of extra volumes for kibana. |
 | kibana.image | string | `nil` | The image that should be used. By default ECK will use the official Elasticsearch images.  Overwrite this to use an image from an internal registry or any custom images. Make sure that the image corresponds to the version field. |
 | kibana.livenessProbe | object | `{}` | Configure Kibana's livenessProbe. |
 | kibana.podSecurityContext | object | `{}` | The pod securityContext for kibana pod. |
@@ -353,6 +361,10 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use
 | metering.serverUrl | string | `"https://metering.softwareag.cloud/api/measurements"` | The URL of the metering aggregator server REST API. |
 | metering.trustStoreFile | string | `nil` | The absolute path to the metering client truststore that is used for HTTPS connections. Add this value in any of the following cases: *If you use the Software AG Metering Server on premises (via HTTPS) and the certificates in the truststore do not match the certificates configured in Software AG Runtime (CTP). *If you use a metering proxy that terminates the SSL connection to the Metering Server in Software AG Cloud.  |
 | metering.trustStorePassword | string | `nil` | The password for the metering client truststore. Configure this property only if you use a truststore. |
+| metering.truststorePasswordFromSecret | object | `{"enabled":false,"secretKey":"","secretName":""}` | Configuration for secretKeyRef containing the password for the metering client truststore. Configure this property only if you use a truststore. Mutually exclusive with providing the password directly over metering.trustStorePassword. |
+| metering.truststorePasswordFromSecret.enabled | bool | `false` | enable secretKeyRef instead of providing password directly |
+| metering.truststorePasswordFromSecret.secretKey | string | `""` | Key containing the truststore password in the referenced secret |
+| metering.truststorePasswordFromSecret.secretName | string | `""` | Name of the referenced secret |
 | nameOverride | string | `""` | Overwrites Chart name of release name in workload name. As default, the workload name is release name + '-' + Chart name. The workload name is at the end release name + '-' + value of `nameOverride`. |
 | nodeSelector | object | `{}` |  |
 | podAnnotations | object | `{}` |  |

apigateway/helm/README.md.gotmpl

@@ -166,5 +166,6 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use
 | `1.2.2` | Option in `values.yaml` to create a ServiceMonitor added. |
 | `1.2.3` | Job template added to create house keeping (cron) jobs.  |
 | `1.2.4` | Added Kibana extra container configuration, set by Values.kibana.extraContainers. <br> Added ServiceMonitor matchLabel for a specific service. The service is set by .Values.serviceMonitor.serviceName defaulting to API Gateways runtime service. |
+| `1.2.5` | Added possibility to read metering truststore password by secretKeyRef. <br> Added custom logging configuration for Kibana. |
 
 {{ template "chart.valuesSection" . }}

apigateway/helm/templates/kibana.yaml

@@ -50,6 +50,21 @@ spec:
     {{- else }}
     elasticsearch.ssl.verificationMode: none
     {{- end }}
+    {{- if .Values.kibana.customLogging.enabled }}
+    logging:
+      {{- if .Values.kibana.customLogging.appenders }}
+      appenders:
+        {{- toYaml .Values.kibana.customLogging.appenders | nindent 8 }}
+      {{- end }}
+      {{- if .Values.kibana.customLogging.root }}
+      root:
+        {{- toYaml .Values.kibana.customLogging.root | nindent 8 }}
+      {{- end }}
+      {{- if .Values.kibana.customLogging.loggers }}
+      loggers:
+        {{- toYaml .Values.kibana.customLogging.loggers | nindent 8 }}
+      {{- end }}
+    {{- end }}
   http:
     tls:
       selfSignedCertificate:
@@ -83,14 +98,19 @@ spec:
       initContainers:
         {{- toYaml .Values.kibana.extraInitContainers | nindent 8 }}
       {{- end }}
-      {{- if .Values.kibana.tls.enabled }}
+      {{- if or ( .Values.kibana.tls.enabled ) ( .Values.kibana.extraVolumes ) }}
       volumes:
+        {{- if .Values.kibana.tls.enabled }}
         - name: elasticsearch-certs
           secret:
             secretName: {{ .Values.kibana.tls.secretName }}
             items:
               - key: {{ .Values.kibana.tls.trustStoreName }}
                 path: truststore.p12
+        {{- end }}
+        {{- if .Values.kibana.extraVolumes }}
+        {{- toYaml .Values.kibana.extraVolumes | nindent 8 }}
+        {{- end }}
       {{- end }}
       containers:
         - name: kibana
@@ -124,12 +144,17 @@ spec:
           livenessProbe:
             {{- toYaml .Values.kibana.livenessProbe | nindent 12 }}
           {{- end }}
-          {{- if .Values.kibana.tls.enabled }}
+          {{- if or ( .Values.kibana.tls.enabled ) ( .Values.kibana.extraVolumeMounts ) }}
           volumeMounts:
+            {{- if .Values.kibana.tls.enabled }}
             - name: elasticsearch-certs
               mountPath: /usr/share/kibana/config/elasticsearch-certs/truststore.p12
               subPath:   truststore.p12
               readOnly: true
+            {{- end }}
+            {{- if .Values.kibana.extraVolumeMounts }}
+            {{- toYaml .Values.kibana.extraVolumeMounts | nindent 12 }}
+            {{- end }}
           {{- end }}
         {{- if .Values.kibana.extraContainers }}
         {{- toYaml .Values.kibana.extraContainers | nindent 8 }}

apigateway/helm/values.yaml

@@ -492,6 +492,16 @@ metering:
   # -- The password for the metering client truststore.
   # Configure this property only if you use a truststore.
   trustStorePassword:
+  # -- Configuration for secretKeyRef containing the password for the metering client truststore.
+  # Configure this property only if you use a truststore.
+  # Mutually exclusive with providing the password directly over metering.trustStorePassword.
+  truststorePasswordFromSecret:
+    # -- enable secretKeyRef instead of providing password directly
+    enabled: false
+    # -- Name of the referenced secret
+    secretName: ""
+    # -- Key containing the truststore password in the referenced secret
+    secretKey: ""
 
 elasticsearch:
 
@@ -635,6 +645,36 @@ kibana:
   # -- The securityContext for kibana container.
   securityContext: {}
 
+  # -- Custom logging configuration for kibana container.
+  customLogging:
+    # -- Enable custom logging configuration.
+    enabled: false
+    # -- Define appenders for custom logging config.
+    # Example for logging to file:
+    # file:
+    #   type: file
+    #   fileName: /usr/share/kibana/logs/kibana.log
+    #   layout:
+    #     type: pattern
+    appenders: {}
+    # -- Define which appenders are used by root logger.
+    # Example for logging to file additionally to default/console:
+    #   appenders: [file, default]
+    #   level: warn
+    root: {}
+    # -- Define loggers other than root logger.
+    # Example for custom server logger:
+    # - name: server
+    #   appenders: [console]
+    #   level: warn
+    loggers: []
+
+  # -- The definition of extra volumes for kibana.
+  extraVolumes: []
+
+  # -- The definition of extra volumeMounts for kibana.
+  extraVolumeMounts: []
+
   # -- The definition of extra containers for kibana.
   extraContainers: []
 

common/helm/templates/_metering.tpl

@@ -27,7 +27,15 @@ Usage:
   value: "{{ .Values.metering.logLevel }}"
 - name: "METERING_TRUSTSTORE_FILE"
   value: "{{ .Values.metering.trustStoreFile }}"
+{{- if .Values.metering.truststorePasswordFromSecret.enabled -}}
+- name: "METERING_TRUSTSTORE_PASSWORD"
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.metering.truststorePasswordFromSecret.secretName }}
+      key: {{ .Values.metering.truststorePasswordFromSecret.secretKey }}
+{{- else -}}
 - name: "METERING_TRUSTSTORE_PASSWORD"
   value: "{{ .Values.metering.trustStorePassword }}"
 {{- end -}}
+{{- end -}}
 {{- end }}