for #186, set up runtime-logs volume

idaholab · Apr 19, 2023 · a10e261 · a10e261
1 parent 7f7db0e
commit a10e261
Show file tree

Hide file tree

Showing 5 changed files with 60 additions and 3 deletions.
diff --git a/Dockerfiles/nginx.Dockerfile b/Dockerfiles/nginx.Dockerfile
@@ -169,7 +169,7 @@ RUN set -x ; \
     zlib-dev \
     ; \
     \
-  mkdir -p /usr/src/nginx-auth-ldap /usr/src/ngx_http_substitutions_filter_module /www /www/logs/nginx ; \
+  mkdir -p /usr/src/nginx-auth-ldap /usr/src/ngx_http_substitutions_filter_module /www /www/logs/nginx /var/log/nginx ; \
   tar -zxC /usr/src -f /nginx.tar.gz ; \
   tar -zxC /usr/src/nginx-auth-ldap --strip=1 -f /nginx-auth-ldap.tar.gz ; \
   tar -zxC /usr/src/ngx_http_substitutions_filter_module --strip=1 -f /ngx_http_substitutions_filter_module-master.tar.gz ; \

diff --git a/kubernetes/01-volumes.yml b/kubernetes/01-volumes.yml
@@ -170,6 +170,49 @@ spec:
       storage: 50Gi
   volumeName: config-volume
 
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: runtime-logs-volume
+  namespace: malcolm
+  labels:
+    namespace: malcolm
+spec:
+  capacity:
+    storage: 50Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs
+  mountOptions:
+    - nfsvers=4.1
+    - soft
+    - noac
+    - timeo=600
+    - retrans=2
+  nfs:
+    path: /malcolm/runtime-logs
+    server: 10.9.0.226
+    readOnly: false
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: runtime-logs-claim
+  namespace: malcolm
+spec:
+  storageClassName: nfs
+  accessModes:
+    - ReadWriteMany
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 50Gi
+  volumeName: runtime-logs-volume
+
 ---
 apiVersion: v1
 kind: PersistentVolume

diff --git a/kubernetes/12-filebeat.yml b/kubernetes/12-filebeat.yml
@@ -76,7 +76,9 @@ spec:
             name: filebeat-zeek-volume
           - mountPath: "/suricata"
             name: filebeat-suricata-volume
-          # TODO: live nginx-logs from nginx-proxy container
+          - name: filebeat-nginx-runtime-logs-volume
+            mountPath: /nginx
+            subPath: "nginx"
       volumes:
         - name: filebeat-var-local-catrust-volume
           configMap:
@@ -93,3 +95,7 @@ spec:
         - name: filebeat-suricata-volume
           persistentVolumeClaim:
             claimName: suricata-claim
+        - name: filebeat-nginx-runtime-logs-volume
+          persistentVolumeClaim:
+            readOnly: true
+            claimName: runtime-logs-claim
diff --git a/kubernetes/99-nginx-proxy.yml b/kubernetes/99-nginx-proxy.yml
@@ -86,6 +86,9 @@ spec:
           subPath: "auth"
         - name: nginx-etc-auth-default-volume
           mountPath: /tmp/auth/default/configmap
+        - name: nginx-runtime-logs-volume
+          mountPath: /var/log/nginx
+          subPath: "nginx"
       volumes:
       - name: nginx-etc-nginx-volume
         configMap:
@@ -107,4 +110,7 @@ spec:
           claimName: config-claim
       - name: nginx-etc-auth-default-volume
         configMap:
-          name: etc-nginx-auth
+          name: etc-nginx-auth
+      - name: nginx-runtime-logs-volume
+        persistentVolumeClaim:
+          claimName: runtime-logs-claim
diff --git a/nginx/scripts/docker_entrypoint.sh b/nginx/scripts/docker_entrypoint.sh
@@ -244,5 +244,7 @@ if [[ ! -f /etc/nginx/auth/htpasswd ]] && [[ -f /tmp/auth/default/htpasswd ]]; t
   rm -rf /tmp/auth/* || true
 fi
 
+rm -rf /var/log/nginx/* || true
+
 # start supervisor (which will spawn nginx, stunnel, etc.) or whatever the default command is
 exec "$@"