1. Deploying and Managing Oracle Access Management on Kubernetes
  2. Administering Oracle Access Management on Kubernetes
  3. Logging and Visualization
  4. Creating the Logstash Pod
  5. Creating the ConfigMap

14.2.4 Creating the ConfigMap

Perform the following steps to create the Kubernetes ConfigMap for ELK:
  1. Copy the elk.crt file to the $WORKDIR/kubernetes/elasticsearch-and-kibana directory.
  2. Navigate to the $WORKDIR/kubernetes/elasticsearch-and-kibana directory and run the following:
    kubectl create configmap elk-cert --from-file=elk.crt -n <namespace>
    For example:
    kubectl create configmap elk-cert --from-file=elk.crt -n oamns
    The output will look similar to the following:
    configmap/elk-cert created
  3. Create a logstash_cm.yaml file in the $WORKDIR/kubernetes/elasticsearch-and-kibana directory as follows:
    apiVersion: v1
kind: ConfigMap
metadata:
  name: oam-logstash-configmap
  namespace: <ELKNS>
data:
  logstash.yml: |
  #http.host: "0.0.0.0"
  logstash-config.conf: |
    input {
     file {
        path => "<Log Home>/**/logs/AdminServer*.log"
        tags => "Adminserver_log"
        start_position => beginning
      }
      file {
        path => "<Log Home>/**/logs/oam_policy_mgr*.log"
        tags => "Policymanager_log"
        start_position => beginning
      }
      file {
        path => "<Log Home>/**/logs/oam_server*.log"
        tags => "Oamserver_log"
        start_position => beginning
      }
      file {
        path => "<Domain Home>/servers/AdminServer/logs/AdminServer-diagnostic.log"
        tags => "Adminserver_diagnostic"
        start_position => beginning
      }
      file {
        path => "<Domain Home>/servers/**/logs/oam_policy_mgr*-diagnostic.log"
        tags => "Policy_diagnostic"
        start_position => beginning
      }
      file {
      path => "<Domain Home>/servers/AdminServer/logs/auditlogs/OAM/audit.log"
      tags => "Audit_logs"
      start_position => beginning
      }
    }
    filter {
      grok {
        match => [ "message", "<%{DATA:log_timestamp}> <%{WORD:log_level}> <%{WORD:thread}> <%{HOSTNAME:hostname}> <%{HOSTNAME:servername}> <%{DATA:timer}> <<%{DATA:kernel}>> <> <%{DATA:uuid}> <%{NUMBER:timestamp}> <%{DATA:misc}> <%{DATA:log_number}> <%{DATA:log_message}>" ]
      }
    if "_grokparsefailure" in [tags] {
        mutate {
            remove_tag => [ "_grokparsefailure" ]
        }
    }
    }
    output {
      elasticsearch {
    hosts => ["<ELK_HOSTS>"]
    cacert => '/usr/share/logstash/config/certs/elk.crt'
    index => "oamlogs-000001"
    ssl => true
    ssl_certificate_verification => false
    user => "<ELK_USER>"
    password => "${ELASTICSEARCH_PASSWORD}"
    api_key => "${ELASTICSEARCH_PASSWORD}"
      }
    }
    Change the values in the above file as follows:
    • Change the <ELKNS>, <ELK_HOSTS>, <ELK_SSL>, and <ELK_USER> to match the values in Variables Used in This Section.
    • Change <Log Home> and <Domain Home> to match the Log Home and Domain Home returned in Finding Required Domain Details.
    • If using API KEY for your ELK authentication, delete the user and password lines.
    • If using a password for ELK authentication, delete the api_key line.
    • If no authentication is used for ELK, delete the user, password, and api_key lines.
    For example:
    apiVersion: v1
kind: ConfigMap
metadata:
  name: oam-logstash-configmap
  namespace: oamns
data:
  logstash.yml: |
  #http.host: "0.0.0.0"
  logstash-config.conf: |
    input {
     file {
        path => "/u01/oracle/user_projects/domains/logs/accessdomain/**/logs/AdminServer*.log"
        tags => "Adminserver_log"
        start_position => beginning
      }
      file {
        path => "/u01/oracle/user_projects/domains/logs/accessdomain/**/logs/oam_policy_mgr*.log"
        tags => "Policymanager_log"
        start_position => beginning
      }
      file {
        path => "/u01/oracle/user_projects/domains/logs/accessdomain/**/logs/oam_server*.log"
        tags => "Oamserver_log"
        start_position => beginning
      }
      file {
        path => "/u01/oracle/user_projects/domains/accessdomain/servers/AdminServer/logs/AdminServer-diagnostic.log"
        tags => "Adminserver_diagnostic"
        start_position => beginning
      }
      file {
        path => "/u01/oracle/user_projects/domains/accessdomain/servers/**/logs/oam_policy_mgr*-diagnostic.log"
        tags => "Policy_diagnostic"
        start_position => beginning
      }
      file {
      path => "/u01/oracle/user_projects/domains/accessdomain/servers/AdminServer/logs/auditlogs/OAM/audit.log"
      tags => "Audit_logs"
      start_position => beginning
      }
    }
    filter {
      grok {
        match => [ "message", "<%{DATA:log_timestamp}> <%{WORD:log_level}> <%{WORD:thread}> <%{HOSTNAME:hostname}> <%{HOSTNAME:servername}> <%{DATA:timer}> <<%{DATA:kernel}>> <> <%{DATA:uuid}> <%{NUMBER:timestamp}> <%{DATA:misc}> <%{DATA:log_number}> <%{DATA:log_message}>" ]
      }
    if "_grokparsefailure" in [tags] {
        mutate {
            remove_tag => [ "_grokparsefailure" ]
        }
    }
    }
    output {
      elasticsearch {
    hosts => ["https://elasticsearch.example.com:9200"]
    cacert => '/usr/share/logstash/config/certs/elk.crt'
    index => "oamlogs-000001"
    ssl => true
    ssl_certificate_verification => false
    user => "logstash_internal"
    password => "${ELASTICSEARCH_PASSWORD}"
      }
    }
  4. Run the following command to create the ConfigMap:
     kubectl apply -f logstash_cm.yaml
    The output will look similar to the following:
    configmap/oam-logstash-configmap created