Updating Logging with Custom Non-Root User ID and Group ID

If logging is enabled, update the logging Helm release files with the selected user ID and group ID. These changes apply to the Log Aggregator, Node Log Collector, Oracle OpenSearch, and Oracle OpenSearch Dashboards components.

The logging sidecars inside Siebel pods are configured separately in the siebel-gateway.yaml and siebel.yaml Helm release files by using logging.securityContext.runAsUser.

To update logging with custom non-root user ID and group ID:

1. Update the Siebel Logging Helm release as follows:
   1. Open the Siebel Logging Helm release file:

      vi /home/opc/siebel/<ENV_ID>/<env_namespace>-cloud-manager/flux-crm/apps/base/siebel-logging/siebel-logging.yaml

   2. Under spec.values, add the podSecurityContext section:

      apiVersion: helm.toolkit.fluxcd.io/v2
      kind: HelmRelease
      metadata:
         name: siebel-logging
         namespace: <env_namespace>
      spec:
         releaseName: siebel-logging
         chart:
            spec:
               chart: ./siebel-logging
               sourceRef:
                  kind: GitRepository
                  name: <flux_helm_repo_name>
                  namespace: <flux_helm_repo_namespace>
         interval: 5m
         install:
            timeout: 120m
         upgrade:
            timeout: 120m
            remediation:
               retries: 3
               remediateLastFailure: true
               strategy: rollback
         uninstall:
            timeout: 30m
         values:
            logging:
               enableLogging: <true_or_false>
               enableOracleOpensearch: <true_or_false>
               enableOCILogan: <true_or_false>
               image:
                  registry: <user_registry_url>
                  repository: <registry_prefix>/<env_namespace>/cm/log-aggregator
                  tag: <log_aggregator_tag>
                  imagePullPolicy: Always
               logCollectorImage:
                  registry: <user_registry_url>
                  repository: <registry_prefix>/<env_namespace>/cm/fluentd-collector
                  tag: <fluentd_collector_tag>
               podSecurityContext:
                  runAsUser: <logging_run_as_user>
                  runAsGroup: <logging_run_as_group>
                  fsGroup: <logging_fs_group>

2. Update the Oracle OpenSearch Helm release as follows:
   1. Open the Oracle OpenSearch Helm release file:

      vi /home/opc/siebel/<ENV_ID>/<env_namespace>-cloud-manager/flux-crm/apps/base/siebel-logging/oracle-opensearch.yaml

   2. Under spec.values, add the podSecurityContext section:

      apiVersion: helm.toolkit.fluxcd.io/v2
      kind: HelmRelease
      metadata:
         name: oracle-opensearch
         namespace: <env_namespace>
      spec:
         releaseName: oracle-opensearch
         chart:
            spec:
               chart: ./oracle-opensearch
               sourceRef:
                 kind: GitRepository
                 name: <flux_helm_repo_name>
                 namespace: <flux_helm_repo_namespace>
         interval: 10m
         install:
            timeout: 120m
            strategy:
               name: RetryOnFailure
               retryInterval: 5m
         upgrade:
            timeout: 120m
            remediation:
               retries: 3
               remediateLastFailure: true
               strategy: rollback
         uninstall:
            timeout: 30m
         values:
            image:
               opensearch:
                  registry: <user_registry_url>
                  repository: <registry_prefix>/<env_namespace>/cm/oracle-opensearch
                  tag: <oracle_opensearch_tag>
                  imagePullPolicy: Always
               podSecurityContext:
                  fsGroup: <logging_fs_group>
                  runAsUser: <logging_run_as_user>

3. Update the Oracle OpenSearch Dashboards Helm release as follows:
   1. Open the Oracle OpenSearch Dashboards Helm release file:

      vi /home/opc/siebel/<ENV_ID>/<env_namespace>-cloud-manager/flux-crm/apps/base/siebel-logging/oracle-opensearch-dashboards.yaml

   2. Under spec.values, add the podSecurityContext section:

      apiVersion: helm.toolkit.fluxcd.io/v2
      kind: HelmRelease
      metadata:
         name: oracle-opensearch-dashboards
         namespace: <env_namespace>
      spec:
         releaseName: oracle-opensearch-dashboards
         chart:
               spec:
                  chart: ./oracle-opensearch-dashboards
                  sourceRef:
                     kind: GitRepository
                     name: <flux_helm_repo_name>
                     namespace: <flux_helm_repo_namespace>
         interval: 10m
         install:
               timeout: 120m
         upgrade:
               timeout: 120m
               remediation:
               retries: 3
                  remediateLastFailure: true
                  strategy: rollback
         uninstall:
               timeout: 30m
         values:
               image:
                  opensearch_dashboards:
                     registry: <user_registry_url>
                     repository: <registry_prefix>/<env_namespace>/cm/oracle-opensearch-dashboards
                     tag: <oracle_opensearch_dashboards_tag>
                     imagePullPolicy: Always
                  podSecurityContext:
                     runAsUser: <logging_run_as_user>
                     fsGroup: <logging_fs_group>

In the above examples:

• <logging_run_as_user> specifies the user ID under which the logging container processes run.
• <logging_run_as_group> specifies the group ID under which the logging container processes run.
• <logging_fs_group> specifies the file system group ID used for access to shared volumes and persistent storage.