1. Deploying Siebel CRM Containers on Kubernetes using Siebel Cloud Manager
  2. Updating Observability with Custom Non-Root User ID and Group ID

Updating Observability with Custom Non-Root User ID and Group ID

If observability is enabled, update the observability Helm release files with the selected runAsUser, runAsGroup, and fsGroup values. You can use non-root user ID and group ID that are different from the Siebel non-root user ID and group ID or the same values as the Siebel non-root user ID and group ID.

If Prometheus uses a local-storage persistent volume, ensure that the local storage directory is owned by <observability_run_as_user>:<observability_fs_group> before you reconcile the Helm release changes:

sudo chown -R <observability_run_as_user>:<observability_fs_group> <local_storage_directory_path>

To update Observability with custom non-root user ID and group ID:

  1. Update the Prometheus Helm release as follows:
    1. Open the Prometheus Helm release file:
      vi /home/opc/siebel/<ENV_ID>/<env_namespace>-cloud-manager/flux-crm/apps/base/siebel_observability/prometheus.yaml
    2. Under spec.values, add the securityContext section:
      apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
   name: prometheus
   namespace: <env_namespace>
spec:
   releaseName: prometheus
   chart:
      spec:
         chart: ./prometheus
            sourceRef:
            kind: GitRepository
            name: <flux_helm_repo_name>
            namespace: <flux_helm_repo_namespace>
   interval: 10m
   install:
      timeout: 120m
      remediation:
         retries: 3
      remediateLastFailure: true
   upgrade:
      timeout: 120m
      remediation:
      retries: 3
      remediateLastFailure: true
      strategy: rollback
   uninstall:
      timeout: 30m
   values:
      alerting: <true_or_false>
      clusterDns: svc.cluster.local
      dbMonitoring: <true_or_false>
      configmap_reload:
         image:
         imagePullPolicy: Always
         registry: <user_registry_url>
         repository: <registry_prefix>/<env_namespace>/cm/configmap-reload
         tag: <configmap_reload_tag>
         securityContext:
            runAsGroup: <observability_run_as_group>
            runAsUser: <observability_run_as_user>
            fsGroup: <observability_fs_group>
  2. Update the Prometheus Alertmanager Helm release as follows:
    1. Open the Prometheus Alertmanager Helm release file:
      vi /home/opc/siebel/<ENV_ID>/<env_namespace>-cloud-manager/flux-crm/apps/base/siebel_observability/prometheus_alertmanager.yaml
    2. Under spec.values, add the securityContext section:
      apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: prometheus-alertmanager
  namespace: <env_namespace>
spec:
  releaseName: prometheus-alertmanager
  chart:
    spec:
      chart: ./prometheus-alert-manager
      sourceRef:
        kind: GitRepository
        name: <flux_helm_repo_name>
        namespace: <flux_helm_repo_namespace>
  interval: 5m
  install:
    timeout: 120m
  upgrade:
    timeout: 120m
    remediation:
      retries: 3
      remediateLastFailure: true
      strategy: rollback
  uninstall:
    timeout: 30m
  values:
    alertmanager:
      image:
        registry: <user_registry_url>
        repository: <registry_prefix>/<env_namespace>/cm/alertmanager
        tag: <alertmanager_tag>
        pullPolicy: Always
    securityContext:
      runAsGroup: <observability_run_as_group>
      runAsUser: <observability_run_as_user>
      fsGroup: <observability_fs_group>
  3. Update the Prometheus Adapter Helm release as follows:
    1. Open the Prometheus Adapter Helm release file:
      vi /home/opc/siebel/<ENV_ID>/<env_namespace>-cloud-manager/flux-crm/apps/base/siebel_observability/prometheus_adapter.yaml
    2. Under spec.values, add the podSecurityContext section:
      apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
   name: prometheus-adapter
   namespace: <env_namespace>
spec:
   releaseName: prometheus-adapter
   chart:
   spec:
      chart: ./prometheus-adapter
      sourceRef:
         kind: GitRepository
         name: <flux_helm_repo_name>
         namespace: <flux_helm_repo_namespace>
   interval: 5m
   dependsOn:
         - name: prometheus
   install:
      timeout: 120m
   upgrade:
      timeout: 120m
      remediation:
      retries: 3
      remediateLastFailure: true
      strategy: rollback
   uninstall:
      timeout: 30m
   values:
      prometheus_adapter:
      image:
   imagePullPolicy: Always
      registry: <user_registry_url>
      repository: <registry_prefix>/<env_namespace>/cm/prometheus-adapter
      tag: <prometheus_adapter_tag>
   podSecurityContext:
      runAsUser: <observability_run_as_user>
      runAsGroup: <observability_run_as_group>
      fsGroup: <observability_fs_group>
  4. Update the Kube State Metrics Helm release as follows:
    1. Open the Kube State Metrics Helm release file:
      vi /home/opc/siebel/<ENV_ID>/<env_namespace>-cloud-manager/flux-crm/apps/base/siebel_observability/prometheus_kube_state_metrics.yaml
    2. Under spec.values, add the securityContext section:
      apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
   name: kube-state-metrics
   namespace: <env_namespace>
spec:
   releaseName: kube-state-metrics
   chart:
      spec:
   chart: ./kube-state-metrics
   sourceRef:
      kind: GitRepository
      name: <flux_helm_repo_name>
      namespace: <flux_helm_repo_namespace>
   interval: 5m
   install:
      timeout: 120m
   upgrade:
      timeout: 120m
      remediation:
      retries: 3
      remediateLastFailure: true
      strategy: rollback
   uninstall:
   timeout: 30m
   values:
      kube_state_metrics:
      image:
         registry: <user_registry_url>
         repository: <registry_prefix>/<env_namespace>/cm/kube-state-metrics
         tag: <kube_state_metrics_tag>
         pullPolicy: Always
      securityContext:
         runAsGroup: <observability_run_as_group>
         runAsUser: <observability_run_as_user>
         fsGroup: <observability_fs_group>
  5. Update the Node Exporter Helm release as follows:
    1. Open the Node Exporter Helm release file:
      vi /home/opc/siebel/<ENV_ID>/<env_namespace>-cloud-manager/flux-crm/apps/base/siebel_observability/prometheus_node_exporter.yaml
    2. Under spec.values, add the securityContext section:
      apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
   name: node-exporter
   namespace: <env_namespace>
spec:
   releaseName: node-exporter
   chart:
      spec:
         chart: ./node-exporter
         sourceRef:
         kind: GitRepository
         name: <flux_helm_repo_name>
         namespace: <flux_helm_repo_namespace>
   interval: 5m
   install:
      timeout: 120m
   upgrade:
      timeout: 120m
      remediation:
         retries: 3
         remediateLastFailure: true
         strategy: rollback
   uninstall:
      timeout: 30m
   values:
      node_exporter:
         image:
         registry: <user_registry_url>
         repository: <registry_prefix>/<env_namespace>/cm/node-exporter
         tag: <node_exporter_tag>
         pullPolicy: Always
      securityContext:
         runAsGroup: <observability_run_as_group>
         runAsUser: <observability_run_as_user>
         fsGroup: <observability_fs_group>

In the above examples:

  • <observability_run_as_user> specifies the user ID under which the observability component container processes run.
  • <observability_run_as_group> specifies the group ID under which the observability container processes run.
  • <observability_fs_group> specifies the file system group ID used for access to shared volumes.