Merge branch 'main' into RHIDP-4896

Author: themr0c

artifacts/attributes.adoc

@@ -26,6 +26,8 @@
 :ocp-very-short: RHOCP
 :osd-brand-name: Red Hat OpenShift Dedicated
 :osd-short: OpenShift Dedicated
+:logging-brand-name: Red Hat OpenShift Logging
+:logging-short: OpenShift Logging
 // minimum and current latest supported versions
 :ocp-version-min: 4.14
 :ocp-version: 4.17

assemblies/assembly-about-rhdh.adoc

@@ -19,4 +19,4 @@ This platform is driven by a centralized software catalog, providing efficiency
 Use {product} to simplify decision-making through a selection of internally approved tools, programming languages, and developer resources within a self-managed portal.
 
 
-include::modules/discover/con-benefits-of-rhdh.adoc[leveloffset=+1]
+include::modules/about/con-benefits-of-rhdh.adoc[leveloffset=+1]

assemblies/assembly-audit-log.adoc

@@ -33,14 +33,16 @@ Audit logs are not forwarded to the internal log store by default because this d
 * For a complete list of fields that a {product-short} audit log can include, see xref:ref-audit-log-fields.adoc_{context}[]
 * For a list of scaffolder events that a {product-short} audit log can include, see xref:ref-audit-log-scaffolder-events.adoc_{context}[]
 
-include::modules/observe/con-audit-log-config.adoc[leveloffset=+1]
+include::modules/observe/con-audit-log-config.adoc[]
 
-include::modules/observe/proc-audit-log-view.adoc[leveloffset=+1]
+include::modules/observe/proc-forward-audit-log-splunk.adoc[leveloffset=+2]
+
+include::modules/observe/proc-audit-log-view.adoc[]
 
 include::modules/observe/ref-audit-log-fields.adoc[leveloffset=+2]
 
 include::modules/observe/ref-audit-log-scaffolder-events.adoc[leveloffset=+2]
 
 include::modules/observe/ref-audit-log-catalog-events.adoc[leveloffset=+2]
 
-include::modules/observe/ref-audit-log-file-rotation-overview.adoc[leveloffset=+1]
+include::modules/observe/ref-audit-log-file-rotation-overview.adoc[]

assemblies/assembly-running-rhdh-behind-a-proxy.adoc

@@ -6,8 +6,9 @@ You can run the {product-very-short} application behind a corporate proxy by set
 * `HTTP_PROXY`: Denotes the proxy to use for HTTP requests.
 * `HTTPS_PROXY`: Denotes the proxy to use for HTTPS requests.
 
-Additionally, you can set the `NO_PROXY` environment variable to exclude certain domains from proxying. The variable value is a comma-separated list of hostnames that do not require a proxy to get reached, even if one is specified.
+Additionally, set the `NO_PROXY` environment variable to bypass the proxy for certain domains. The variable value is a comma-separated list of hostnames or IP addresses that can be accessed without the proxy, even if one is specified.
 
+include::modules/admin/procedure-understanding-no-proxy.adoc[leveloffset=+1]
 
 include::modules/admin/proc-configuring-proxy-in-helm-deployment.adoc[leveloffset=+1]
 include::modules/admin/proc-configuring-proxy-in-operator-deployment.adoc[leveloffset=+1]

…dules/discover/con-benefits-of-rhdh.adoc modules/about/con-benefits-of-rhdh.adocmodules/discover/con-benefits-of-rhdh.adoc renamed to modules/about/con-benefits-of-rhdh.adoc modules/discover/con-benefits-of-rhdh.adoc renamed to modules/about/con-benefits-of-rhdh.adoc

@@ -0,0 +1,34 @@
+[id="understanding-no-proxy"]
+= Understanding the `NO_PROXY` exclusion rules
+
+`NO_PROXY` is a comma or space-separated list of hostnames or IP addresses, with optional port numbers. If the input URL matches any of the entries listed in `NO_PROXY`, a direct request fetches that URL, for example, bypassing the proxy settings.
+
+[NOTE]
+====
+The default value for `NO_PROXY` in {product-very-short} is `localhost,127.0.0.1`. If you want to override it, include at least `localhost` or `localhost:7007` in the list. Otherwise, the {product-very-short} backend might fail.
+====
+
+Matching follows the rules below:
+
+* `NO_PROXY=*` will bypass the proxy for all requests.
+
+* Space and commas might separate the entries in the `NO_PROXY` list. For example, `NO_PROXY="localhost,example.com"`, or `NO_PROXY="localhost example.com"`, or `NO_PROXY="localhost, example.com"` would have the same effect.
+
+* If `NO_PROXY` contains no entries, configuring the `HTTP(S)_PROXY` settings makes the backend send all requests through the proxy.
+
+* The backend does not perform a DNS lookup to determine if a request should bypass the proxy or not. For example, if DNS resolves `example.com` to `1.2.3.4`, setting `NO_PROXY=1.2.3.4` has no effect on requests sent to `example.com`. Only requests sent to the IP address `1.2.3.4` bypass the proxy.
+
+* If you add a port after the hostname or IP address, the request must match both the host/IP and port to bypass the proxy. For example, `NO_PROXY=example.com:1234` would bypass the proxy for requests to `http(s)://example.com:1234`, but not for requests on other ports, like `http(s)://example.com`.
+
+* If you do not specify a port after the hostname or IP address, all requests to that host/IP address will bypass the proxy regardless of the port. For example, `NO_PROXY=localhost` would bypass the proxy for requests sent to URLs like `http(s)://localhost:7077` and `http(s)://localhost:8888`.
+
+* IP Address blocks in CIDR notation will not work. So setting `NO_PROXY=10.11.0.0/16` will not have any effect, even if the backend sends a request to an IP address in that block.
+
+* Supports only IPv4 addresses. IPv6 addresses like `::1` will not work.
+
+* Generally, the proxy is only bypassed if the hostname is an exact match for an entry in the `NO_PROXY` list. The only exceptions are entries that start with a dot (`.`) or with a wildcard (`*`). In such a case, bypass the proxy if the hostname ends with the entry. 
+
+[NOTE]
+====
+List the domain and the wildcard domain if you want to exclude a given domain and all its subdomains. For example, you would set `NO_PROXY=example.com,.example.com` to bypass the proxy for requests sent to `http(s)://example.com` and `http(s)://subdomain.example.com`.
+====

modules/admin/procedure-understanding-no-proxy.adoc

@@ -0,0 +1,204 @@
+[id='proc-forward-audit-log-splunk_{context}']
+= Forwarding {product} audit logs to Splunk
+
+You can use the {logging-brand-name} ({logging-short}) Operator and a `ClusterLogForwarder` instance to capture the streamed audit logs from a {product-short} instance and forward them to the HTTPS endpoint associated with your Splunk instance.
+
+.Prerequisites
+
+* You have a cluster running on a supported {ocp-short} version.
+* You have an account with `cluster-admin` privileges.
+* You have a Splunk Cloud account or Splunk Enterprise installation.
+
+.Procedure
+
+. Log in to your {ocp-short} cluster. 
+. Install the {logging-short} Operator in the `openshift-logging` namespace and switch to the namespace:
++
+--
+.Example command to switch to a namespace
+[source,bash]
+----
+oc project openshift-logging
+----
+--
+. Create a `serviceAccount` named `log-collector` and bind the `collect-application-logs` role to the `serviceAccount` :
++
+--
+.Example command to create a `serviceAccount`
+[source,bash]
+----
+oc create sa log-collector
+----
+
+.Example command to bind a role to a `serviceAccount`
+[source,bash]
+----
+oc create clusterrolebinding log-collector --clusterrole=collect-application-logs --serviceaccount=openshift-logging:log-collector
+----
+--
+. Generate a `hecToken` in your Splunk instance.
+. Create a key/value secret in the `openshift-logging` namespace and verify the secret:
++
+--
+.Example command to create a key/value secret with `hecToken`
+[source,bash]
+----
+oc -n openshift-logging create secret generic splunk-secret --from-literal=hecToken=<HEC_Token>
+----
+
+.Example command to verify a secret
+[source,bash]
+----
+oc -n openshift-logging get secret/splunk-secret -o yaml
+----
+--
+. Create a basic `ClusterLogForwarder`resource YAML file as follows:
++
+--
+.Example `ClusterLogForwarder`resource YAML file
+[source,yaml]
+----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+  name: instance
+  namespace: openshift-logging
+----
+
+For more information, see link:https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/logging/index#logging-create-clf_configuring-log-forwarding[Creating a log forwarder].
+--
+. Define the following `ClusterLogForwarder` configuration using OpenShift web console or OpenShift CLI:
+.. Specify the `log-collector` as `serviceAccount` in the YAML file:
++
+--
+.Example `serviceAccount` configuration
+[source,yaml]
+----
+serviceAccount:
+  name: log-collector
+----
+--
+.. Configure `inputs` to specify the type and source of logs to forward. The following configuration enables the forwarder to capture logs from all applications in a provided namespace:
++
+--
+.Example `inputs` configuration
+[source,yaml]
+----
+inputs:
+  - name: my-app-logs-input
+    type: application
+    application:
+      includes:
+        - namespace: my-developer-hub-namespace
+      containerLimit:
+        maxRecordsPerSecond: 100
+----
+
+For more information, see link:https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/logging/index#cluster-logging-collector-log-forward-logs-from-application-pods_configuring-log-forwarding[Forwarding application logs from specific pods].
+--
+.. Configure outputs to specify where the captured logs are sent. In this step, focus on the `splunk` type. You can either use `tls.insecureSkipVerify` option if the Splunk endpoint uses self-signed TLS certificates (not recommended) or provide the certificate chain using a Secret.
++
+--
+.Example `outputs` configuration
+[source,yaml]
+----
+outputs:
+  - name: splunk-receiver-application
+    type: splunk
+    splunk:
+      authentication:
+        token:
+          key: hecToken
+          secretName: splunk-secret
+      index: main
+      url: 'https://my-splunk-instance-url'
+      rateLimit:
+        maxRecordsPerSecond: 250
+----
+
+For more information, see link:https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/logging/index#logging-forward-splunk_configuring-log-forwarding[Forwarding logs to Splunk] in {ocp-short} documentation. 
+--
+.. Optional: Filter logs to include only audit logs:
++
+--
+.Example `filters` configuration
+[source,yaml]
+----
+filters:
+  - name: audit-logs-only
+    type: drop
+    drop:
+      - test:
+        - field: .message
+          notMatches: isAuditLog
+----
+For more information, see link:https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/logging/index#logging-content-filtering[Filtering logs by content] in {ocp-short} documentation.
+--
+.. Configure pipelines to route logs from specific inputs to designated outputs. Use the names of the defined inputs and outputs to specify multiple `inputRefs` and `outputRefs` in each pipeline:
++
+--
+.Example `pipelines` configuration
+[source,yaml]
+----
+pipelines:
+  - name: my-app-logs-pipeline
+    detectMultilineErrors: true
+    inputRefs:
+      - my-app-logs-input
+    outputRefs:
+      - splunk-receiver-application
+    filterRefs:
+      - audit-logs-only
+----
+--
+
+. Run the following command to apply the `ClusterLogForwarder` configuration:
++
+--
+.Example command to apply `ClusterLogForwarder` configuration
+[source,bash]
+----
+oc apply -f <ClusterLogForwarder-configuration.yaml>
+----
+--
+. Optional: To reduce the risk of log loss, configure your `ClusterLogForwarder` pods using the following options:
+.. Define the resource requests and limits for the log collector as follows:
++
+--
+.Example `collector` configuration
+[source,yaml]
+----
+collector:
+  resources:
+    requests:
+      cpu: 250m
+      memory: 64Mi
+      ephemeral-storage: 250Mi
+    limits:
+      cpu: 500m
+      memory: 128Mi
+      ephemeral-storage: 500Mi
+----
+--
+.. Define `tuning` options for log delivery, including `delivery`, `compression`, and `RetryDuration`. Tuning can be applied per output as needed.
++
+--
+.Example `tuning` configuration
+[source,yaml]
+----
+tuning:
+  delivery: AtLeastOnce <1>
+  compression: none
+  minRetryDuration: 1s
+  maxRetryDuration: 10s
+----
+
+<1> `AtLeastOnce` delivery mode means that if the log forwarder crashes or is restarted, any logs that were read before the crash but not sent to their destination are re-sent. It is possible that some logs are duplicated after a crash. 
+--
+
+.Verification
+. Confirm that logs are being forwarded to your Splunk instance by viewing them in the Splunk dashboard.
+. Troubleshoot any issues using {ocp-short} and Splunk logs as needed.
+
+
+