From 761ffdc405f183e91b05dfdc1e30390cccd66a2f Mon Sep 17 00:00:00 2001 From: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.com> Date: Tue, 14 Dec 2021 18:05:22 +0500 Subject: [PATCH] helm add auditLogConfig option --- k8s/helm_charts2/templates/filer-statefulset.yaml | 3 +++ k8s/helm_charts2/templates/s3-deployment.yaml | 3 +++ k8s/helm_charts2/templates/seaweedfs-s3-secret.yaml | 8 ++++++++ k8s/helm_charts2/values.yaml | 5 ++--- 4 files changed, 16 insertions(+), 3 deletions(-) diff --git a/k8s/helm_charts2/templates/filer-statefulset.yaml b/k8s/helm_charts2/templates/filer-statefulset.yaml index 9eb2111e1..667466753 100644 --- a/k8s/helm_charts2/templates/filer-statefulset.yaml +++ b/k8s/helm_charts2/templates/filer-statefulset.yaml @@ -149,6 +149,9 @@ spec: {{- if .Values.filer.s3.enableAuth }} -s3.config=/etc/sw/seaweedfs_s3_config \ {{- end }} + {{- if .Values.filer.s3.auditLogConfig }} + -s3.auditLogConfig=/etc/sw/filer_s3_auditLogConfig.json \ + {{- end }} {{- end }} -master={{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }} {{- if or (.Values.global.enableSecurity) (.Values.filer.extraVolumeMounts) }} diff --git a/k8s/helm_charts2/templates/s3-deployment.yaml b/k8s/helm_charts2/templates/s3-deployment.yaml index b513e937b..e5abcf887 100644 --- a/k8s/helm_charts2/templates/s3-deployment.yaml +++ b/k8s/helm_charts2/templates/s3-deployment.yaml @@ -93,6 +93,9 @@ spec: {{- if .Values.s3.enableAuth }} -config=/etc/sw/seaweedfs_s3_config \ {{- end }} + {{- if .Values.s3.auditLogConfig }} + -auditLogConfig=/etc/sw/s3_auditLogConfig.json \ + {{- end }} -filer={{ template "seaweedfs.name" . }}-filer-client:{{ .Values.filer.port }} volumeMounts: - name: logs diff --git a/k8s/helm_charts2/templates/seaweedfs-s3-secret.yaml b/k8s/helm_charts2/templates/seaweedfs-s3-secret.yaml index 66fd5f28e..4e9189633 100644 --- a/k8s/helm_charts2/templates/seaweedfs-s3-secret.yaml +++ b/k8s/helm_charts2/templates/seaweedfs-s3-secret.yaml @@ -18,4 +18,12 @@ stringData: read_access_key_id: {{ $access_key_read }} read_secret_access_key: {{ $secret_key_read }} seaweedfs_s3_config: '{"identities":[{"name":"anvAdmin","credentials":[{"accessKey":"{{ $access_key_admin }}","secretKey":"{{ $secret_key_admin }}"}],"actions":["Admin","Read","Write"]},{"name":"anvReadOnly","credentials":[{"accessKey":"{{ $access_key_read }}","secretKey":"{{ $secret_key_read }}"}],"actions":["Read"]}]}' + {{- if .Values.filer.s3.auditLogConfig }} + filer_s3_auditLogConfig.json: | + {{ toJson .Values.filer.s3.auditLogConfig | nindent 4 }} + {{- end }} + {{- if .Values.s3.auditLogConfig }} + s3_auditLogConfig.json: | + {{ toJson .Values.s3.auditLogConfig | nindent 4 }} + {{- end }} {{- end }} \ No newline at end of file diff --git a/k8s/helm_charts2/values.yaml b/k8s/helm_charts2/values.yaml index 385ed45a5..d855b509d 100644 --- a/k8s/helm_charts2/values.yaml +++ b/k8s/helm_charts2/values.yaml @@ -273,9 +273,6 @@ filer: # Limit sub dir listing size (default 100000) dirListLimit: 100000 - # Turn off directory listing - disableDirListing: false - # Disable http request, only gRpc operations are allowed disableHttp: false @@ -378,6 +375,7 @@ filer: # enable user & permission to s3 (need to inject to all services) enableAuth: false skipAuthSecretCreation: false + auditLogConfig: {} s3: enabled: false @@ -394,6 +392,7 @@ s3: # enable user & permission to s3 (need to inject to all services) enableAuth: false skipAuthSecretCreation: false + auditLogConfig: {} # Suffix of the host name, {bucket}.{domainName} domainName: ""