Browse Source

helm add auditLogConfig option

pull/2510/head
Konstantin Lebedev 3 years ago
parent
commit
761ffdc405
  1. 3
      k8s/helm_charts2/templates/filer-statefulset.yaml
  2. 3
      k8s/helm_charts2/templates/s3-deployment.yaml
  3. 8
      k8s/helm_charts2/templates/seaweedfs-s3-secret.yaml
  4. 5
      k8s/helm_charts2/values.yaml

3
k8s/helm_charts2/templates/filer-statefulset.yaml

@ -149,6 +149,9 @@ spec:
{{- if .Values.filer.s3.enableAuth }} {{- if .Values.filer.s3.enableAuth }}
-s3.config=/etc/sw/seaweedfs_s3_config \ -s3.config=/etc/sw/seaweedfs_s3_config \
{{- end }} {{- end }}
{{- if .Values.filer.s3.auditLogConfig }}
-s3.auditLogConfig=/etc/sw/filer_s3_auditLogConfig.json \
{{- end }}
{{- end }} {{- end }}
-master={{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }} -master={{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }}
{{- if or (.Values.global.enableSecurity) (.Values.filer.extraVolumeMounts) }} {{- if or (.Values.global.enableSecurity) (.Values.filer.extraVolumeMounts) }}

3
k8s/helm_charts2/templates/s3-deployment.yaml

@ -93,6 +93,9 @@ spec:
{{- if .Values.s3.enableAuth }} {{- if .Values.s3.enableAuth }}
-config=/etc/sw/seaweedfs_s3_config \ -config=/etc/sw/seaweedfs_s3_config \
{{- end }} {{- end }}
{{- if .Values.s3.auditLogConfig }}
-auditLogConfig=/etc/sw/s3_auditLogConfig.json \
{{- end }}
-filer={{ template "seaweedfs.name" . }}-filer-client:{{ .Values.filer.port }} -filer={{ template "seaweedfs.name" . }}-filer-client:{{ .Values.filer.port }}
volumeMounts: volumeMounts:
- name: logs - name: logs

8
k8s/helm_charts2/templates/seaweedfs-s3-secret.yaml

@ -18,4 +18,12 @@ stringData:
read_access_key_id: {{ $access_key_read }} read_access_key_id: {{ $access_key_read }}
read_secret_access_key: {{ $secret_key_read }} read_secret_access_key: {{ $secret_key_read }}
seaweedfs_s3_config: '{"identities":[{"name":"anvAdmin","credentials":[{"accessKey":"{{ $access_key_admin }}","secretKey":"{{ $secret_key_admin }}"}],"actions":["Admin","Read","Write"]},{"name":"anvReadOnly","credentials":[{"accessKey":"{{ $access_key_read }}","secretKey":"{{ $secret_key_read }}"}],"actions":["Read"]}]}' seaweedfs_s3_config: '{"identities":[{"name":"anvAdmin","credentials":[{"accessKey":"{{ $access_key_admin }}","secretKey":"{{ $secret_key_admin }}"}],"actions":["Admin","Read","Write"]},{"name":"anvReadOnly","credentials":[{"accessKey":"{{ $access_key_read }}","secretKey":"{{ $secret_key_read }}"}],"actions":["Read"]}]}'
{{- if .Values.filer.s3.auditLogConfig }}
filer_s3_auditLogConfig.json: |
{{ toJson .Values.filer.s3.auditLogConfig | nindent 4 }}
{{- end }}
{{- if .Values.s3.auditLogConfig }}
s3_auditLogConfig.json: |
{{ toJson .Values.s3.auditLogConfig | nindent 4 }}
{{- end }}
{{- end }} {{- end }}

5
k8s/helm_charts2/values.yaml

@ -273,9 +273,6 @@ filer:
# Limit sub dir listing size (default 100000) # Limit sub dir listing size (default 100000)
dirListLimit: 100000 dirListLimit: 100000
# Turn off directory listing
disableDirListing: false
# Disable http request, only gRpc operations are allowed # Disable http request, only gRpc operations are allowed
disableHttp: false disableHttp: false
@ -378,6 +375,7 @@ filer:
# enable user & permission to s3 (need to inject to all services) # enable user & permission to s3 (need to inject to all services)
enableAuth: false enableAuth: false
skipAuthSecretCreation: false skipAuthSecretCreation: false
auditLogConfig: {}
s3: s3:
enabled: false enabled: false
@ -394,6 +392,7 @@ s3:
# enable user & permission to s3 (need to inject to all services) # enable user & permission to s3 (need to inject to all services)
enableAuth: false enableAuth: false
skipAuthSecretCreation: false skipAuthSecretCreation: false
auditLogConfig: {}
# Suffix of the host name, {bucket}.{domainName} # Suffix of the host name, {bucket}.{domainName}
domainName: "" domainName: ""

Loading…
Cancel
Save