-
Notifications
You must be signed in to change notification settings - Fork 0
How to deploy MinIO in Openshift with Audit Log
Cesar Celis Hernandez edited this page Nov 3, 2022
·
18 revisions
- Assuming Operator is already deployed:
- Create the tenant:
-
Disable TLS
-
Disable Prometheus:
- Start Addressing
securityContext
issues:
- Under the name of the pool I will place an empty
securityContext
:
pools:
- affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: v1.min.io/tenant
operator: In
values:
- thunov3629pm
- key: v1.min.io/pool
operator: In
values:
- pool-0
topologyKey: kubernetes.io/hostname
name: pool-0
securityContext: {}
- Bound the PV with the PVC using the Storage Class defined:
spec:
storageClassName: cesar
- Fix Audit Logs:
log:
audit:
diskCapacityGB: 5
db:
resources: {}
securityContext:
fsGroup: 1000660000
fsGroupChangePolicy: Always
runAsGroup: 1000660000
runAsNonRoot: true
runAsUser: 1000660000
volumeClaimTemplate:
metadata:
creationTimestamp: null
name: thunov3629pm-log
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "5368709120"
status: {}
resources: {}
securityContext:
fsGroup: 1000660000
fsGroupChangePolicy: Always
runAsGroup: 1000660000
runAsNonRoot: true
runAsUser: 1000660000
- For below we need a
serviceAccountName: minio-operator
with granted permissions because we can't change that context since is implemented by the operator code and tenant is not exposing this one:
log:
audit:
diskCapacityGB: 5
db:
resources: {}
serviceAccountName: minio-operator
securityContext:
fsGroup: 1000660000
fsGroupChangePolicy: Always
runAsGroup: 1000660000
runAsNonRoot: true
runAsUser: 1000660000
oc create serviceaccount minio-operator -n thunov3629pm
oc adm policy add-scc-to-user privileged -n thunov3629pm -z minio-operator
- Wait some time and DB will be reached:
- 3 pods running, 2 for logs and 1 for Minio:
- Tenant ready:
- Console Accesible:
- Access those logs:
https://github.com/minio/operator/blob/master/logsearchapi/README.md
- Access:
$ psql -U postgres
psql (13.8 (Debian 13.8-1.pgdg110+1))
Type "help" for help.
postgres=#
postgres=#
postgres=#
- List dbs:
postgres=# \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
------------+----------+----------+------------+------------+-----------------------
minio_logs | postgres | UTF8 | en_US.utf8 | en_US.utf8 |
postgres | postgres | UTF8 | en_US.utf8 | en_US.utf8 |
template0 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres +
| | | | | postgres=CTc/postgres
(4 rows)
- Connect to DB:
postgres=# \connect minio_logs
You are now connected to database "minio_logs" as user "postgres".
- List all tables:
minio_logs=# \dt
List of relations
Schema | Name | Type | Owner
--------+-----------------------------+-------------------+----------
public | audit_log_events | partitioned table | postgres
public | audit_log_events_2022_10_25 | table | postgres
public | audit_log_events_2022_11_01 | table | postgres
public | audit_log_events_2022_11_09 | table | postgres
public | request_info | partitioned table | postgres
public | request_info_2022_10_25 | table | postgres
public | request_info_2022_11_01 | table | postgres
public | request_info_2022_11_09 | table | postgres
(8 rows)