feat(minio): add logsearchapi functionality

charts/minio/1.6.58/ix_values.yaml

@@ -2,5 +2,12 @@ image:
   pullPolicy: IfNotPresent
   repository: minio/minio
   tag: RELEASE.2022-10-24T18-35-07Z
+logsearchapi:
+  enabled: false
+  diskCapacityGB: 5
+  image:
+    pullPolicy: IfNotPresent
+    repository: minio/operator
+    tag: v4.5.3
 runAsGroup: 473
 runAsUser: 473

charts/minio/1.6.58/templates/_logsearchapi.tpl

@@ -0,0 +1,22 @@
+{{- define "logsearchapi.imageName" -}}
+{{- print "minio/operator:v4.5.3" -}}
+{{- end -}}
+
+{{- define "logsearchapi.command" -}}
+{{- print "/logsearchapi" -}}
+{{- end -}}
+
+{{- define "logsearchapi.secretName" -}}
+{{- print "logsearchapi-details" -}}
+{{- end -}}
+
+{{- define "logsearchapi.envVariableConfiguration" -}}
+{{- $envList := list -}}
+{{- $secretName := (include "logsearchapi.secretName" .) -}}
+{{- $postgresSecretName := (include "postgres.secretName" .) -}}
+{{- $envList = mustAppend $envList (dict "name" "MINIO_LOG_QUERY_AUTH_TOKEN" "valueFromSecret" true "secretName" $secretName "secretKey" "queryToken") -}}
+{{- $envList = mustAppend $envList (dict "name" "LOGSEARCH_AUDIT_AUTH_TOKEN" "valueFromSecret" true "secretName" $secretName "secretKey" "auditToken") -}}
+{{- $envList = mustAppend $envList (dict "name" "LOGSEARCH_PG_CONN_STR" "valueFromSecret" true "secretName" $postgresSecretName "secretKey" "postgresURL") -}}
+{{- $envList = mustAppend $envList (dict "name" "LOGSEARCH_DISK_CAPACITY_GB" "value" .Values.logsearchapi.diskCapacityGB) -}}
+{{- include "common.containers.environmentVariables" (dict "environmentVariables" $envList) -}}
+{{- end -}}

charts/minio/1.6.58/templates/_postgres.tpl

@@ -0,0 +1,24 @@
+{{- define "postgres.imageName" -}}
+{{- print "postgres:14.5" -}}
+{{- end -}}
+
+{{- define "postgres.secretName" -}}
+{{- print "postgres-details" -}}
+{{- end -}}
+
+{{- define "postgres.dbName" -}}
+{{- print "logsearchapi" -}}
+{{- end -}}
+
+{{- define "postgres.dbUser" -}}
+{{- print "logsearchapi" -}}
+{{- end -}}
+
+{{- define "postgres.envVariableConfiguration" -}}
+{{- $envList := list -}}
+{{- $secretName := (include "postgres.secretName" .) -}}
+{{- $envList = mustAppend $envList (dict "name" "POSTGRES_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "db_user") -}}
+{{- $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "valueFromSecret" true "secretName" $secretName "secretKey" "db_name") -}}
+{{- $envList = mustAppend $envList (dict "name" "POSTGRES_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "db_password") -}}
+{{- include "common.containers.environmentVariables" (dict "environmentVariables" $envList) -}}
+{{- end -}}

charts/minio/1.6.58/templates/deployment.yaml

@@ -60,6 +60,18 @@ spec:
             {{ end }}
             {{ $envList = mustAppend $envList (dict "name" "MINIO_ROOT_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "accesskey") }}
             {{ $envList = mustAppend $envList (dict "name" "MINIO_ROOT_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "secretkey") }}
+            {{ if .Values.logsearchapi.enabled }}
+            {{/*
+            We can put any ID we want here. Just make sure it's unique
+            It can be rolled on each startup without problems.
+            */}}
+            {{ $webhookID := (printf "ix-%v" (randAlphaNum 5)) }}
+            {{ $logsearchSecretName := (include "logsearchapi.secretName" .) }}
+            {{ $envList = mustAppend $envList (dict "name" "MINIO_LOG_QUERY_AUTH_TOKEN" "valueFromSecret" true "secretName" $logsearchSecretName "secretKey" "queryToken") }}
+            {{ $envList = mustAppend $envList (dict "name" "MINIO_LOG_QUERY_URL" "value" "http://localhost:8080") }}
+            {{ $envList = mustAppend $envList (dict "name" (printf "MINIO_AUDIT_WEBHOOK_ENDPOINT_%v" $webhookID) "valueFromSecret" true "secretName" $logsearchSecretName "secretKey" "webhookURL") }}
+            {{ $envList = mustAppend $envList (dict "name" (printf "MINIO_AUDIT_WEBHOOK_ENABLE_%v" $webhookID) "value" "on") }}
+            {{ end }}
             {{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 12 }}
 {{ include "common.networking.dnsConfiguration" .Values | nindent 6 }}
       volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }}

charts/minio/1.6.58/templates/logsearchapi-deployment.yaml

@@ -0,0 +1,18 @@
+{{ if .Values.logsearchapi.enabled }}
+{{ $values := (. | mustDeepCopy) }}
+{{ $_ := set $values "common" (dict "nameSuffix" "logsearchapi") }}
+{{ include "common.deployment.common_config" $values | nindent 0 }}
+spec: {{ include "common.deployment.common_spec" $values | nindent 2 }}
+  template: {{ include "common.deployment.pod.metadata" $values | nindent 4 }}
+    spec:
+      containers:
+      - name: {{ .Chart.Name }}-logsearchapi
+        image: {{ include "logsearchapi.imageName" . }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        env: {{ include "logsearchapi.envVariableConfiguration" $values | nindent 10 }}
+        command: {{ include "logsearchapi.command" . }}
+        ports:
+        - name: logsearchapi
+          containerPort: 8080
+          protocol: TCP
+{{ end }}

charts/minio/1.6.58/templates/logsearchapi-secret.yaml

@@ -0,0 +1,15 @@
+{{ if .Values.logsearchapi.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "logsearchapi.secretName" . }}
+data:
+  {{/*
+  Those are passed to environment variables, which sets everything on startup
+  There is no need to remember previously created secrets.
+  */}}
+  {{ $auditToken := randAlphaNum 32 }}
+  auditToken: {{ $auditToken | b64enc }}
+  queryToken: {{ randAlphaNum 32 | b64enc }}
+  webhookURL: {{ (printf "http://localhost:8080/api/ingest?token=%v" $auditToken) | b64enc }}
+{{ end }}

charts/minio/1.6.58/templates/postgres-secret.yaml

@@ -0,0 +1,17 @@
+{{ if .Values.logsearchapi.enabled }}
+{{ $dbPass := randAlphaNum 32 | b64enc }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "postgres.secretName" . }}
+data:
+  db_user: {{ include "postgres.dbUser" . }}
+  db_name: {{ include "postgres.dbName" . }}
+  {{ with (lookup "v1" "Secret" .Release.Namespace (include "postgres.secretName" .)) }}
+  {{ $dbPass = (index .data "db_password") }}
+  db_password: {{ $dbPass }}
+  {{ else }}
+  db_password: {{ $dbPass }}
+  {{ end }}
+  postgresURL: {{ printf "postgres://%v:%v:5432/%v?sslmode=disable" (include "postgres.dbUser" .) ($dbPass | b64dec) (include "postgres.dbName" .)  }}
+{{ end }}

charts/minio/1.6.58/test_values.yaml

@@ -14,6 +14,9 @@ image:
   pullPolicy: IfNotPresent
   repository: minio/minio
   tag: RELEASE.2022-10-24T18-35-07Z
+logsearchapi:
+  enabled: true
+  diskCapacityGB: 5
 minioDomain: null
 runAsGroup: 473
 runAsUser: 473