-
Notifications
You must be signed in to change notification settings - Fork 456
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Make Search feature available via MinIO operator (#339)
It comprises of k8s secret to hold postgres creds (internal), a statefulset for running postgres server and headless service to make it accessible to the tenant's MinIO. * share secret between PG server and log-search-api * Add Log-search api deployment, service, etc * Use separate auth tokens for log ingestion and search query APIs * Keep tenant status up to date with Log Search automation
- Loading branch information
Showing
15 changed files
with
1,875 additions
and
1,565 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,103 @@ | ||
| ## Secret to be used as MinIO Root Credentials | ||
| apiVersion: v1 | ||
| kind: Secret | ||
| metadata: | ||
| name: minio-creds-secret | ||
| type: Opaque | ||
| data: | ||
| ## Access Key for MinIO Tenant, base64 encoded (echo -n 'minio' | base64) | ||
| accesskey: bWluaW8= | ||
| ## Secret Key for MinIO Tenant, base64 encoded (echo -n 'minio123' | base64) | ||
| secretkey: bWluaW8xMjM= | ||
| --- | ||
| ## MinIO Tenant Definition | ||
| apiVersion: minio.min.io/v1 | ||
| kind: Tenant | ||
| metadata: | ||
| name: minio | ||
| ## Optionally pass labels to be applied to the statefulset pods | ||
| labels: | ||
| app: minio | ||
| ## Annotations for MinIO Tenant Pods | ||
| annotations: | ||
| prometheus.io/path: /minio/prometheus/metrics | ||
| prometheus.io/port: "9000" | ||
| prometheus.io/scrape: "true" | ||
|
|
||
| ## If a scheduler is specified here, Tenant pods will be dispatched by specified scheduler. | ||
| ## If not specified, the Tenant pods will be dispatched by default scheduler. | ||
| # scheduler: | ||
| # name: my-custom-scheduler | ||
|
|
||
| spec: | ||
| ## Registry location and Tag to download MinIO Server image | ||
| image: minio/minio:RELEASE.2020-11-19T23-48-16Z | ||
| imagePullPolicy: IfNotPresent | ||
|
|
||
| ## Secret with credentials to be used by MinIO Tenant. | ||
| ## Refers to the secret object created above. | ||
| credsSecret: | ||
| name: minio-creds-secret | ||
|
|
||
| ## Specification for MinIO Zone(s) in this Tenant. | ||
| pools: | ||
| ## Servers specifies the number of MinIO Tenant Pods / Servers in this zone. | ||
| ## For standalone mode, supply 1. For distributed mode, supply 4 or more. | ||
| ## Note that the operator does not support upgrading from standalone to distributed mode. | ||
| - servers: 4 | ||
|
|
||
| ## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server. | ||
| volumesPerServer: 4 | ||
|
|
||
| ## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO Tenant in this | ||
| ## Zone. | ||
| volumeClaimTemplate: | ||
| metadata: | ||
| name: data | ||
| spec: | ||
| accessModes: | ||
| - ReadWriteOnce | ||
| resources: | ||
| requests: | ||
| storage: 1Ti | ||
|
|
||
|
|
||
| ## Mount path where PV will be mounted inside container(s). | ||
| mountPath: /export | ||
| ## Sub path inside Mount path where MinIO stores data. | ||
| # subPath: /data | ||
|
|
||
| ## Use this field to provide a list of Secrets with external certificates. This can be used to to configure | ||
| ## TLS for MinIO Tenant pods. Create secrets as explained here: | ||
| ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret | ||
| # externalCertSecret: | ||
| # - name: tls-ssl-minio | ||
| # type: kubernetes.io/tls | ||
|
|
||
| ## Enable automatic Kubernetes based certificate generation and signing as explained in | ||
| ## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster | ||
| requestAutoCert: true | ||
|
|
||
| ## Enable S3 specific features such as Bucket DNS which would allow `buckets` to be | ||
| ## accessible as DNS entries of form `<bucketname>.minio.default.svc.cluster.local` | ||
| s3: | ||
| ## This feature is turned off by default | ||
| bucketDNS: false | ||
|
|
||
| ## This field is used only when "requestAutoCert" is set to true. Use this field to set CommonName | ||
| ## for the auto-generated certificate. Internal DNS name for the pod will be used if CommonName is | ||
| ## not provided. DNS name format is *.minio.default.svc.cluster.local | ||
| certConfig: | ||
| commonName: "" | ||
| organizationName: [] | ||
| dnsNames: [] | ||
|
|
||
| ## PodManagement policy for MinIO Tenant Pods. Can be "OrderedReady" or "Parallel" | ||
| ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy | ||
| ## for details. | ||
| podManagementPolicy: Parallel | ||
|
|
||
| log: | ||
| image: minio/logsearchapi:v3.0.30 | ||
| audit: | ||
| diskCapacityGB: 10 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.