MinIO Audit Logs in ElasticSearch in k8s environment - cniackz/public GitHub Wiki
To get MinIO Audit Logs saved in ElasticSearch in k8s environment.
- https://github.com/minio/docs/issues/407
- https://www.elastic.co/guide/en/elasticsearch/reference/7.17/getting-started.html
- https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables
- Get ElasticSearch configured in advance: https://www.elastic.co/guide/en/elasticsearch/reference/7.17/getting-started.html
-
Deploy a cluster
-
Install Operator:
kubectl apply -k github.com/minio/operator/
- Deploy a tenant with ElasticSearch WebHook enabled:
# Encode your user and password in base64
$ echo -n 'user:password' | base64
dXNlcjpwYXNzd29yZA==# Create the namespace where the secret will be located
k create namespace tenant-lite# Create the secret using the base64 user and password here
apiVersion: v1
kind: Secret
metadata:
name: mysecrettoken
type: Opaque
stringData:
token: "Basic dXNlcjpwYXNzd29yZA=="# Apply the secret
k apply -f ~/minio/secret.yaml# Configure the webhook getting the credentials from the secret
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: storage
namespace: minio-tenant
spec:
env:
- name: MINIO_AUDIT_WEBHOOK_ENABLE_TESTING
value: "on"
- name: MINIO_AUDIT_WEBHOOK_ENDPOINT_TESTING
value: "http://<HOST>:9200/tuedec20402pm1/tuedec20402pm2"
- name: MINIO_AUDIT_WEBHOOK_AUTH_TOKEN_TESTING
valueFrom:
secretKeyRef:
name: mysecrettoken
key: token
optional: false # value coming from secret
- name: MINIO_ROOT_USER
value: minio
- name: MINIO_ROOT_PASSWORD
value: minio123# Install the tenant
kubectl apply -k ~/operator/examples/kustomization/tenant-lite- Look at the index:
curl -u <USER>:<PASSWORD> -X GET "<HOST>:9200/tuedec20402pm1/_search?pretty" -H 'Content-Type: application/json'You should get something like below if it works but NOT
no such index:
{
"took" : 859,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 40,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "tuedec20337pm",
"_type" : "tuedec20337pm2",
"_id" : "1zB-MYUBuuSsBbj2Wo5_",
"_score" : 1.0,
"_source" : { }
},
{
"_index" : "tuedec20337pm",
"_type" : "tuedec20337pm2",
"_id" : "2DB-MYUBuuSsBbj2W44n",
"_score" : 1.0,
"_source" : { }
},
{
"_index" : "tuedec20337pm",
"_type" : "tuedec20337pm2",
"_id" : "2TB-MYUBuuSsBbj2W46n",
"_score" : 1.0,
"_source" : { }
},
{
"_index" : "tuedec20337pm",
"_type" : "tuedec20337pm2",
"_id" : "2jB-MYUBuuSsBbj2XI4l",
"_score" : 1.0,
"_source" : { }
},
{
"_index" : "tuedec20337pm",
"_type" : "tuedec20337pm2",
"_id" : "2zB-MYUBuuSsBbj2X47g",
"_score" : 1.0,
"_source" : {
"version" : "1",
"deploymentid" : "b3d19425-2a7f-452d-a27e-85d364c4e588",
"time" : "2022-12-20T21:44:03.665025467Z",
"event" : "",
"trigger" : "incoming",
"api" : {
"name" : "StorageInfo",
"rx" : 0,
"tx" : -1,
"timeToResponse" : "0ns"
},
"remotehost" : "10.244.4.2",
"requestID" : "17329E76898C063C",
"userAgent" : "MinIO (linux; arm64) madmin-go/0.0.1",
"requestHeader" : {
"Authorization" : "AWS4-HMAC-SHA256 Credential=minio/20221220//s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=066de153b1c6df73e2072f069d0ae4b6e4830faac72da3aaeb547ed9b1b55a94",
"User-Agent" : "MinIO (linux; arm64) madmin-go/0.0.1",
"X-Amz-Content-Sha256" : "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"X-Amz-Date" : "20221220T214403Z"
},
"responseHeader" : {
"Accept-Ranges" : "bytes",
"Content-Length" : "9784",
"Content-Security-Policy" : "block-all-mixed-content",
"Content-Type" : "application/json",
"Server" : "MinIO",
"Strict-Transport-Security" : "max-age=31536000; includeSubDomains",
"Vary" : "Origin,Accept-Encoding",
"X-Amz-Request-Id" : "17329E76898C063C",
"X-Content-Type-Options" : "nosniff",
"X-Xss-Protection" : "1; mode=block"
}
}
},
{
"_index" : "tuedec20337pm",
"_type" : "tuedec20337pm2",
"_id" : "3DB-MYUBuuSsBbj2YI53",
"_score" : 1.0,
"_source" : {
"version" : "1",
"deploymentid" : "b3d19425-2a7f-452d-a27e-85d364c4e588",
"time" : "2022-12-20T21:44:03.679392592Z",
"event" : "",
"trigger" : "incoming",
"api" : {
"name" : "TierStats",
"rx" : 0,
"tx" : -1,
"timeToResponse" : "0ns"
},
"remotehost" : "10.244.4.2",
"requestID" : "17329E768A797617",
"userAgent" : "MinIO (linux; arm64) madmin-go/0.0.1",
"requestHeader" : {
"Authorization" : "AWS4-HMAC-SHA256 Credential=minio/20221220//s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=c8cadb0abae51c2e4ba8d114264d4b9a8a6be3f982b9d0f40dab9849fa25ab3b",
"User-Agent" : "MinIO (linux; arm64) madmin-go/0.0.1",
"X-Amz-Content-Sha256" : "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"X-Amz-Date" : "20221220T214403Z"
},
"responseHeader" : {
"Accept-Ranges" : "bytes",
"Content-Length" : "4",
"Content-Security-Policy" : "block-all-mixed-content",
"Content-Type" : "application/json",
"Server" : "MinIO",
"Strict-Transport-Security" : "max-age=31536000; includeSubDomains",
"Vary" : "Origin,Accept-Encoding",
"X-Amz-Request-Id" : "17329E768A797617",
"X-Content-Type-Options" : "nosniff",
"X-Xss-Protection" : "1; mode=block"
},
"tags" : {
"objectLocation" : {
"name" : "buckets/.usage.json",
"poolId" : 1,
"setId" : 1,
"disks" : [
"https://storage-lite-pool-0-0.storage-lite-hl.tenant-lite.svc.cluster.local:9000/export0",
"https://storage-lite-pool-0-1.storage-lite-hl.tenant-lite.svc.cluster.local:9000/export0",
"https://storage-lite-pool-0-2.storage-lite-hl.tenant-lite.svc.cluster.local:9000/export0",
"https://storage-lite-pool-0-3.storage-lite-hl.tenant-lite.svc.cluster.local:9000/export0",
"https://storage-lite-pool-0-0.storage-lite-hl.tenant-lite.svc.cluster.local:9000/export1",
"https://storage-lite-pool-0-1.storage-lite-hl.tenant-lite.svc.cluster.local:9000/export1",
"https://storage-lite-pool-0-2.storage-lite-hl.tenant-lite.svc.cluster.local:9000/export1",
"https://storage-lite-pool-0-3.storage-lite-hl.tenant-lite.svc.cluster.local:9000/export1"
]
}
}
}
},
{
"_index" : "tuedec20337pm",
"_type" : "tuedec20337pm2",
"_id" : "_TB-MYUBuuSsBbj2h46M",
"_score" : 1.0,
"_source" : {
"version" : "1",
"deploymentid" : "b3d19425-2a7f-452d-a27e-85d364c4e588",
"time" : "2022-12-20T21:44:13.815176375Z",
"event" : "",
"trigger" : "incoming",
"api" : {
"name" : "GetConfigKV",
"rx" : 0,
"tx" : -1,
"timeToResponse" : "0ns"
},
"remotehost" : "10.244.4.2",
"requestID" : "17329E78E6E41E8E",
"userAgent" : "MinIO (linux; arm64) madmin-go/0.0.1",
"requestQuery" : {
"key" : "audit_webhook:storage-lite-log-search-api"
},
"requestHeader" : {
"Authorization" : "AWS4-HMAC-SHA256 Credential=minio/20221220//s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=2ae3c3d8693619c4407723146091ae3b884827bc6dc8b9d12c9380f4a50db3b7",
"User-Agent" : "MinIO (linux; arm64) madmin-go/0.0.1",
"X-Amz-Content-Sha256" : "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"X-Amz-Date" : "20221220T214413Z"
},
"responseHeader" : {
"Accept-Ranges" : "bytes",
"Content-Length" : "242",
"Content-Security-Policy" : "block-all-mixed-content",
"Content-Type" : "application/json",
"Server" : "MinIO",
"Strict-Transport-Security" : "max-age=31536000; includeSubDomains",
"Vary" : "Origin,Accept-Encoding",
"X-Amz-Request-Id" : "17329E78E6E41E8E",
"X-Content-Type-Options" : "nosniff",
"X-Xss-Protection" : "1; mode=block"
}
}
},
{
"_index" : "tuedec20337pm",
"_type" : "tuedec20337pm2",
"_id" : "_jB-MYUBuuSsBbj2h47X",
"_score" : 1.0,
"_source" : { }
},
{
"_index" : "tuedec20337pm",
"_type" : "tuedec20337pm2",
"_id" : "_zB-MYUBuuSsBbj2iI48",
"_score" : 1.0,
"_source" : { }
},
{
"_index" : "tuedec20337pm",
"_type" : "tuedec20337pm2",
"_id" : "ADB-MYUBuuSsBbj2iI88",
"_score" : 1.0,
"_source" : { }
}
]
}
}