Add audit archive PVC (#368)

OctopusDeploy · Jan 10, 2025 · 8a5779f · 8a5779f
1 parent e229b0a
commit 8a5779f
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 2 deletions.
diff --git a/.changeset/tender-dingos-work.md b/.changeset/tender-dingos-work.md
@@ -0,0 +1,5 @@
+---
+"octopus-deploy": minor
+---
+
+Added audit log PVC
diff --git a/charts/octopus-deploy/README.md b/charts/octopus-deploy/README.md
@@ -18,7 +18,7 @@ helm upgrade octopus-deploy \
 --namespace octopus-deploy \
 --create-namespace \
 --set octopus.acceptEula="Y" \
---set octopus.licenseKeyBase64="<Your License Key>"
+--set octopus.licenseKeyBase64="<Your License Key>" \
 --set mssql.enabled="true" \
 oci://ghcr.io/octopusdeploy/octopusdeploy-helm
 ```

diff --git a/charts/octopus-deploy/templates/pvc.yaml b/charts/octopus-deploy/templates/pvc.yaml
@@ -56,4 +56,24 @@ spec:
   {{- end }}
   resources:
     requests:
-      storage: {{.Values.octopus.taskLogVolume.size}}
+      storage: {{.Values.octopus.taskLogVolume.size}}
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: audit-log-claim
+  labels:
+    {{- include "labels" . | nindent 4 }}
+spec:
+  accessModes:
+    {{- if (gt (.Values.octopus.replicaCount | int) 1)}}
+    - ReadWriteMany
+    {{- else }}
+    - {{.Values.octopus.auditLogVolume.storageAccessMode}}
+    {{- end }}
+  {{- if $storageClass := (default .Values.global.storageClass .Values.octopus.auditLogVolume.storageClassName) }}
+  storageClassName: {{ $storageClass }}
+  {{- end }}
+  resources:
+    requests:
+      storage: {{.Values.octopus.auditLogVolume.size}}
diff --git a/charts/octopus-deploy/templates/statefulset.yaml b/charts/octopus-deploy/templates/statefulset.yaml
@@ -130,6 +130,8 @@ spec:
             mountPath: /taskLogs
           - name: server-log-volume
             mountPath: /home/octopus/.octopus/OctopusServer/Server/Logs
+          - name: audit-log-volume
+            mountPath: /eventExports
         {{- if .Values.octopus.resources }}
         resources:
 {{ toYaml .Values.octopus.resources | indent 18 }}
@@ -172,6 +174,9 @@ spec:
         - name: task-log-volume
           persistentVolumeClaim:
             claimName: task-log-claim
+        - name: audit-log-volume
+          persistentVolumeClaim:
+            claimName: audit-log-claim
       {{- if .Values.dockerHub.login }}
       imagePullSecrets:
         - name: dockerhubcreds

diff --git a/charts/octopus-deploy/values.yaml b/charts/octopus-deploy/values.yaml
@@ -81,6 +81,11 @@ octopus:
     size: 1Gi 
     storageClassName: ""
     storageAccessMode: ReadWriteOnce
+  # Volume used for archived audit logs: https://octopus.com/docs/security/users-and-teams/auditing#archived-audit-events
+  auditLogVolume:
+    size: 1Gi
+    storageClassName: ""
+    storageAccessMode: ReadWriteOnce
 
   service:
     type: NodePort