Mycloud forces 501/1000
All checks were successful
continuous-integration/publish-helm Helm publish succeeded
All checks were successful
continuous-integration/publish-helm Helm publish succeeded
This commit is contained in:
4
scc-remove.sh
Executable file
4
scc-remove.sh
Executable file
@@ -0,0 +1,4 @@
|
||||
oc adm policy remove-scc-from-user privileged -z minio-sa -n minio
|
||||
oc adm policy remove-scc-from-user anyuid -z minio-sa -n minio
|
||||
oc adm policy remove-scc-from-user privileged -z default -n minio
|
||||
oc adm policy remove-scc-from-user anyuid -z default -n minio
|
||||
31
values.yaml
31
values.yaml
@@ -200,8 +200,7 @@ service:
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: openshift-default
|
||||
labels:
|
||||
{}
|
||||
labels: {}
|
||||
# node-role.kubernetes.io/ingress: platform
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: openshift-default
|
||||
@@ -245,8 +244,7 @@ consoleService:
|
||||
consoleIngress:
|
||||
enabled: true
|
||||
ingressClassName: openshift-default
|
||||
labels:
|
||||
{}
|
||||
labels: {}
|
||||
# node-role.kubernetes.io/ingress: platform
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: openshift-default
|
||||
@@ -277,11 +275,11 @@ topologySpreadConstraints: []
|
||||
|
||||
## Add stateful containers to have security context, if enabled MinIO will run as this
|
||||
## user and group NOTE: securityContext is only enabled if persistence.enabled=true
|
||||
securityContext:
|
||||
enabled: false
|
||||
#runAsUser: 1000
|
||||
#runAsGroup: 1000
|
||||
#fsGroup: 1000
|
||||
securityContext: #unavoidable to wd-mycloud all_squash to 501/1000. appropriate SCC has been applied to prevent future drift
|
||||
enabled: true
|
||||
runAsUser: 501
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
#fsGroupChangePolicy: "OnRootMismatch"
|
||||
|
||||
containerSecurityContext:
|
||||
@@ -399,8 +397,7 @@ makeUserJob:
|
||||
|
||||
## List of service accounts to be created after minio install
|
||||
##
|
||||
svcaccts:
|
||||
[]
|
||||
svcaccts: []
|
||||
## accessKey, secretKey and parent user to be assigned to the service accounts
|
||||
## Add new service accounts as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#service-accounts
|
||||
# - accessKey: console-svcacct
|
||||
@@ -439,8 +436,7 @@ makeServiceAccountJob:
|
||||
|
||||
## List of buckets to be created after minio install
|
||||
##
|
||||
buckets:
|
||||
[]
|
||||
buckets: []
|
||||
# # Name of the bucket
|
||||
# - name: bucket1
|
||||
# # Policy to be set on the
|
||||
@@ -489,15 +485,13 @@ customCommandJob:
|
||||
requests:
|
||||
memory: 128Mi
|
||||
## Additional volumes to add to the post-job.
|
||||
extraVolumes:
|
||||
[]
|
||||
extraVolumes: []
|
||||
# - name: extra-policies
|
||||
# configMap:
|
||||
# name: my-extra-policies-cm
|
||||
## Additional volumeMounts to add to the custom commands container when
|
||||
## running the post-job.
|
||||
extraVolumeMounts:
|
||||
[]
|
||||
extraVolumeMounts: []
|
||||
# - name: extra-policies
|
||||
# mountPath: /mnt/extras/
|
||||
# Command to run after the main command on exit
|
||||
@@ -587,8 +581,7 @@ metrics:
|
||||
# for node metrics
|
||||
relabelConfigs: {}
|
||||
# for cluster metrics
|
||||
relabelConfigsCluster:
|
||||
{}
|
||||
relabelConfigsCluster: {}
|
||||
# metricRelabelings:
|
||||
# - regex: (server|pod)
|
||||
# action: labeldrop
|
||||
|
||||
Reference in New Issue
Block a user