Mycloud forces 501/1000
All checks were successful
continuous-integration/publish-helm Helm publish succeeded
All checks were successful
continuous-integration/publish-helm Helm publish succeeded
This commit is contained in:
4
scc-remove.sh
Executable file
4
scc-remove.sh
Executable file
@@ -0,0 +1,4 @@
|
|||||||
|
oc adm policy remove-scc-from-user privileged -z minio-sa -n minio
|
||||||
|
oc adm policy remove-scc-from-user anyuid -z minio-sa -n minio
|
||||||
|
oc adm policy remove-scc-from-user privileged -z default -n minio
|
||||||
|
oc adm policy remove-scc-from-user anyuid -z default -n minio
|
||||||
31
values.yaml
31
values.yaml
@@ -200,8 +200,7 @@ service:
|
|||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: openshift-default
|
ingressClassName: openshift-default
|
||||||
labels:
|
labels: {}
|
||||||
{}
|
|
||||||
# node-role.kubernetes.io/ingress: platform
|
# node-role.kubernetes.io/ingress: platform
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: openshift-default
|
kubernetes.io/ingress.class: openshift-default
|
||||||
@@ -245,8 +244,7 @@ consoleService:
|
|||||||
consoleIngress:
|
consoleIngress:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: openshift-default
|
ingressClassName: openshift-default
|
||||||
labels:
|
labels: {}
|
||||||
{}
|
|
||||||
# node-role.kubernetes.io/ingress: platform
|
# node-role.kubernetes.io/ingress: platform
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: openshift-default
|
kubernetes.io/ingress.class: openshift-default
|
||||||
@@ -277,11 +275,11 @@ topologySpreadConstraints: []
|
|||||||
|
|
||||||
## Add stateful containers to have security context, if enabled MinIO will run as this
|
## Add stateful containers to have security context, if enabled MinIO will run as this
|
||||||
## user and group NOTE: securityContext is only enabled if persistence.enabled=true
|
## user and group NOTE: securityContext is only enabled if persistence.enabled=true
|
||||||
securityContext:
|
securityContext: #unavoidable to wd-mycloud all_squash to 501/1000. appropriate SCC has been applied to prevent future drift
|
||||||
enabled: false
|
enabled: true
|
||||||
#runAsUser: 1000
|
runAsUser: 501
|
||||||
#runAsGroup: 1000
|
runAsGroup: 1000
|
||||||
#fsGroup: 1000
|
fsGroup: 1000
|
||||||
#fsGroupChangePolicy: "OnRootMismatch"
|
#fsGroupChangePolicy: "OnRootMismatch"
|
||||||
|
|
||||||
containerSecurityContext:
|
containerSecurityContext:
|
||||||
@@ -399,8 +397,7 @@ makeUserJob:
|
|||||||
|
|
||||||
## List of service accounts to be created after minio install
|
## List of service accounts to be created after minio install
|
||||||
##
|
##
|
||||||
svcaccts:
|
svcaccts: []
|
||||||
[]
|
|
||||||
## accessKey, secretKey and parent user to be assigned to the service accounts
|
## accessKey, secretKey and parent user to be assigned to the service accounts
|
||||||
## Add new service accounts as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#service-accounts
|
## Add new service accounts as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#service-accounts
|
||||||
# - accessKey: console-svcacct
|
# - accessKey: console-svcacct
|
||||||
@@ -439,8 +436,7 @@ makeServiceAccountJob:
|
|||||||
|
|
||||||
## List of buckets to be created after minio install
|
## List of buckets to be created after minio install
|
||||||
##
|
##
|
||||||
buckets:
|
buckets: []
|
||||||
[]
|
|
||||||
# # Name of the bucket
|
# # Name of the bucket
|
||||||
# - name: bucket1
|
# - name: bucket1
|
||||||
# # Policy to be set on the
|
# # Policy to be set on the
|
||||||
@@ -489,15 +485,13 @@ customCommandJob:
|
|||||||
requests:
|
requests:
|
||||||
memory: 128Mi
|
memory: 128Mi
|
||||||
## Additional volumes to add to the post-job.
|
## Additional volumes to add to the post-job.
|
||||||
extraVolumes:
|
extraVolumes: []
|
||||||
[]
|
|
||||||
# - name: extra-policies
|
# - name: extra-policies
|
||||||
# configMap:
|
# configMap:
|
||||||
# name: my-extra-policies-cm
|
# name: my-extra-policies-cm
|
||||||
## Additional volumeMounts to add to the custom commands container when
|
## Additional volumeMounts to add to the custom commands container when
|
||||||
## running the post-job.
|
## running the post-job.
|
||||||
extraVolumeMounts:
|
extraVolumeMounts: []
|
||||||
[]
|
|
||||||
# - name: extra-policies
|
# - name: extra-policies
|
||||||
# mountPath: /mnt/extras/
|
# mountPath: /mnt/extras/
|
||||||
# Command to run after the main command on exit
|
# Command to run after the main command on exit
|
||||||
@@ -587,8 +581,7 @@ metrics:
|
|||||||
# for node metrics
|
# for node metrics
|
||||||
relabelConfigs: {}
|
relabelConfigs: {}
|
||||||
# for cluster metrics
|
# for cluster metrics
|
||||||
relabelConfigsCluster:
|
relabelConfigsCluster: {}
|
||||||
{}
|
|
||||||
# metricRelabelings:
|
# metricRelabelings:
|
||||||
# - regex: (server|pod)
|
# - regex: (server|pod)
|
||||||
# action: labeldrop
|
# action: labeldrop
|
||||||
|
|||||||
Reference in New Issue
Block a user