From b705d31e8fad08ebc74f61e8a99d8200a5083f2a Mon Sep 17 00:00:00 2001
From: Conan Scott <conanscott@gmail.com>
Date: Mon, 15 Dec 2025 17:07:37 +1100
Subject: [PATCH] Changed to nfs and RWX Altered security contexts

---
 scc-updates.sh |  2 ++
 values.yaml    | 32 ++++++++++++++++----------------
 2 files changed, 18 insertions(+), 16 deletions(-)
 create mode 100755 scc-updates.sh

diff --git a/scc-updates.sh b/scc-updates.sh
new file mode 100755
index 0000000..5a408b0
--- /dev/null
+++ b/scc-updates.sh
@@ -0,0 +1,2 @@
+oc adm policy add-scc-to-user privileged -z minio-sa -n minio
+oc adm policy add-scc-to-user anyuid -z minio-sa -n minio
diff --git a/values.yaml b/values.yaml
index 646c02c..45cea89 100644
--- a/values.yaml
+++ b/values.yaml
@@ -159,9 +159,9 @@ persistence:
   ##
   ## Storage class of PV to bind. By default it looks for standard storage class.
   ## If the PV uses a different storage class, specify that here.
-  storageClass: "local-nvme-retain"
+  storageClass: "nfs"
   #volumeName: "minio"
-  accessMode: ReadWriteOnce
+  accessMode: ReadWriteMany
   size: 300Gi
 
   ## If subPath is set mount a sub folder of a volume instead of the root of the volume.
@@ -276,10 +276,10 @@ topologySpreadConstraints: []
 ## Add stateful containers to have security context, if enabled MinIO will run as this
 ## user and group NOTE: securityContext is only enabled if persistence.enabled=true
 securityContext:
-  enabled: true
-  runAsUser: 1000
-  runAsGroup: 1000
-  fsGroup: 1000
+  enabled: false
+  #runAsUser: 1000
+  #runAsGroup: 1000
+  #fsGroup: 1000
   fsGroupChangePolicy: "OnRootMismatch"
 
 containerSecurityContext:
@@ -358,8 +358,8 @@ policies: []
 makePolicyJob:
   securityContext:
     enabled: false
-    runAsUser: 1000
-    runAsGroup: 1000
+  #    runAsUser: 1000
+  #    runAsGroup: 1000
   resources:
     requests:
       memory: 128Mi
@@ -387,8 +387,8 @@ users:
 makeUserJob:
   securityContext:
     enabled: false
-    runAsUser: 1000
-    runAsGroup: 1000
+  #    runAsUser: 1000
+  #    runAsGroup: 1000
   resources:
     requests:
       memory: 128Mi
@@ -426,8 +426,8 @@ svcaccts: []
 makeServiceAccountJob:
   securityContext:
     enabled: false
-    runAsUser: 1000
-    runAsGroup: 1000
+  #   runAsUser: 1000
+  #   runAsGroup: 1000
   resources:
     requests:
       memory: 128Mi
@@ -462,8 +462,8 @@ buckets: []
 makeBucketJob:
   securityContext:
     enabled: false
-    runAsUser: 1000
-    runAsGroup: 1000
+  #   runAsUser: 1000
+  #   runAsGroup: 1000
   resources:
     requests:
       memory: 128Mi
@@ -479,8 +479,8 @@ customCommands:
 customCommandJob:
   securityContext:
     enabled: false
-    runAsUser: 1000
-    runAsGroup: 1000
+  #    runAsUser: 1000
+  #    runAsGroup: 1000
   resources:
     requests:
       memory: 128Mi