cscott/minio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed to nfs and RWX

Browse Source 
Altered security contexts
This commit is contained in:
Conan Scott
2025-12-15 17:07:37 +11:00
parent c8a9829eb8
commit b705d31e8f
2 changed files with 18 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scc-updates.sh Executable file
View File

@@ -0,0 +1,2 @@
oc adm policy add-scc-to-user privileged -z minio-sa -n minio
oc adm policy add-scc-to-user anyuid -z minio-sa -n minio

32
values.yaml
View File

@@ -159,9 +159,9 @@ persistence:
## ##
## Storage class of PV to bind. By default it looks for standard storage class. ## Storage class of PV to bind. By default it looks for standard storage class.
## If the PV uses a different storage class, specify that here. ## If the PV uses a different storage class, specify that here.
storageClass: "local-nvme-retain" storageClass: "nfs"
#volumeName: "minio" #volumeName: "minio"
accessMode: ReadWriteOnce accessMode: ReadWriteMany
size: 300Gi size: 300Gi
## If subPath is set mount a sub folder of a volume instead of the root of the volume. ## If subPath is set mount a sub folder of a volume instead of the root of the volume.
@@ -276,10 +276,10 @@ topologySpreadConstraints: []
## Add stateful containers to have security context, if enabled MinIO will run as this ## Add stateful containers to have security context, if enabled MinIO will run as this
## user and group NOTE: securityContext is only enabled if persistence.enabled=true ## user and group NOTE: securityContext is only enabled if persistence.enabled=true
securityContext: securityContext:
enabled: true enabled: false
runAsUser: 1000 #runAsUser: 1000
runAsGroup: 1000 #runAsGroup: 1000
fsGroup: 1000 #fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch" fsGroupChangePolicy: "OnRootMismatch"
containerSecurityContext: containerSecurityContext:
@@ -358,8 +358,8 @@ policies: []
makePolicyJob: makePolicyJob:
securityContext: securityContext:
enabled: false enabled: false
runAsUser: 1000 # runAsUser: 1000
runAsGroup: 1000 # runAsGroup: 1000
resources: resources:
requests: requests:
memory: 128Mi memory: 128Mi
@@ -387,8 +387,8 @@ users:
makeUserJob: makeUserJob:
securityContext: securityContext:
enabled: false enabled: false
runAsUser: 1000 # runAsUser: 1000
runAsGroup: 1000 # runAsGroup: 1000
resources: resources:
requests: requests:
memory: 128Mi memory: 128Mi
@@ -426,8 +426,8 @@ svcaccts: []
makeServiceAccountJob: makeServiceAccountJob:
securityContext: securityContext:
enabled: false enabled: false
runAsUser: 1000 # runAsUser: 1000
runAsGroup: 1000 # runAsGroup: 1000
resources: resources:
requests: requests:
memory: 128Mi memory: 128Mi
@@ -462,8 +462,8 @@ buckets: []
makeBucketJob: makeBucketJob:
securityContext: securityContext:
enabled: false enabled: false
runAsUser: 1000 # runAsUser: 1000
runAsGroup: 1000 # runAsGroup: 1000
resources: resources:
requests: requests:
memory: 128Mi memory: 128Mi
@@ -479,8 +479,8 @@ customCommands:
customCommandJob: customCommandJob:
securityContext: securityContext:
enabled: false enabled: false
runAsUser: 1000 # runAsUser: 1000
runAsGroup: 1000 # runAsGroup: 1000
resources: resources:
requests: requests:
memory: 128Mi memory: 128Mi