Mycloud forces 501/1000

.gitignore

@@ -0,0 +1 @@
+argo-helm.yaml

scc-remove.sh

@@ -0,0 +1,4 @@
+oc adm policy remove-scc-from-user privileged -z minio-sa -n minio
+oc adm policy remove-scc-from-user anyuid -z minio-sa -n minio
+oc adm policy remove-scc-from-user privileged -z default -n minio
+oc adm policy remove-scc-from-user anyuid -z default -n minio

values.yaml

@@ -148,7 +148,7 @@ persistence:
   ## A manually managed Persistent Volume and Claim
   ## Requires persistence.enabled: true
   ## If defined, PVC must be created manually before volume will be bound
-  existingClaim: ""
+  existingClaim: "minio"
 
   ## minio data Persistent Volume Storage Class
   ## If defined, storageClassName: <storageClass>
@@ -159,7 +159,7 @@ persistence:
   ##
   ## Storage class of PV to bind. By default it looks for standard storage class.
   ## If the PV uses a different storage class, specify that here.
-  storageClass: "nfs"
+  storageClass: "nfs-csi"
   #volumeName: "minio"
   accessMode: ReadWriteMany
   size: 500Gi
@@ -275,11 +275,11 @@ topologySpreadConstraints: []
 
 ## Add stateful containers to have security context, if enabled MinIO will run as this
 ## user and group NOTE: securityContext is only enabled if persistence.enabled=true
-securityContext:
+securityContext: #unavoidable to wd-mycloud all_squash to 501/1000. appropriate SCC has been applied to prevent future drift
-  enabled: false
+  enabled: true
-  #runAsUser: 1000
+  runAsUser: 501
-  #runAsGroup: 1000
+  runAsGroup: 1000
-  #fsGroup: 1000
+  fsGroup: 1000
   #fsGroupChangePolicy: "OnRootMismatch"
 
 containerSecurityContext: