diff --git a/test/minio/8.0.5/README.md b/test/minio/8.0.5/README.md index 25894724794..b4afbad2710 100755 --- a/test/minio/8.0.5/README.md +++ b/test/minio/8.0.5/README.md @@ -142,7 +142,6 @@ The following table lists the configurable parameters of the MinIO chart and the | `certsPath` | Default certs path location | `/etc/minio/certs` | | `mountPath` | Default mount location for persistent drive | `/export` | | `bucketRoot` | Directory from where minio should serve buckets. | Value of `.mountPath` | -| `clusterDomain` | domain name of kubernetes cluster where pod is running. | `cluster.local` | | `service.type` | Kubernetes service type | `ClusterIP` | | `service.port` | Kubernetes port where service is exposed | `9000` | | `service.externalIPs` | service external IP addresses | `nil` | @@ -154,10 +153,6 @@ The following table lists the configurable parameters of the MinIO chart and the | `persistence.accessMode` | ReadWriteOnce or ReadOnly | `ReadWriteOnce` | | `persistence.subPath` | Mount a sub directory of the persistent volume if set | `""` | | `resources.requests.memory` | Memory resource requests | Memory: `4Gi` | -| `securityContext.enabled` | Enable to run containers as non-root. NOTE: if `persistence.enabled=false` then securityContext will be automatically disabled | `true` | -| `securityContext.runAsUser` | User id of the user for the container | `1000` | -| `securityContext.runAsGroup` | Group id of the user for the container | `1000` | -| `securityContext.fsGroup` | Group id of the persistent volume mount for the container | `1000` | | `tls.enabled` | Enable TLS for MinIO server | `false` | | `tls.certSecret` | Kubernetes Secret with `public.crt` and `private.key` files. | `""` | | `defaultBucket.enabled` | If set to true, a bucket will be created after MinIO install | `false` | diff --git a/test/minio/8.0.5/templates/deployment.yaml b/test/minio/8.0.5/templates/deployment.yaml index 2c81bbab537..acf7e1530bb 100644 --- a/test/minio/8.0.5/templates/deployment.yaml +++ b/test/minio/8.0.5/templates/deployment.yaml @@ -35,12 +35,6 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} spec: serviceAccountName: {{ include "minio.serviceAccountName" . | quote }} -{{- if and .Values.securityContext.enabled .Values.persistence.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - fsGroup: {{ .Values.securityContext.fsGroup }} -{{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/test/minio/8.0.5/templates/rolebindings.yaml b/test/minio/8.0.5/templates/rolebindings.yaml deleted file mode 100644 index ea8b98c5857..00000000000 --- a/test/minio/8.0.5/templates/rolebindings.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.securityContext.enabled .Values.persistence.enabled (.Capabilities.APIVersions.Has "security.openshift.io/v1") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "minio.serviceAccountName" . }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - namespace: {{ .Release.Namespace | quote }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "minio.serviceAccountName" . }} -subjects: -- kind: ServiceAccount - name: {{ template "minio.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} -{{- end }} diff --git a/test/minio/8.0.5/templates/securitycontextconstraints.yaml b/test/minio/8.0.5/templates/securitycontextconstraints.yaml deleted file mode 100644 index dfde6fb99e9..00000000000 --- a/test/minio/8.0.5/templates/securitycontextconstraints.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if and .Values.securityContext.enabled .Values.persistence.enabled (.Capabilities.APIVersions.Has "security.openshift.io/v1") }} -apiVersion: security.openshift.io/v1 -kind: SecurityContextConstraints -metadata: - name: {{ template "minio.fullname" . }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -priority: 10 -allowHostDirVolumePlugin: false -allowHostIPC: false -allowHostNetwork: false -allowHostPID: false -allowHostPorts: false -allowPrivilegeEscalation: true -allowPrivilegedContainer: false -allowedCapabilities: [] -readOnlyRootFilesystem: false -defaultAddCapabilities: [] -requiredDropCapabilities: -- KILL -- MKNOD -- SETUID -- SETGID -fsGroup: - type: MustRunAs - ranges: - - max: {{ .Values.securityContext.fsGroup }} - min: {{ .Values.securityContext.fsGroup }} -runAsUser: - type: MustRunAs - uid: {{ .Values.securityContext.runAsUser }} -seLinuxContext: - type: MustRunAs -supplementalGroups: - type: RunAsAny -volumes: -- configMap -- downwardAPI -- emptyDir -- persistentVolumeClaim -- projected -- secret -{{- end }} diff --git a/test/minio/8.0.5/values.yaml b/test/minio/8.0.5/values.yaml index 833a6901451..61328fd8830 100644 --- a/test/minio/8.0.5/values.yaml +++ b/test/minio/8.0.5/values.yaml @@ -1,7 +1,3 @@ -## set kubernetes cluster domain where minio is running -## -clusterDomain: cluster.local - ## Set default image, imageTag, and imagePullPolicy. mode is used to indicate the ## image: @@ -131,14 +127,6 @@ service: # prometheus.io/path: '/minio/prometheus/metrics' # prometheus.io/port: '9000' -## Add stateful containers to have security context, if enabled MinIO will run as this -## user and group NOTE: securityContext is only enabled if persistence.enabled=true -securityContext: - enabled: true - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ##