-
Notifications
You must be signed in to change notification settings - Fork 0
How to deploy MinIO in Openshift with Audit Log
Cesar Celis Hernandez edited this page Nov 3, 2022
·
18 revisions
- Assuming Operator is already deployed:
- Create the tenant:
-
Disable TLS
-
Disable Prometheus:
- Start Addressing
securityContext
issues:
- Under the name of the pool I will place an empty
securityContext
:
pools:
- affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: v1.min.io/tenant
operator: In
values:
- thunov3629pm
- key: v1.min.io/pool
operator: In
values:
- pool-0
topologyKey: kubernetes.io/hostname
name: pool-0
securityContext: {}
- Bound the PV with the PVC using the Storage Class defined:
spec:
storageClassName: cesar
- Fix Audit Logs:
log:
audit:
diskCapacityGB: 5
db:
resources: {}
securityContext:
fsGroup: 1000660000
fsGroupChangePolicy: Always
runAsGroup: 1000660000
runAsNonRoot: true
runAsUser: 1000660000
volumeClaimTemplate:
metadata:
creationTimestamp: null
name: thunov3629pm-log
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "5368709120"
status: {}
resources: {}
securityContext:
fsGroup: 1000660000
fsGroupChangePolicy: Always
runAsGroup: 1000660000
runAsNonRoot: true
runAsUser: 1000660000
- For below we need a
serviceAccountName: minio-operator
with granted permissions because we can't change that context since is implemented by the operator code and tenant is not exposing this one:
log:
audit:
diskCapacityGB: 5
db:
resources: {}
serviceAccountName: minio-operator
securityContext:
fsGroup: 1000660000
fsGroupChangePolicy: Always
runAsGroup: 1000660000
runAsNonRoot: true
runAsUser: 1000660000
oc create serviceaccount minio-operator -n thunov3629pm
oc adm policy add-scc-to-user privileged -n thunov3629pm -z minio-operator