Remove securitycontext options for now

test/minio/8.0.5/README.md

@@ -142,7 +142,6 @@ The following table lists the configurable parameters of the MinIO chart and the
 | `certsPath`                                      | Default certs path location                                                                                                             | `/etc/minio/certs`               |
 | `mountPath`                                      | Default mount location for persistent drive                                                                                             | `/export`                        |
 | `bucketRoot`                                     | Directory from where minio should serve buckets.                                                                                        | Value of `.mountPath`            |
-| `clusterDomain`                                  | domain name of kubernetes cluster where pod is running.                                                                                 | `cluster.local`                  |
 | `service.type`                                   | Kubernetes service type                                                                                                                 | `ClusterIP`                      |
 | `service.port`                                   | Kubernetes port where service is exposed                                                                                                | `9000`                           |
 | `service.externalIPs`                            | service external IP addresses                                                                                                           | `nil`                            |
@@ -154,10 +153,6 @@ The following table lists the configurable parameters of the MinIO chart and the
 | `persistence.accessMode`                         | ReadWriteOnce or ReadOnly                                                                                                               | `ReadWriteOnce`                  |
 | `persistence.subPath`                            | Mount a sub directory of the persistent volume if set                                                                                   | `""`                             |
 | `resources.requests.memory`                      | Memory resource requests                                                                                                                | Memory: `4Gi`                    |
-| `securityContext.enabled`                        | Enable to run containers as non-root. NOTE: if `persistence.enabled=false` then securityContext will be automatically disabled          | `true`                           |
-| `securityContext.runAsUser`                      | User id of the user for the container                                                                                                   | `1000`                           |
-| `securityContext.runAsGroup`                     | Group id of the user for the container                                                                                                  | `1000`                           |
-| `securityContext.fsGroup`                        | Group id of the persistent volume mount for the container                                                                               | `1000`                           |
 | `tls.enabled`                                    | Enable TLS for MinIO server                                                                                                             | `false`                          |
 | `tls.certSecret`                                 | Kubernetes Secret with `public.crt` and `private.key` files.                                                                            | `""`                             |
 | `defaultBucket.enabled`                          | If set to true, a bucket will be created after MinIO install                                                                            | `false`                          |

test/minio/8.0.5/templates/deployment.yaml

@@ -35,12 +35,6 @@ spec:
         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
     spec:
       serviceAccountName: {{ include "minio.serviceAccountName" . | quote }}
-{{- if and .Values.securityContext.enabled .Values.persistence.enabled }}
-      securityContext:
-        runAsUser: {{ .Values.securityContext.runAsUser }}
-        runAsGroup: {{ .Values.securityContext.runAsGroup }}
-        fsGroup: {{ .Values.securityContext.fsGroup }}
-{{- end }}
       containers:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"

test/minio/8.0.5/templates/rolebindings.yaml

@@ -1,20 +0,0 @@
-{{- if and .Values.securityContext.enabled .Values.persistence.enabled (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ template "minio.serviceAccountName" . }}
-  labels:
-    app: {{ template "minio.name" . }}
-    chart: {{ template "minio.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  namespace: {{ .Release.Namespace | quote }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "minio.serviceAccountName" . }}
-subjects:
-- kind: ServiceAccount
-  name: {{ template "minio.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
-{{- end }}

test/minio/8.0.5/templates/securitycontextconstraints.yaml

@@ -1,46 +0,0 @@
-{{- if and .Values.securityContext.enabled .Values.persistence.enabled (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
-apiVersion: security.openshift.io/v1
-kind: SecurityContextConstraints
-metadata:
-  name: {{ template "minio.fullname" . }}
-  labels:
-    app: {{ template "minio.name" . }}
-    chart: {{ template "minio.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-priority: 10
-allowHostDirVolumePlugin: false
-allowHostIPC: false
-allowHostNetwork: false
-allowHostPID: false
-allowHostPorts: false
-allowPrivilegeEscalation: true
-allowPrivilegedContainer: false
-allowedCapabilities: []
-readOnlyRootFilesystem: false
-defaultAddCapabilities: []
-requiredDropCapabilities:
-- KILL
-- MKNOD
-- SETUID
-- SETGID
-fsGroup:
-  type: MustRunAs
-  ranges:
-  - max: {{ .Values.securityContext.fsGroup }}
-    min: {{ .Values.securityContext.fsGroup }}
-runAsUser:
-  type: MustRunAs
-  uid: {{ .Values.securityContext.runAsUser }}
-seLinuxContext:
-  type: MustRunAs
-supplementalGroups:
-  type: RunAsAny
-volumes:
-- configMap
-- downwardAPI
-- emptyDir
-- persistentVolumeClaim
-- projected
-- secret
-{{- end }}

test/minio/8.0.5/values.yaml

@@ -1,7 +1,3 @@
-## set kubernetes cluster domain where minio is running
-##
-clusterDomain: cluster.local
-
 ## Set default image, imageTag, and imagePullPolicy. mode is used to indicate the
 ##
 image:
@@ -131,14 +127,6 @@ service:
     # prometheus.io/path:   '/minio/prometheus/metrics'
     # prometheus.io/port:   '9000'
 
-## Add stateful containers to have security context, if enabled MinIO will run as this
-## user and group NOTE: securityContext is only enabled if persistence.enabled=true
-securityContext:
-  enabled: true
-  runAsUser: 1000
-  runAsGroup: 1000
-  fsGroup: 1000
-
 ## Configure resource requests and limits
 ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
 ##