[minio] make minio run on openshift (CloudPirates-io#203)

mms-gianni · web-flow · commit 18c7be5d09f5 · 2025-10-02T17:32:15.000+02:00
* make minio run on openshift

* update readme, use new container securitycontext variable
diff --git a/charts/minio/Chart.lock b/charts/minio/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: common
   repository: oci://registry-1.docker.io/cloudpirates
-  version: 1.0.0
-digest: sha256:4dc4489391e65614af4cd64d56a213e353a7a70b231faf64c584779774304d96
-generated: "2025-08-14T12:32:33.889806+02:00"
+  version: 1.1.1
+digest: sha256:8da3c04e2c4a1ebfff4f21936399938e0f3fcf9fbd2f7135e7e907ce725b8f00
+generated: "2025-10-01T22:07:26.882147+02:00"
diff --git a/charts/minio/Chart.yaml b/charts/minio/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: minio
 description: High Performance Object Storage compatible with Amazon S3 APIs
 type: application
-version: 0.2.4
+version: 0.3.0
 appVersion: "2025.09.07"
 keywords:
   - minio
diff --git a/charts/minio/README.md b/charts/minio/README.md
@@ -133,12 +133,12 @@ The following table lists the configurable parameters of the MinIO chart and the
 | Parameter                                  | Description                                       | Default   |
 | ------------------------------------------ | ------------------------------------------------- | --------- |
 | `podSecurityContext.fsGroup`               | Group ID for the volumes of the pod               | `1000`    |
-| `securityContext.allowPrivilegeEscalation` | Enable container privilege escalation             | `false`   |
-| `securityContext.runAsNonRoot`             | Configure the container to run as a non-root user | `true`    |
-| `securityContext.runAsUser`                | User ID for the MinIO container                   | `1000`    |
-| `securityContext.runAsGroup`               | Group ID for the MinIO container                  | `1000`    |
-| `securityContext.readOnlyRootFilesystem`   | Mount container root filesystem as read-only      | `true`    |
-| `securityContext.capabilities.drop`        | Linux capabilities to be dropped                  | `["ALL"]` |
+| `containerSecurityContext.allowPrivilegeEscalation` | Enable container privilege escalation             | `false`   |
+| `containerSecurityContext.runAsNonRoot`             | Configure the container to run as a non-root user | `true`    |
+| `containerSecurityContext.runAsUser`                | User ID for the MinIO container                   | `1000`    |
+| `containerSecurityContext.runAsGroup`               | Group ID for the MinIO container                  | `1000`    |
+| `containerSecurityContext.readOnlyRootFilesystem`   | Mount container root filesystem as read-only      | `true`    |
+| `containerSecurityContext.capabilities.drop`        | Linux capabilities to be dropped                  | `["ALL"]` |
 
 ### Service configuration
 
diff --git a/charts/minio/templates/deployment.yaml b/charts/minio/templates/deployment.yaml
@@ -32,12 +32,10 @@ spec:
 {{- with (include "minio.imagePullSecrets" .) }}
 {{ . | nindent 6 }}
 {{- end }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      securityContext: {{ include "common.renderPodSecurityContext" . | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
+          securityContext: {{ include "common.renderContainerSecurityContext" . | nindent 12 }}
           image: {{ include "minio.image" . }}
           imagePullPolicy: {{ .Values.image.imagePullPolicy }}
           command: ["/bin/sh"]
diff --git a/charts/minio/values.yaml b/charts/minio/values.yaml
@@ -85,18 +85,18 @@ podSecurityContext:
   ## @param podSecurityContext.fsGroup Group ID for the volumes of the pod
   fsGroup: 1001
 
-securityContext:
-  ## @param securityContext.allowPrivilegeEscalation Enable container privilege escalation
+containerSecurityContext:
+  ## @param containerSecurityContext.allowPrivilegeEscalation Enable container privilege escalation
   allowPrivilegeEscalation: false
-  ## @param securityContext.runAsNonRoot Configure the container to run as a non-root user
+  ## @param containerSecurityContext.runAsNonRoot Configure the container to run as a non-root user
   runAsNonRoot: true
-  ## @param securityContext.runAsUser User ID for the MinIO container
+  ## @param containerSecurityContext.runAsUser User ID for the MinIO container
   runAsUser: 1001
-  ## @param securityContext.runAsGroup Group ID for the MinIO container
+  ## @param containerSecurityContext.runAsGroup Group ID for the MinIO container
   runAsGroup: 1001
-  ## @param securityContext.readOnlyRootFilesystem Mount container root filesystem as read-only
+  ## @param containerSecurityContext.readOnlyRootFilesystem Mount container root filesystem as read-only
   readOnlyRootFilesystem: true
-  ## @param securityContext.capabilities.drop Linux capabilities to be dropped
+  ## @param containerSecurityContext.capabilities.drop Linux capabilities to be dropped
   capabilities:
     drop:
       - ALL
