Kaspersky Container Security
Configuring the MinIO external storage settings
To configure the Kaspersky Container Security settings to use the external S3-compatible MinIO file storage:
- In the values.yaml configuration file, specify that the solution uses external MinIO file storage:
default:
kcs-s3:
external: true
- Specify variable values for using MinIO:
configmap:infraconfig:type: fromEnvsenvs:...variables for using the external MinIO file storage>In this section you must specify the following variables:
MINIO_HOSTis the host to connect to MinIO.MINIO_PORTis the port to connect to MinIO.MINIO_BUCKET_NAMEis the name of the section in MinIO allocated for Kaspersky Container Security data.MINIO_SSLis the variable for ssl connection to MinIO (including using the https protocol).If
TLS_INTERNALisfalse,MINIO_SSLmust also befalse.MINIO_ROOT_CA_PATHis the path to the CA certificate, which is specified if the https protocol is used to connect to MinIO (MINIO_SSL: true). You can specify the path in one of the following ways:- Put the MinIO CA certificate in the directory specified by the path. In this case, you must uncomment the
secret.cert-minio-cablock. - Use Vault to store certificate data. In this case, you must uncomment the
cert-minio-cablock in thevault.certificatesection.
- Put the MinIO CA certificate in the directory specified by the path. In this case, you must uncomment the
- Specify values of secrets for using the external MinIO file storage:
configmap:secret:infracreds:type: fromEnvsenvs:...<secrets for using the external MinIO file storage>In this section you must specify the following:
MINIO_ROOT_USERis the name of the MinIO user specified for Kaspersky Container Security.MINIO_ROOT_PASSWORDis the password of the MinIO user user specified for Kaspersky Container Security.
Usernames and passwords can also be specified using the Vault secret storage.
Example of configuring the MinIO external file storage settings