Updating the Configuration Files

Use the template files provided to specify the AKS settings for the Protegrity Anonymization API.

1. Create the Protegrity Anonymization API namespace using the following command.

   kubectl create namespace <name>
   

   Note: Update and use the from the values.yaml file that is present in the Helm chart.

2. Extract and update the files in the ANON-API_HELM_1.4.0.x.tgz package.

   The ANON-API_HELM_1.4.0.x.tgz package contains the values.yaml file that must be modified as per your requirements. It also contains the templates directory with yaml files.

   Note: Ensure that the necessary permissions for updating the files are assigned to the .yaml files.

3. Navigate to the <path_to_helm>/templates directory and delete the anon-dbpvc-aws.yaml and the anon-storagepvc-aws.yaml files.

4. Update the values.yaml file.

   Note: For more information about the values.yaml file, refer to values.yaml.

   1. Specify a namespace for the pods.

      namespace:
        name: **anon-ns**
      

   2. Specify the node name and zone information for the node as a prerequisite for the database pod and the Anon-Storage(MinIO) pod. Use the node name which is running in the same zone where the AKS is created.

      ## Prerequisite for setting up Database and Minio Pod.
      ## This is to handle any new DB pod getting created that uses the same persistence storage in case the running Database pod gets disrupted.
      ## This persistence also helps persist Anon-storage data.
      persistence:
        ## 1. Get the list of nodes in the cluster. CMD: kubectl get nodes
        ## 2. Get the node name which is running in the same zone where the external-storage is created. CMD: kubectl describe nodes
        nodename: "**<Node_name>**"                    # Update the Node name
      
        ## Fetch the zone in which the node is running using the `kubectl describe node/nodename` command or the following command.
        ## CMD: ` kubectl describe node/<nodename> | grep topology.kubernetes.io/zone | grep -oP 'topology.kubernetes.io/zone=K[^ ]+' `
        zone: "**<Zone in which above Node is running>**"
      
        ## For EKS cluster, supply the volumeID of the aws-ebs
        ## For AKS cluster, supply the subscriptionID of the azure-disk
        dbstorageId: "**<Provide dbstorage ID>**"           # To persist database schemas.
        anonstorageId: "**<Provide anonstorage ID>**"       # To persist Anonymized data.
      

   3. Update the repository information in the file. The Anon-Storage pod uses the MinIO Docker image quay.io/minio/minio:RELEASE.2022-10-29T06-21-33Z, which is pulled from the Public repository.

      image:
        minio_repo: quay.io/minio/minio                    # Public repo path for Minio Image.
        minio_tag: RELEASE.2022-10-29T06-21-33Z            # Tag name for Minio image.
      
        repository: **<Repo_path>**                            # Repo path for the Container Registry in Azure, GCP, AWS.
        anonapi_tag: **<AnonImage_tag>**                       # Tag name of the ANON-API Image.
        anonworkstation_tag: **<WorkstationImage_tag>**        # Tag name of the ANON-Workstation Image.
      
        pullPolicy: Always
      

      Note: Ensure that you update the repository, anonapi_tag, and anonworkstation_tag according to your container registry.

   4. MinIO uses access keys and secret for performing file operations. Protegrity provides a default set of credentials that are stored as part of the secret storage-creds. If you are creating your own secret, then, update the existingSecret section.

      anonstorage:
        ## Refer the following command for creating your own secret.
        ## CMD: kubectl create secret generic my-minio-secret --from-literal=rootUser=foobarbaz --from-literal=rootPassword=foobarbazqux
        existingSecret: ""                # Supply your secret Name for ignoring below default credentials.
        bucket_name: "anonstorage"        # Default bucket name for minio
        secret:
          name: "storage-creds"           # Secret to access minio-server
          access_key: "anonuser"          # Access key for minio-server
          secret_key: "protegrity"        # Secret key for minio-server
      

5. Extract the values.yaml Helm chart from the package.

6. Uncomment the following parameters and update the secret name in the values.yaml file.

   ## This section is required if the image is getting pulled from the Azure Container Registry
   ## create image pull secrets and specify the name here.
   ## remove the [] after 'imagePullSecrets:' once you specify the secrets
   #imagePullSecrets: []
   #  - name: regcred
   

7. Perform the following steps for the communication between the Kubernetes cluster and the Azure Container Registry.

   1. Run the following command from a command prompt to login.

      docker login
      

   2. Specify your ACR access credentials.

8. Create the secret for Azure by using the following command.

   kubectl create secret generic regcred --from-file=.dockerconfigjson=<PATH_TO_DOCKER_CONFIG>/config.json --type=Kubernetes.io/dockerconfigjson --namespace <NAMESPACE>