Updating the Configuration Files

Use the template files provided to specify the EKS settings for the Protegrity Anonymization API.

1. Extract and update the files in the ANON-API_HELM_1.4.0.x.tgz package.

   The ANON-API_HELM_1.4.0.x.tgz package contains the values.yaml file that must be modified as per your requirements. It also contains the templates directory with yaml files.

   Note: Ensure that the necessary permissions for updating the files are assigned to the .yaml files.

2. Navigate to the <path_to_helm>/templates directory and delete the anon-db-storage-aws.yaml file.

3. Update the values.yaml file.

   Note: For more information about the values.yaml file, refer to values.yaml.

   1. Specify a namespace for the pods.

      namespace:
        name: **anon-ns**
      

   2. Specify the node name and zone information for the node as a prerequisite for the database pod and the Anon-Storage(MinIO) pod. Use the node name which is running in the same zone where the EBS is created.

      ## Prerequisite for setting up Database and Minio Pod.
      ## This is to handle any new DB pod getting created that uses the same persistence storage in case the running Database pod gets disrupted.
      ## This persistence also helps persist Anon-storage data.
      persistence:
        ## 1. Get the list of nodes in the cluster. CMD: kubectl get nodes
        ## 2. Get the node name which is running in the same zone where the external-storage is created. CMD: kubectl describe nodes
        nodename: "**<Node_name>**"                    # Update the Node name
      
        ## Fetch the zone in which the node is running using the `kubectl describe node/nodename` command or the following command.
        ## CMD: ` kubectl describe node/<nodename> | grep topology.kubernetes.io/zone | grep -oP 'topology.kubernetes.io/zone=K[^ ]+' `
        zone: "**<Zone in which above Node is running>**"
      
        ## For EKS cluster, supply the volumeID of the aws-ebs
        ## For AKS cluster, supply the subscriptionID of the azure-disk
        dbstorageId: "**<Provide dbstorage ID>**"           # To persist database schemas.
        anonstorageId: "**<Provide anonstorage ID>**"       # To persist Anonymized data.
      

   3. Update the repository information in the file. The Anon-Storage pod uses the MinIO Docker image quay.io/minio/minio:RELEASE.2022-10-29T06-21-33Z, which is pulled from the Public repository.

      image:
        minio_repo: quay.io/minio/minio                    # Public repo path for Minio Image.
        minio_tag: RELEASE.2022-10-29T06-21-33Z            # Tag name for Minio image.
      
        repository: **<Repo_path>**                            # Repo path for the Container Registry in Azure, GCP, AWS.
        anonapi_tag: **<AnonImage_tag>**                       # Tag name of the ANON-API Image.
        anonworkstation_tag: **<WorkstationImage_tag>**        # Tag name of the ANON-Workstation Image.
      
        pullPolicy: Always
      

      Note: Ensure that you update the repository, anonapi_tag, and anonworkstation_tag according to your container registry.

   4. MinIO uses access keys and secret for performing file operations. Protegrity provides a default set of credentials that are stored as part of the secret storage-creds. If you are creating your own secret, then, update the existingSecret parameter.

      anonstorage:
        ## Refer the following command for creating your own secret.
        ## CMD: kubectl create secret generic my-minio-secret --from-literal=rootUser=foobarbaz --from-literal=rootPassword=foobarbazqux
        existingSecret: ""                # Supply your secret Name for ignoring below default credentials.
        bucket_name: "anonstorage"        # Default bucket name for minio
        secret:
          name: "storage-creds"           # Secret to access minio-server
          access_key: "anonuser"          # Access key for minio-server
          secret_key: "protegrity"        # Secret key for minio-server