Updating the Configuration Files

Use the template files provided to specify the AKS settings for the Protegrity Anonymization API.

1. Create the Protegrity Anonymization API namespace using the following command.

   kubectl create namespace <name>
   

   Note: Update and use the from the values.yaml file that is present in the Helm chart.

2. Extract and update the files in the ANON-API_HELM_1.4.1.14.tgz package.

   The ANON-API_HELM_1.4.1.14.tgz package contains the values.yaml file that must be modified as per your requirements. It also contains the templates directory with yaml files.

   Note: Ensure that the necessary permissions for updating the files are assigned to the .yaml files.

3. Update the values.yaml file.

   Note: For more information about the values.yaml file, refer to values.yaml.

   a. Specify a namespace for the pods.

   ```
   namespace:
     name: **anon-ns**                # Update the namespace if required.
   ```
   

   b. Specify the node name and zone information for the node as a prerequisite for the database pod and the Anon-Storage (S3 bucket) pod. Use the node name which is running in the same zone where the AKS is created.

   ```
   ## Prerequisite for setting up Database and S3 bucket Pod.
   ## This is to handle any new DB pod getting created that uses the same persistence storage in case the running Database pod gets disrupted.
   ## This persistence also helps persist Anon-storage data.
   persistence:
   ## Update storageClassName based on the PV/PVC/Storage config.
   storageClassName:          # Example: managed-premium for Azure, standard for AWS EKS, gp2 for AWS EC2, standard for GCP.
   fsType: ext4
   
   ## This section is required if the image is getting pulled from the Azure Container Registry
   ## create image pull secrets and specify the name here.
   ## remove the [] after 'imagePullSecrets:' once you specify the secrets
   #imagePullSecrets: []
   #  - name: regcred
   
   ## This section is required if the S3 bucket image is getting pulled from the Azure Container Registry instead of Public Repo
   ## create image pull secrets and specify the name here.
   ## remove the [] after 'imagePullSecrets:' once you specify the secrets
   #minioImagePullSecrets: []
   #  - name: regcred
   ```
   

   3. Update the repository information in the file. The Anon-Storage pod uses the S3 bucket Docker image quay.io/minio/minio:RELEASE.2025-04-03T14-56-28Z, which is pulled from the Public repository.

      image:
          minio_repo: quay.io/minio/minio                    # Public repo path for Minio Image.
          minio_tag: RELEASE.2025-04-03T14-56-28Z            # Tag name for Minio image.
          repository: <Repo_path>                            # Repo path for the Container Registry in Azure, AWS.
          anonapi_tag: <AnonImage_tag>                       # Tag name of the ANON-API Image.
          database_tag: <DatabaseImage_tag>                  # Tag name of the ANON-API Image.
      
          pullPolicy: Always
      

      Note: Ensure that you update the repository and anonapi_tag according to your container registry.

   4. S3 bucket uses access keys and secrets for performing file operations. Protegrity provides a default set of credentials that are stored as part of the secret storage-creds. If you are creating your own secret, then, update the existingSecret section.

      storage:
          ## Refer the following command for creating your own secret.
          ## CMD: kubectl create secret generic my-minio-secret --from-literal=rootUser=foobarbaz --from-literal=rootPassword=foobarbazqux
          existingSecret: ""                # Supply your secret Name for ignoring below default credentials.
          bucket_name: "anonstorage"        # Default bucket name for S3 bucket
          secret:
              name: "storage-creds"           # Secret to access minio-server
              access_key: "anonuser"          # Access key for minio-server
              secret_key: "protegrity"        # Secret key for minio-server
      

4. Extract the values.yaml Helm chart from the package.

5. Uncomment the following parameters and update the secret name in the values.yaml file.

   ## This section is required if the image is getting pulled from the Azure Container Registry
   ## create image pull secrets and specify the name here.
   ## remove the [] after 'imagePullSecrets:' once you specify the secrets
   #imagePullSecrets: []
   #  - name: regcred
   

6. Perform the following steps for the communication between the Kubernetes cluster and the Azure Container Registry.

   a. Run the following command from a command prompt to log in.

   ```
   docker login
   ```
   

   b. Specify your ACR access credentials.