Updating the Configuration Files

Use the template files provided to specify the EKS settings for the Protegrity Anonymization API.

1. Extract and update the files in the ANON-API_HELM_1.4.1.14.tgz package.

   The ANON-API_HELM_1.4.1.14.tgz package contains the values.yaml file that must be modified as per your requirements. It also contains the templates directory with yaml files.

   Note: Ensure that the necessary permissions for updating the files are assigned to the .yaml files.

2. Update the values.yaml file.

   Note: For more information about the values.yaml file, refer to values.yaml.

   a. Specify a namespace for the pods.

   ```
   namespace:
     name: **anon-ns**                # Update the namespace if required.
   ```
   

   b. Specify the node name and zone information for the node as a prerequisite for the database pod and the Anon-Storage(S3 bucket) pod. Use the node name which is running in the same zone where the EBS is created.

   ```
   ## Prerequisite for setting up Database and MinIO Pod.
   ## This is to handle any new DB pod getting created that uses the same persistence storage in case the running Database pod gets disrupted.
   ## This persistence also helps persist Anon-storage data.
   persistence:
   ## Update storageClassName based on the PV/PVC/Storage config.
   storageClassName:          # Example: managed-premium for Azure, standard for AWS EKS, gp2 for AWS EC2, standard for GCP.
   fsType: ext4
   
   ## This section is required if the image is getting pulled from the Azure Container Registry
   ## create image pull secrets and specify the name here.
   ## remove the [] after 'imagePullSecrets:' once you specify the secrets
   #imagePullSecrets: []
   #  - name: regcred
   
   ## This section is required if the S3 bucket image is getting pulled from the Azure Container Registry instead of Public Repo
   ## create image pull secrets and specify the name here.
   ## remove the [] after 'imagePullSecrets:' once you specify the secrets
   #minioImagePullSecrets: []
   #  - name: regcred
   ```
   

   3. Update the repository information in the file. The Anon-Storage pod uses the S3 bucket Docker image quay.io/minio/minio:RELEASE.2025-04-03T14-56-28Z, which is pulled from the Public repository.

      image:
          minio_repo: quay.io/minio/minio                   # Public repo path for MiniO Image.
          minio_tag: RELEASE.2025-04-03T14-56-28Z           # Tag name for Minio image.
          repository: <Repo_path>                           # Repo path for the Container Registry in Azure, AWS.
          anonapi_tag: <AnonImage_tag>                      # Tag name of the ANON-API Image.
          database_tag: <DatabaseImage_tag>                       # Tag name of the ANON-API Image.
      
          pullPolicy: Always
      

      Note: Ensure that you update the repository and anonapi_tag according to your container registry.

   4. S3 bucket uses access keys and secrets for performing file operations. Protegrity provides a default set of credentials that are stored as part of the secret storage-creds. If you are creating your own secret, then, update the existingSecret parameter.

      storage:
          ## Refer the following command for creating your own secret.
          ## CMD: kubectl create secret generic my-minio-secret --from-literal=rootUser=foobarbaz --from-literal=rootPassword=foobarbazqux
          existingSecret: ""                # Supply your secret Name for ignoring below default credentials.
          bucket_name: "anonstorage"        # Default bucket name for S3 bucket
          secret:
              name: "storage-creds"           # Secret to access minio-server
              access_key: "anonuser"          # Access key for minio-server
              secret_key: "protegrity"        # Secret key for minio-server