Default backing store qs

[herbeck558]

Hi - I'm installing noobaa via noobaa install cli on an azure ARO/openshift cluster and it created its own storage account in the azure aro resource group using the ARO secrets it seems to have found during its install. That is great for getting started but the storage account it sets up is not secured (open to public, has http turned on,etc). I'd like to have it use my own storage account I have set already - is there a option or some kube config I can do a head of time to force it to use that?

Also, later I ran noobaa uninstall --cleanup and noticed it left the storage account orphaned and I cannot remove it now (the aro resource group has a deny permission acl so things in there can only be deleted via aro app). Any option to have it clean that up?

Thanks!

[nimrod-becker]

@herbeck558 Thanks for the feedback.

We are working on an ability to change the default BackingStore created during deployment, so essentially you would be able to create a new one, however, you want. Set it as the default and delete the old default.

In addition, if there is a set of hardened settings you believe we can use, can you please list them and we will try to check and if which ones we can change for the default we create.

[herbeck558]

Thanks @nimrod-becker that's great to hear.

For default hardening settings - turning off http (so only https) would be a common minimum requirement; using private network (disable public network access) would be what we need as well.

Ideally we could create our own storage and provide the info for that to that for the install program to use.
Rotating the credentials to that storage every 90 days also a requirement we have.