## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry and imagePullSecrets ## global: minio: accessKey: "minios3AccessKeyS3cr3t" secretKey: "m1n10s3CretK3yPassw0rd" # minio: {} # existingSecret: "" # accessKey: "" # secretKey: "" # imageRegistry: myRegistryName # imagePullSecrets: # - myRegistryKeySecretName # storageClass: myStorageClass ## Bitnami MinIO image version ## ref: https://hub.docker.com/r/bitnami/minio/tags/ ## image: registry: docker.io repository: bitnami/minio tag: 2020.10.9-debian-10-r6 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Set to true if you would like to see extra information on logs ## It turns BASH and NAMI debugging in minideb ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging debug: false ## String to partially override minio.fullname template (will maintain the release name) ## # nameOverride: ## String to fully override minio.fullname template ## # fullnameOverride: ## Scheduler name ## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## # schedulerName: stork serviceAccount: # Specifies whether a ServiceAccount should be created create: true # The name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template name: ## Cluster domain ## clusterDomain: cluster.local ## Bitnami MinIO Client image version ## ref: https://hub.docker.com/r/bitnami/minio-client/tags/ ## clientImage: registry: docker.io repository: bitnami/minio-client tag: 2020.10.3-debian-10-r9 ## Init containers parameters: ## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. ## volumePermissions: enabled: false image: registry: docker.io repository: bitnami/minideb tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Init container' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: {} # cpu: 100m # memory: 128Mi requests: {} # cpu: 100m # memory: 128Mi ## MinIO server mode. Allowed values: standalone or distributed. ## Distributed Minio ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide ## mode: standalone ## MinIO deployment parameters ## Only when mode is 'standalone' ## deployment: ## Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to makesure the pods is destroyed first. ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## Example: ## updateStrategy: ## type: RollingUpdate ## rollingUpdate: ## maxSurge: 25% ## maxUnavailable: 25% ## updateStrategy: type: Recreate ## MinIO statefulset parameters ## Only when mode is 'distributed' ## statefulset: ## Update strategy, can be set to RollingUpdate or OnDelete by default. ## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets ## updateStrategy: RollingUpdate ## StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel ## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy ## podManagementPolicy: Parallel ## Number of replicas, it must even and greater than 4 ## replicaCount: 4 ## Use existing secret (ignores accessKey, and secretKey passwords) ## # existingSecret: ## Mount MinIO secret as a file instead of passing environment variable ## useCredentialsFile: false ## Force reconfiguring new keys whenever the credentials change ## forceNewKeys: false ## MinIO credentials ## accessKey: ## MinIO Access Key ## ref: https://github.com/bitnami/bitnami-docker-minio/#setting-up-minio-in-distributed-mode ## password: ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. ## If it is not force, a random password will be generated. ## forcePassword: false secretKey: ## MinIO Secret Key ## ref: https://github.com/bitnami/bitnami-docker-minio/#setting-up-minio-in-distributed-mode ## password: ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. ## If it is not force, a random password will be generated. ## forcePassword: false ## Comma, semi-colon or space separated list of buckets to create at initialization (only in standalone mode) ## # defaultBuckets: "my-bucket, my-second-bucket" ## Disable MinIO Web UI ## ref: https://github.com/minio/minio/tree/master/docs/config/#browser ## disableWebUI: false ## Define custom environment variables to pass to the image here ## extraEnv: {} ## Define a custom command for the minio container command: {} ## Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## securityContext: enabled: true fsGroup: 1001 runAsUser: 1001 ## Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## affinity: {} ## Node labels for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## MinIO containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: {} # cpu: 250m # memory: 256Mi requests: {} # cpu: 250m # memory: 256Mi ## MinIO containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## livenessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 readinessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 5 ## Enable persistence using Persistent Volume Claims ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## persistence: ## If true, use a Persistent Volume Claim, If false, use emptyDir ## enabled: true ## Enable persistence using an existing PVC (only in standalone mode) ## # existingClaim: ## Data volume mount path ## mountPath: /data ## Persistent Volume Access Mode ## accessModes: - ReadWriteOnce ## Persistent Volume size ## size: 50Gi ## Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## # storageClass: "-" ## Persistent Volume Claim annotations ## annotations: {} ## MinIO Service properties ## service: ## MinIO Service type ## type: ClusterIP ## MinIO Service port ## port: 9000 ## Specify the nodePort value for the LoadBalancer and NodePort service types. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## # nodePort: ## Provide any additional annotations which may be required. This can be used to ## set the LoadBalancer service type to internal only. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## annotations: {} ## loadBalancerIP for the PrestaShop Service (optional, cloud specific) ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer ## # loadBalancerIP: ## Configure the ingress resource that allows you to access the ## MinIO web browser. Set up the URL ## ref: http://kubernetes.io/docs/user-guide/ingress/ ## ingress: ## Set to true to enable ingress record generation enabled: false ## Set this to true in order to add the corresponding annotations for cert-manager certManager: false ## Ingress annotations done as key:value pairs ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set # annotations: # kubernetes.io/ingress.class: nginx ## Ingress additional labels done as key:value pairs labels: {} ## The list of hostnames to be covered with this ingress record. ## Most likely this will be just one host, but in the event more hosts are needed, this is an array hosts: - name: minio.local path: / ## Set this to true in order to enable TLS on the ingress record tls: false ## Optionally specify the TLS hosts for the ingress record ## Useful when the Ingress controller supports www-redirection ## If not specified, the above host name will be used # tlsHosts: # - www.minio.local # - minio.local ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS tlsSecret: minio.local-tls secrets: ## If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## ## name should line up with a tlsSecret set further up ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information # - name: minio.local-tls # key: # certificate: ## NetworkPolicy parameters ## networkPolicy: ## Specifies whether a NetworkPolicy should be created ## enabled: false ## The Policy model to apply. When set to false, only pods with the correct ## client label will have network access to the port MinIO is listening ## on. When true, MinIO will accept connections from any source ## (with the correct destination port). ## allowExternal: true ## MinIO supports two authentication modes for Prometheus either jwt or public, by default MinIO runs in jwt mode. ## To allow public access without authentication for prometheus metrics set environment as follows. prometheusAuthType: public