minio/helm/minio/values.yaml at metrics-v3 · poornas/minio

553 lines (495 loc) · 17.1 KB
## Provide a name in place of minio for `app:` labels
nameOverride: ""
## Provide a name to substitute for the full names of resources
fullnameOverride: ""
## set kubernetes cluster domain where minio is running
clusterDomain: cluster.local
## Set default image, imageTag, and imagePullPolicy. mode is used to indicate the
  repository: quay.io/minio/minio
  tag: RELEASE.2024-01-11T07-46-16Z
  pullPolicy: IfNotPresent
imagePullSecrets: []
# - name: "image-pull-secret"
## Set default image, imageTag, and imagePullPolicy for the `mc` (the minio
## client used to create a default bucket).
  repository: quay.io/minio/mc
  tag: RELEASE.2024-01-11T05-49-32Z
  pullPolicy: IfNotPresent
## minio mode, i.e. standalone or distributed
mode: distributed ## other supported values are "standalone"
## Additional labels to include with deployment or statefulset
additionalLabels: {}
## Additional annotations to include with deployment or statefulset
additionalAnnotations: {}
## Typically the deployment/statefulset includes checksums of secrets/config,
## So that when these change on a subsequent helm install, the deployment/statefulset
## is restarted. This can result in unnecessary restarts under GitOps tooling such as
## flux, so set to "true" to disable this behaviour.
ignoreChartChecksums: false
## Additional arguments to pass to minio binary
extraArgs: []
## Additional volumes to minio container
extraVolumes: []
## Additional volumeMounts to minio container
extraVolumeMounts: []
## Additional sidecar containers
extraContainers: []
## Internal port number for MinIO S3 API container
## Change service.port to change external port number
minioAPIPort: "9000"
## Internal port number for MinIO Browser Console container
## Change consoleService.port to change external port number
minioConsolePort: "9001"
## Update strategy for Deployments
deploymentUpdate:
  type: RollingUpdate
  maxUnavailable: 0
  maxSurge: 100%
## Update strategy for StatefulSets
statefulSetUpdate:
  updateStrategy: RollingUpdate
## Pod priority settings
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
priorityClassName: ""
## Pod runtime class name
## ref https://kubernetes.io/docs/concepts/containers/runtime-class/
runtimeClassName: ""
## Set default rootUser, rootPassword
## rootUser and rootPassword is generated when not set
## Distributed MinIO ref: https://min.io/docs/minio/linux/operations/install-deploy-manage/deploy-minio-multi-node-multi-drive.html
rootUser: ""
rootPassword: ""
## Use existing Secret that store following variables:
## | Chart var             | .data.<key> in Secret    |
## |:----------------------|:-------------------------|
## | rootUser              | rootUser                 |
## | rootPassword          | rootPassword             |
## All mentioned variables will be ignored in values file.
## .data.rootUser and .data.rootPassword are mandatory,
## others depend on enabled status of corresponding sections.
existingSecret: ""
## Directory on the MinIO pof
certsPath: "/etc/minio/certs/"
configPathmc: "/etc/minio/mc/"
## Path where PV would be mounted on the MinIO Pod
mountPath: "/export"
## Override the root directory which the minio server should serve from.
## If left empty, it defaults to the value of {{ .Values.mountPath }}
## If defined, it must be a sub-directory of the path specified in {{ .Values.mountPath }}
bucketRoot: ""
# Number of drives attached to a node
drivesPerNode: 1
# Number of MinIO containers running
replicas: 16
# Number of expanded MinIO clusters
## TLS Settings for MinIO
  enabled: false
  ## Create a secret with private.key and public.crt files and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
  certSecret: ""
  publicCrt: public.crt
  privateKey: private.key
## Trusted Certificates Settings for MinIO. Ref: https://min.io/docs/minio/linux/operations/network-encryption.html#third-party-certificate-authorities
## Bundle multiple trusted certificates into one secret and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
## When using self-signed certificates, remember to include MinIO's own certificate in the bundle with key public.crt.
## If certSecret is left empty and tls is enabled, this chart installs the public certificate from .Values.tls.certSecret.
trustedCertsSecret: ""
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
persistence:
  enabled: true
  annotations: {}
  ## A manually managed Persistent Volume and Claim
  ## Requires persistence.enabled: true
  ## If defined, PVC must be created manually before volume will be bound
  existingClaim: ""
  ## minio data Persistent Volume Storage Class
  ## If defined, storageClassName: <storageClass>
  ## If set to "-", storageClassName: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClassName spec is
  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
  ## Storage class of PV to bind. By default it looks for standard storage class.
  ## If the PV uses a different storage class, specify that here.
  storageClass: ""
  volumeName: ""
  accessMode: ReadWriteOnce
  size: 500Gi
  ## If subPath is set mount a sub folder of a volume instead of the root of the volume.
  ## This is especially handy for volume plugins that don't natively support sub mounting (like glusterfs).
  subPath: ""
## Expose the MinIO service to be accessed from outside the cluster (LoadBalancer service).
## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
## ref: http://kubernetes.io/docs/user-guide/services/
  type: ClusterIP
  clusterIP: ~
  port: "9000"
  nodePort: 32000
  loadBalancerIP: ~
  externalIPs: []
  annotations: {}
## Configure Ingress based on the documentation here: https://kubernetes.io/docs/concepts/services-networking/ingress/
  enabled: false
  ingressClassName: ~
  labels: {}
    # node-role.kubernetes.io/ingress: platform
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
    # kubernetes.io/ingress.allow-http: "false"
    # kubernetes.io/ingress.global-static-ip-name: ""
    # nginx.ingress.kubernetes.io/secure-backends: "true"
    # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0
    - minio-example.local
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local
consoleService:
  type: ClusterIP
  clusterIP: ~
  port: "9001"
  nodePort: 32001
  loadBalancerIP: ~
  externalIPs: []
  annotations: {}
consoleIngress:
  enabled: false
  ingressClassName: ~
  labels: {}
    # node-role.kubernetes.io/ingress: platform
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
    # kubernetes.io/ingress.allow-http: "false"
    # kubernetes.io/ingress.global-static-ip-name: ""
    # nginx.ingress.kubernetes.io/secure-backends: "true"
    # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0
    - console.minio-example.local
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local
## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector: {}
tolerations: []
affinity: {}
topologySpreadConstraints: []
## Add stateful containers to have security context, if enabled MinIO will run as this
## user and group NOTE: securityContext is only enabled if persistence.enabled=true
securityContext:
  enabled: true
  runAsUser: 1000
  runAsGroup: 1000
  fsGroup: 1000
  fsGroupChangePolicy: "OnRootMismatch"
# Additational pod annotations
podAnnotations: {}
# Additional pod labels
podLabels: {}
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  requests:
    memory: 16Gi
## List of policies to be created after minio install
## In addition to default policies [readonly|readwrite|writeonly|consoleAdmin|diagnostics]
## you can define additional policies with custom supported actions and resources
policies: []
## writeexamplepolicy policy grants creation or deletion of buckets with name
## starting with example. In addition, grants objects write permissions on buckets starting with
## example.
# - name: writeexamplepolicy
#   statements:
#     - effect: Allow  # this is the default
#       resources:
#         - 'arn:aws:s3:::example*/*'
#       actions:
#         - "s3:AbortMultipartUpload"
#         - "s3:GetObject"
#         - "s3:DeleteObject"
#         - "s3:PutObject"
#         - "s3:ListMultipartUploadParts"
#     - resources:
#         - 'arn:aws:s3:::example*'
#       actions:
#         - "s3:CreateBucket"
#         - "s3:DeleteBucket"
#         - "s3:GetBucketLocation"
#         - "s3:ListBucket"
#         - "s3:ListBucketMultipartUploads"
## readonlyexamplepolicy policy grants access to buckets with name starting with example.
## In addition, grants objects read permissions on buckets starting with example.
# - name: readonlyexamplepolicy
#   statements:
#     - resources:
#         - 'arn:aws:s3:::example*/*'
#       actions:
#         - "s3:GetObject"
#     - resources:
#         - 'arn:aws:s3:::example*'
#       actions:
#         - "s3:GetBucketLocation"
#         - "s3:ListBucket"
#         - "s3:ListBucketMultipartUploads"
## conditionsexample policy creates all access to example bucket with aws:username="johndoe" and source ip range 10.0.0.0/8 and 192.168.0.0/24 only
# - name: conditionsexample
#   statements:
#     - resources:
#       - 'arn:aws:s3:::example/*'
#       actions:
#       - 's3:*'
#       conditions:
#         - StringEquals: '"aws:username": "johndoe"'
#         - IpAddress: |
#             "aws:SourceIp": [
#               "10.0.0.0/8",
#               "192.168.0.0/24"
## Additional Annotations for the Kubernetes Job makePolicyJob
makePolicyJob:
  securityContext:
    enabled: false
    runAsUser: 1000
    runAsGroup: 1000
  resources:
    requests:
      memory: 128Mi
  # Command to run after the main command on exit
  exitCommand: ""
## List of users to be created after minio install
  ## Username, password and policy to be assigned to the user
  ## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics]
  ## Add new policies as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management.html#access-management
  ## NOTE: this will fail if LDAP is enabled in your MinIO deployment
  ## make sure to disable this if you are using LDAP.
  - accessKey: console
    secretKey: console123
    policy: consoleAdmin
  # Or you can refer to specific secret
  #- accessKey: externalSecret
  #  existingSecret: my-secret
  #  existingSecretKey: password
  #  policy: readonly
## Additional Annotations for the Kubernetes Job makeUserJob
makeUserJob:
  securityContext:
    enabled: false
    runAsUser: 1000
    runAsGroup: 1000
  resources:
    requests:
      memory: 128Mi
  # Command to run after the main command on exit
  exitCommand: ""
## List of service accounts to be created after minio install
svcaccts: []
  ## accessKey, secretKey and parent user to be assigned to the service accounts
  ## Add new service accounts as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#service-accounts
  # - accessKey: console-svcacct
  #   secretKey: console123
  #   user: console
  ## Or you can refer to specific secret
  # - accessKey: externalSecret
  #   existingSecret: my-secret
  #   existingSecretKey: password
  #   user: console
  ## You also can pass custom policy
  # - accessKey: console-svcacct
  #   secretKey: console123
  #   user: console
  #   policy:
  #     statements:
  #       - resources:
  #           - 'arn:aws:s3:::example*/*'
  #         actions:
  #           - "s3:AbortMultipartUpload"
  #           - "s3:GetObject"
  #           - "s3:DeleteObject"
  #           - "s3:PutObject"
  #           - "s3:ListMultipartUploadParts"
makeServiceAccountJob:
  securityContext:
    enabled: false
    runAsUser: 1000
    runAsGroup: 1000
  resources:
    requests:
      memory: 128Mi
  # Command to run after the main command on exit
  exitCommand: ""
## List of buckets to be created after minio install
buckets: []
  #   # Name of the bucket
  # - name: bucket1
  #   # Policy to be set on the
  #   # bucket [none|download|upload|public]
  #   policy: none
  #   # Purge if bucket exists already
  #   purge: false
  #   # set versioning for
  #   # bucket [true|false]
  #   versioning: false # remove this key if you do not want versioning feature
  #   # set objectlocking for
  #   # bucket [true|false] NOTE: versioning is enabled by default if you use locking
  #   objectlocking: false
  # - name: bucket2
  #   policy: none
  #   purge: false
  #   versioning: true
  #   # set objectlocking for
  #   # bucket [true|false] NOTE: versioning is enabled by default if you use locking
  #   objectlocking: false
## Additional Annotations for the Kubernetes Job makeBucketJob
makeBucketJob:
  securityContext:
    enabled: false
    runAsUser: 1000
    runAsGroup: 1000
  resources:
    requests:
      memory: 128Mi
  # Command to run after the main command on exit
  exitCommand: ""
## List of command to run after minio install
## NOTE: the mc command TARGET is always "myminio"
customCommands:
  # - command: "admin policy attach myminio consoleAdmin --group='cn=ops,cn=groups,dc=example,dc=com'"
## Additional Annotations for the Kubernetes Job customCommandJob
customCommandJob:
  securityContext:
    enabled: false
    runAsUser: 1000
    runAsGroup: 1000
  resources:
    requests:
      memory: 128Mi
  # Command to run after the main command on exit
  exitCommand: ""
## Merge jobs
  podAnnotations: {}
  annotations: {}
  securityContext:
    enabled: false
    runAsUser: 1000
    runAsGroup: 1000
    fsGroup: 1000
  nodeSelector: {}
  tolerations: []
  affinity: {}
## Use this field to add environment variables relevant to MinIO server. These fields will be passed on to MinIO container(s)
## when Chart is deployed
environment:
  ## Please refer for comprehensive list https://min.io/docs/minio/linux/reference/minio-server/minio-server.html
  ## MINIO_SUBNET_LICENSE: "License key obtained from https://subnet.min.io"
  ## MINIO_BROWSER: "off"
## The name of a secret in the same kubernetes namespace which contain secret values
## This can be useful for LDAP password, etc
## The key in the secret must be 'config.env'
extraSecret: ~
## OpenID Identity Management
## The following section documents environment variables for enabling external identity management using an OpenID Connect (OIDC)-compatible provider.
## See https://min.io/docs/minio/linux/operations/external-iam/configure-openid-external-identity-management.html for a tutorial on using these variables.
  enabled: false
  configUrl: "https://identity-provider-url/.well-known/openid-configuration"
  clientId: "minio"
  clientSecret: ""
  # Provide existing client secret from the Kubernetes Secret resource, existing secret will have priority over `clientSecret`
  existingClientSecretName: ""
  existingClientSecretKey: ""
  claimName: "policy"
  scopes: "openid,profile,email"
  redirectUri: "https://console-endpoint-url/oauth_callback"
  # Can leave empty
  claimPrefix: ""
  comment: ""
  displayName: ""
networkPolicy:
  enabled: false
  # Specifies whether the policies created will be standard Network Policies (flavor: kubernetes)
  # or Cilium Network Policies (flavor: cilium)
  flavor: kubernetes
  allowExternal: true
  # only when using flavor: cilium
  egressEntities:
   - kube-apiserver
## PodDisruptionBudget settings
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
podDisruptionBudget:
  enabled: false
  maxUnavailable: 1
## Specify the service account to use for the MinIO pods. If 'create' is set to 'false'
## and 'name' is left unspecified, the account 'default' will be used.
serviceAccount:
  create: true
  ## The name of the service account to use. If 'create' is 'true', a service account with that name
  ## will be created.
  name: "minio-sa"
  serviceMonitor:
    enabled: false
    # scrape each node/pod individually for additional metrics
    includeNode: false
    public: true
    additionalLabels: {}
    annotations: {}
    # for node metrics
    relabelConfigs: {}
    # for cluster metrics
    relabelConfigsCluster: {}
      # metricRelabelings:
      #   - regex: (server|pod)
      #     action: labeldrop
    namespace: ~
    # Scrape interval, for example `interval: 30s`
    interval: ~
    # Scrape timeout, for example `scrapeTimeout: 10s`
    scrapeTimeout: ~
## ETCD settings: https://github.com/minio/minio/blob/master/docs/sts/etcd.md
## Define endpoints to enable this section.
  endpoints: []
  pathPrefix: ""
  corednsPathPrefix: ""
  clientCert: ""
  clientCertKey: ""
Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FilesExpand file tree

values.yaml

Latest commit

History

values.yaml

File metadata and controls
