hive-apps/projects/services/values/s3.yml

image:
  repository: quay.io/minio/minio
  tag: RELEASE.2024-01-13T07-53-03Z
  pullPolicy: IfNotPresent

## Set default image, imageTag, and imagePullPolicy for the `mc` (the minio
## client used to create a default bucket).
##
mcImage:
  repository: quay.io/minio/mc
  tag: RELEASE.2024-01-13T08-44-48Z
  pullPolicy: IfNotPresent

## minio mode, i.e. standalone or distributed
mode: standalone ## other supported values are "standalone"

## Update strategy for Deployments
deploymentUpdate:
  type: RollingUpdate
  maxUnavailable: 0
  maxSurge: 100%

## Update strategy for StatefulSets
statefulSetUpdate:
  updateStrategy: RollingUpdate

## | Chart var             | .data.<key> in Secret    |
## |:----------------------|:-------------------------|
## | rootUser              | rootUser                 |
## | rootPassword          | rootPassword             |
##
## All mentioned variables will be ignored in values file.
## .data.rootUser and .data.rootPassword are mandatory,
## others depend on enabled status of corresponding sections.
existingSecret: "minio-root"

## Path where PV would be mounted on the MinIO Pod
mountPath: "/data"

# Number of drives attached to a node
drivesPerNode: 1
# Number of MinIO containers running
replicas: 1
# Number of expanded MinIO clusters
pools: 1

## TLS Settings for MinIO
tls:
  enabled: false

## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
  enabled: true

  storageClass: "local-path"
  accessMode: ReadWriteOnce
  size: 200Gi

ingress:
  enabled: true
  ingressClassName: ~
  annotations:
    cert-manager.io/cluster-issuer: vault-issuer
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
  path: /
  hosts:
    - s3.dc
  tls:
  - secretName: minio-s3-tls
    hosts:
      - s3.dc

consoleIngress:
  enabled: true
  ingressClassName: ~
  annotations:
    cert-manager.io/cluster-issuer: vault-issuer
  path: /
  hosts:
    - minio-console.dc
  tls:
  - secretName: minio-console-tls
    hosts:
      - minio-console.dc

securityContext:
  enabled: true
  runAsUser: 1000
  runAsGroup: 1000
  fsGroup: 1000
  fsGroupChangePolicy: "OnRootMismatch"

## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
  requests:
    memory: 200Mi

## List of policies to be created after minio install
##
## In addition to default policies [readonly|readwrite|writeonly|consoleAdmin|diagnostics]
## you can define additional policies with custom supported actions and resources
policies: []
## writeexamplepolicy policy grants creation or deletion of buckets with name
## starting with example. In addition, grants objects write permissions on buckets starting with
## example.
# - name: writeexamplepolicy
#   statements:
#     - resources:
#         - 'arn:aws:s3:::example*/*'
#       actions:
#         - "s3:AbortMultipartUpload"
#         - "s3:GetObject"
#         - "s3:DeleteObject"
#         - "s3:PutObject"
#         - "s3:ListMultipartUploadParts"
#     - resources:
#         - 'arn:aws:s3:::example*'
#       actions:
#         - "s3:CreateBucket"
#         - "s3:DeleteBucket"
#         - "s3:GetBucketLocation"
#         - "s3:ListBucket"
#         - "s3:ListBucketMultipartUploads"
## readonlyexamplepolicy policy grants access to buckets with name starting with example.
## In addition, grants objects read permissions on buckets starting with example.
# - name: readonlyexamplepolicy
#   statements:
#     - resources:
#         - 'arn:aws:s3:::example*/*'
#       actions:
#         - "s3:GetObject"
#     - resources:
#         - 'arn:aws:s3:::example*'
#       actions:
#         - "s3:GetBucketLocation"
#         - "s3:ListBucket"
#         - "s3:ListBucketMultipartUploads"
## conditionsexample policy creates all access to example bucket with aws:username="johndoe" and source ip range 10.0.0.0/8 and 192.168.0.0/24 only
# - name: conditionsexample
#   statements:
#     - resources:
#       - 'arn:aws:s3:::example/*'
#       actions:
#       - 's3:*'
#       conditions:
#         - StringEquals: '"aws:username": "johndoe"'
#         - IpAddress: |
#             "aws:SourceIp": [
#               "10.0.0.0/8",
#               "192.168.0.0/24"
#             ]
#
## Additional Annotations for the Kubernetes Job makePolicyJob
makePolicyJob:
  securityContext:
    enabled: true
    runAsUser: 1000
    runAsGroup: 1000
  resources:
    requests:
      memory: 128Mi
  # Command to run after the main command on exit
  exitCommand: ""

## List of users to be created after minio install
##
users: []
  ## Username, password and policy to be assigned to the user
  ## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics]
  ## Add new policies as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management.html#access-management
  ## NOTE: this will fail if LDAP is enabled in your MinIO deployment
  ## make sure to disable this if you are using LDAP.
  # - accessKey: console
  #   secretKey: console123
  #   policy: consoleAdmin
  # Or you can refer to specific secret
  #- accessKey: externalSecret
  #  existingSecret: my-secret
  #  existingSecretKey: password
  #  policy: readonly

## Additional Annotations for the Kubernetes Job makeUserJob
makeUserJob:
  securityContext:
    enabled: false
    runAsUser: 1000
    runAsGroup: 1000
  resources:
    requests:
      memory: 128Mi
  # Command to run after the main command on exit
  exitCommand: ""

## List of service accounts to be created after minio install
##
svcaccts: []
  ## accessKey, secretKey and parent user to be assigned to the service accounts
  ## Add new service accounts as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#service-accounts
  # - accessKey: console-svcacct
  #   secretKey: console123
  #   user: console
  ## Or you can refer to specific secret
  # - accessKey: externalSecret
  #   existingSecret: my-secret
  #   existingSecretKey: password
  #   user: console
  ## You also can pass custom policy
  # - accessKey: console-svcacct
  #   secretKey: console123
  #   user: console
  #   policy:
  #     statements:
  #       - resources:
  #           - 'arn:aws:s3:::example*/*'
  #         actions:
  #           - "s3:AbortMultipartUpload"
  #           - "s3:GetObject"
  #           - "s3:DeleteObject"
  #           - "s3:PutObject"
  #           - "s3:ListMultipartUploadParts"

makeServiceAccountJob:
  securityContext:
    enabled: true
    runAsUser: 1000
    runAsGroup: 1000
  resources:
    requests:
      memory: 128Mi
  # Command to run after the main command on exit
  exitCommand: ""

## List of buckets to be created after minio install
##
buckets: []
  #   # Name of the bucket
  # - name: bucket1
  #   # Policy to be set on the
  #   # bucket [none|download|upload|public]
  #   policy: none
  #   # Purge if bucket exists already
  #   purge: false
  #   # set versioning for
  #   # bucket [true|false]
  #   versioning: false
  #   # set objectlocking for
  #   # bucket [true|false] NOTE: versioning is enabled by default if you use locking
  #   objectlocking: false
  # - name: bucket2
  #   policy: none
  #   purge: false
  #   versioning: true
  #   # set objectlocking for
  #   # bucket [true|false] NOTE: versioning is enabled by default if you use locking
  #   objectlocking: false

## Additional Annotations for the Kubernetes Job makeBucketJob
makeBucketJob:
  securityContext:
    enabled: false
    runAsUser: 1000
    runAsGroup: 1000
  resources:
    requests:
      memory: 128Mi
  # Command to run after the main command on exit
  exitCommand: ""

## Use this field to add environment variables relevant to MinIO server. These fields will be passed on to MinIO container(s)
## when Chart is deployed
environment:
  ## Please refer for comprehensive list https://min.io/docs/minio/linux/reference/minio-server/minio-server.html
  ## MINIO_SUBNET_LICENSE: "License key obtained from https://subnet.min.io"
  ## MINIO_BROWSER: "off"

## The name of a secret in the same kubernetes namespace which contain secret values
## This can be useful for LDAP password, etc
## The key in the secret must be 'config.env'
##
extraSecret: ~

podDisruptionBudget:
  enabled: false

metrics:
  serviceMonitor:
    enabled: false
add(minio): migration to official chart 2023-08-28 10:56:17 +00:00			`image:`
			`repository: quay.io/minio/minio`
update(s3) 2024-01-15 10:38:22 +00:00			`tag: RELEASE.2024-01-13T07-53-03Z`
add(minio): migration to official chart 2023-08-28 10:56:17 +00:00			`pullPolicy: IfNotPresent`

			## Set default image, imageTag, and imagePullPolicy for the `mc` (the minio
			`## client used to create a default bucket).`
			`##`
			`mcImage:`
			`repository: quay.io/minio/mc`
update(s3) 2024-01-15 10:38:22 +00:00			`tag: RELEASE.2024-01-13T08-44-48Z`
add(minio): migration to official chart 2023-08-28 10:56:17 +00:00			`pullPolicy: IfNotPresent`

			`## minio mode, i.e. standalone or distributed`
			`mode: standalone ## other supported values are "standalone"`

			`## Update strategy for Deployments`
			`deploymentUpdate:`
			`type: RollingUpdate`
			`maxUnavailable: 0`
			`maxSurge: 100%`

			`## Update strategy for StatefulSets`
			`statefulSetUpdate:`
			`updateStrategy: RollingUpdate`

			`## \| Chart var \| .data.<key> in Secret \|`
			`## \|:----------------------\|:-------------------------\|`
			`## \| rootUser \| rootUser \|`
			`## \| rootPassword \| rootPassword \|`
			`##`
			`## All mentioned variables will be ignored in values file.`
			`## .data.rootUser and .data.rootPassword are mandatory,`
			`## others depend on enabled status of corresponding sections.`
			`existingSecret: "minio-root"`

			`## Path where PV would be mounted on the MinIO Pod`
update(s3) 2024-01-15 10:38:22 +00:00			`mountPath: "/data"`
add(minio): migration to official chart 2023-08-28 10:56:17 +00:00
			`# Number of drives attached to a node`
			`drivesPerNode: 1`
			`# Number of MinIO containers running`
			`replicas: 1`
			`# Number of expanded MinIO clusters`
			`pools: 1`

			`## TLS Settings for MinIO`
			`tls:`
			`enabled: false`

			`## Enable persistence using Persistent Volume Claims`
			`## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/`
			`##`
			`persistence:`
			`enabled: true`

change(s3): use local-path instead of ssd 2024-01-15 10:32:23 +00:00			`storageClass: "local-path"`
add(minio): migration to official chart 2023-08-28 10:56:17 +00:00			`accessMode: ReadWriteOnce`
			`size: 200Gi`

			`ingress:`
			`enabled: true`
			`ingressClassName: ~`
			`annotations:`
			`cert-manager.io/cluster-issuer: vault-issuer`
fix(s3): proxy body size 2024-01-16 12:11:03 +00:00			`nginx.ingress.kubernetes.io/proxy-body-size: "0"`
add(minio): migration to official chart 2023-08-28 10:56:17 +00:00			`path: /`
			`hosts:`
			`- s3.dc`
			`tls:`
			`- secretName: minio-s3-tls`
			`hosts:`
			`- s3.dc`

			`consoleIngress:`
			`enabled: true`
			`ingressClassName: ~`
			`annotations:`
			`cert-manager.io/cluster-issuer: vault-issuer`
			`path: /`
			`hosts:`
			`- minio-console.dc`
			`tls:`
			`- secretName: minio-console-tls`
			`hosts:`
			`- minio-console.dc`

			`securityContext:`
			`enabled: true`
			`runAsUser: 1000`
			`runAsGroup: 1000`
			`fsGroup: 1000`
			`fsGroupChangePolicy: "OnRootMismatch"`

			`## Configure resource requests and limits`
			`## ref: http://kubernetes.io/docs/user-guide/compute-resources/`
			`##`
			`resources:`
			`requests:`
			`memory: 200Mi`

			`## List of policies to be created after minio install`
			`##`
			`## In addition to default policies [readonly\|readwrite\|writeonly\|consoleAdmin\|diagnostics]`
			`## you can define additional policies with custom supported actions and resources`
			`policies: []`
			`## writeexamplepolicy policy grants creation or deletion of buckets with name`
			`## starting with example. In addition, grants objects write permissions on buckets starting with`
			`## example.`
			`# - name: writeexamplepolicy`
			`# statements:`
			`# - resources:`
			`# - 'arn:aws:s3:::example/'`
			`# actions:`
			`# - "s3:AbortMultipartUpload"`
			`# - "s3:GetObject"`
			`# - "s3:DeleteObject"`
			`# - "s3:PutObject"`
			`# - "s3:ListMultipartUploadParts"`
			`# - resources:`
			`# - 'arn:aws:s3:::example*'`
			`# actions:`
			`# - "s3:CreateBucket"`
			`# - "s3:DeleteBucket"`
			`# - "s3:GetBucketLocation"`
			`# - "s3:ListBucket"`
			`# - "s3:ListBucketMultipartUploads"`
			`## readonlyexamplepolicy policy grants access to buckets with name starting with example.`
			`## In addition, grants objects read permissions on buckets starting with example.`
			`# - name: readonlyexamplepolicy`
			`# statements:`
			`# - resources:`
			`# - 'arn:aws:s3:::example/'`
			`# actions:`
			`# - "s3:GetObject"`
			`# - resources:`
			`# - 'arn:aws:s3:::example*'`
			`# actions:`
			`# - "s3:GetBucketLocation"`
			`# - "s3:ListBucket"`
			`# - "s3:ListBucketMultipartUploads"`
			`## conditionsexample policy creates all access to example bucket with aws:username="johndoe" and source ip range 10.0.0.0/8 and 192.168.0.0/24 only`
			`# - name: conditionsexample`
			`# statements:`
			`# - resources:`
			`# - 'arn:aws:s3:::example/*'`
			`# actions:`
			`# - 's3:*'`
			`# conditions:`
			`# - StringEquals: '"aws:username": "johndoe"'`
			`# - IpAddress: \|`
			`# "aws:SourceIp": [`
			`# "10.0.0.0/8",`
			`# "192.168.0.0/24"`
			`# ]`
			`#`
			`## Additional Annotations for the Kubernetes Job makePolicyJob`
			`makePolicyJob:`
			`securityContext:`
			`enabled: true`
			`runAsUser: 1000`
			`runAsGroup: 1000`
			`resources:`
			`requests:`
			`memory: 128Mi`
			`# Command to run after the main command on exit`
			`exitCommand: ""`

			`## List of users to be created after minio install`
			`##`
			`users: []`
			`## Username, password and policy to be assigned to the user`
			`## Default policies are [readonly\|readwrite\|writeonly\|consoleAdmin\|diagnostics]`
			`## Add new policies as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management.html#access-management`
			`## NOTE: this will fail if LDAP is enabled in your MinIO deployment`
			`## make sure to disable this if you are using LDAP.`
			`# - accessKey: console`
			`# secretKey: console123`
			`# policy: consoleAdmin`
			`# Or you can refer to specific secret`
			`#- accessKey: externalSecret`
			`# existingSecret: my-secret`
			`# existingSecretKey: password`
			`# policy: readonly`

			`## Additional Annotations for the Kubernetes Job makeUserJob`
			`makeUserJob:`
			`securityContext:`
			`enabled: false`
			`runAsUser: 1000`
			`runAsGroup: 1000`
			`resources:`
			`requests:`
			`memory: 128Mi`
			`# Command to run after the main command on exit`
			`exitCommand: ""`

			`## List of service accounts to be created after minio install`
			`##`
			`svcaccts: []`
			`## accessKey, secretKey and parent user to be assigned to the service accounts`
			`## Add new service accounts as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#service-accounts`
			`# - accessKey: console-svcacct`
			`# secretKey: console123`
			`# user: console`
			`## Or you can refer to specific secret`
			`# - accessKey: externalSecret`
			`# existingSecret: my-secret`
			`# existingSecretKey: password`
			`# user: console`
			`## You also can pass custom policy`
			`# - accessKey: console-svcacct`
			`# secretKey: console123`
			`# user: console`
			`# policy:`
			`# statements:`
			`# - resources:`
			`# - 'arn:aws:s3:::example/'`
			`# actions:`
			`# - "s3:AbortMultipartUpload"`
			`# - "s3:GetObject"`
			`# - "s3:DeleteObject"`
			`# - "s3:PutObject"`
			`# - "s3:ListMultipartUploadParts"`

			`makeServiceAccountJob:`
			`securityContext:`
			`enabled: true`
			`runAsUser: 1000`
			`runAsGroup: 1000`
			`resources:`
			`requests:`
			`memory: 128Mi`
			`# Command to run after the main command on exit`
			`exitCommand: ""`

			`## List of buckets to be created after minio install`
			`##`
			`buckets: []`
			`# # Name of the bucket`
			`# - name: bucket1`
			`# # Policy to be set on the`
			`# # bucket [none\|download\|upload\|public]`
			`# policy: none`
			`# # Purge if bucket exists already`
			`# purge: false`
			`# # set versioning for`
			`# # bucket [true\|false]`
			`# versioning: false`
			`# # set objectlocking for`
			`# # bucket [true\|false] NOTE: versioning is enabled by default if you use locking`
			`# objectlocking: false`
			`# - name: bucket2`
			`# policy: none`
			`# purge: false`
			`# versioning: true`
			`# # set objectlocking for`
			`# # bucket [true\|false] NOTE: versioning is enabled by default if you use locking`
			`# objectlocking: false`

			`## Additional Annotations for the Kubernetes Job makeBucketJob`
			`makeBucketJob:`
			`securityContext:`
			`enabled: false`
			`runAsUser: 1000`
			`runAsGroup: 1000`
			`resources:`
			`requests:`
			`memory: 128Mi`
			`# Command to run after the main command on exit`
			`exitCommand: ""`

			`## Use this field to add environment variables relevant to MinIO server. These fields will be passed on to MinIO container(s)`
			`## when Chart is deployed`
			`environment:`
			`## Please refer for comprehensive list https://min.io/docs/minio/linux/reference/minio-server/minio-server.html`
			`## MINIO_SUBNET_LICENSE: "License key obtained from https://subnet.min.io"`
			`## MINIO_BROWSER: "off"`

			`## The name of a secret in the same kubernetes namespace which contain secret values`
			`## This can be useful for LDAP password, etc`
			`## The key in the secret must be 'config.env'`
			`##`
			`extraSecret: ~`

			`podDisruptionBudget:`
			`enabled: false`

			`metrics:`
			`serviceMonitor:`
			`enabled: false`