image:
  repository: quay.io/minio/minio
  tag: RELEASE.2024-01-13T07-53-03Z
  pullPolicy: IfNotPresent

## Set default image, imageTag, and imagePullPolicy for the `mc` (the minio
## client used to create a default bucket).
##
mcImage:
  repository: quay.io/minio/mc
  tag: RELEASE.2024-01-13T08-44-48Z
  pullPolicy: IfNotPresent

## minio mode, i.e. standalone or distributed
mode: standalone ## other supported values are "standalone"

## Update strategy for Deployments
deploymentUpdate:
  type: RollingUpdate
  maxUnavailable: 0
  maxSurge: 100%

## Update strategy for StatefulSets
statefulSetUpdate:
  updateStrategy: RollingUpdate

## | Chart var             | .data.<key> in Secret    |
## |:----------------------|:-------------------------|
## | rootUser              | rootUser                 |
## | rootPassword          | rootPassword             |
##
## All mentioned variables will be ignored in values file.
## .data.rootUser and .data.rootPassword are mandatory,
## others depend on enabled status of corresponding sections.
existingSecret: "minio-root"

## Path where PV would be mounted on the MinIO Pod
mountPath: "/data"

# Number of drives attached to a node
drivesPerNode: 1
# Number of MinIO containers running
replicas: 1
# Number of expanded MinIO clusters
pools: 1

## TLS Settings for MinIO
tls:
  enabled: false

## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
  enabled: true

  storageClass: "local-path"
  accessMode: ReadWriteOnce
  size: 200Gi

ingress:
  enabled: true
  ingressClassName: ~
  annotations:
    cert-manager.io/cluster-issuer: vault-issuer
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
  path: /
  hosts:
    - s3.dc
  tls:
  - secretName: minio-s3-tls
    hosts:
      - s3.dc

consoleIngress:
  enabled: true
  ingressClassName: ~
  annotations:
    cert-manager.io/cluster-issuer: vault-issuer
  path: /
  hosts:
    - minio-console.dc
  tls:
  - secretName: minio-console-tls
    hosts:
      - minio-console.dc

securityContext:
  enabled: true
  runAsUser: 1000
  runAsGroup: 1000
  fsGroup: 1000
  fsGroupChangePolicy: "OnRootMismatch"

## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
  requests:
    memory: 200Mi

## List of policies to be created after minio install
##
## In addition to default policies [readonly|readwrite|writeonly|consoleAdmin|diagnostics]
## you can define additional policies with custom supported actions and resources
policies: []
## writeexamplepolicy policy grants creation or deletion of buckets with name
## starting with example. In addition, grants objects write permissions on buckets starting with
## example.
# - name: writeexamplepolicy
#   statements:
#     - resources:
#         - 'arn:aws:s3:::example*/*'
#       actions:
#         - "s3:AbortMultipartUpload"
#         - "s3:GetObject"
#         - "s3:DeleteObject"
#         - "s3:PutObject"
#         - "s3:ListMultipartUploadParts"
#     - resources:
#         - 'arn:aws:s3:::example*'
#       actions:
#         - "s3:CreateBucket"
#         - "s3:DeleteBucket"
#         - "s3:GetBucketLocation"
#         - "s3:ListBucket"
#         - "s3:ListBucketMultipartUploads"
## readonlyexamplepolicy policy grants access to buckets with name starting with example.
## In addition, grants objects read permissions on buckets starting with example.
# - name: readonlyexamplepolicy
#   statements:
#     - resources:
#         - 'arn:aws:s3:::example*/*'
#       actions:
#         - "s3:GetObject"
#     - resources:
#         - 'arn:aws:s3:::example*'
#       actions:
#         - "s3:GetBucketLocation"
#         - "s3:ListBucket"
#         - "s3:ListBucketMultipartUploads"
## conditionsexample policy creates all access to example bucket with aws:username="johndoe" and source ip range 10.0.0.0/8 and 192.168.0.0/24 only
# - name: conditionsexample
#   statements:
#     - resources:
#       - 'arn:aws:s3:::example/*'
#       actions:
#       - 's3:*'
#       conditions:
#         - StringEquals: '"aws:username": "johndoe"'
#         - IpAddress: |
#             "aws:SourceIp": [
#               "10.0.0.0/8",
#               "192.168.0.0/24"
#             ]
#
## Additional Annotations for the Kubernetes Job makePolicyJob
makePolicyJob:
  securityContext:
    enabled: true
    runAsUser: 1000
    runAsGroup: 1000
  resources:
    requests:
      memory: 128Mi
  # Command to run after the main command on exit
  exitCommand: ""

## List of users to be created after minio install
##
users: []
  ## Username, password and policy to be assigned to the user
  ## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics]
  ## Add new policies as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management.html#access-management
  ## NOTE: this will fail if LDAP is enabled in your MinIO deployment
  ## make sure to disable this if you are using LDAP.
  # - accessKey: console
  #   secretKey: console123
  #   policy: consoleAdmin
  # Or you can refer to specific secret
  #- accessKey: externalSecret
  #  existingSecret: my-secret
  #  existingSecretKey: password
  #  policy: readonly

## Additional Annotations for the Kubernetes Job makeUserJob
makeUserJob:
  securityContext:
    enabled: false
    runAsUser: 1000
    runAsGroup: 1000
  resources:
    requests:
      memory: 128Mi
  # Command to run after the main command on exit
  exitCommand: ""

## List of service accounts to be created after minio install
##
svcaccts: []
  ## accessKey, secretKey and parent user to be assigned to the service accounts
  ## Add new service accounts as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#service-accounts
  # - accessKey: console-svcacct
  #   secretKey: console123
  #   user: console
  ## Or you can refer to specific secret
  # - accessKey: externalSecret
  #   existingSecret: my-secret
  #   existingSecretKey: password
  #   user: console
  ## You also can pass custom policy
  # - accessKey: console-svcacct
  #   secretKey: console123
  #   user: console
  #   policy:
  #     statements:
  #       - resources:
  #           - 'arn:aws:s3:::example*/*'
  #         actions:
  #           - "s3:AbortMultipartUpload"
  #           - "s3:GetObject"
  #           - "s3:DeleteObject"
  #           - "s3:PutObject"
  #           - "s3:ListMultipartUploadParts"

makeServiceAccountJob:
  securityContext:
    enabled: true
    runAsUser: 1000
    runAsGroup: 1000
  resources:
    requests:
      memory: 128Mi
  # Command to run after the main command on exit
  exitCommand: ""

## List of buckets to be created after minio install
##
buckets: []
  #   # Name of the bucket
  # - name: bucket1
  #   # Policy to be set on the
  #   # bucket [none|download|upload|public]
  #   policy: none
  #   # Purge if bucket exists already
  #   purge: false
  #   # set versioning for
  #   # bucket [true|false]
  #   versioning: false
  #   # set objectlocking for
  #   # bucket [true|false] NOTE: versioning is enabled by default if you use locking
  #   objectlocking: false
  # - name: bucket2
  #   policy: none
  #   purge: false
  #   versioning: true
  #   # set objectlocking for
  #   # bucket [true|false] NOTE: versioning is enabled by default if you use locking
  #   objectlocking: false

## Additional Annotations for the Kubernetes Job makeBucketJob
makeBucketJob:
  securityContext:
    enabled: false
    runAsUser: 1000
    runAsGroup: 1000
  resources:
    requests:
      memory: 128Mi
  # Command to run after the main command on exit
  exitCommand: ""

## Use this field to add environment variables relevant to MinIO server. These fields will be passed on to MinIO container(s)
## when Chart is deployed
environment:
  ## Please refer for comprehensive list https://min.io/docs/minio/linux/reference/minio-server/minio-server.html
  ## MINIO_SUBNET_LICENSE: "License key obtained from https://subnet.min.io"
  ## MINIO_BROWSER: "off"

## The name of a secret in the same kubernetes namespace which contain secret values
## This can be useful for LDAP password, etc
## The key in the secret must be 'config.env'
##
extraSecret: ~

podDisruptionBudget:
  enabled: false

metrics:
  serviceMonitor:
    enabled: false