mirror of
https://github.com/nold360/hive-apps
synced 2025-01-18 12:16:24 +00:00
291 lines
8.2 KiB
YAML
291 lines
8.2 KiB
YAML
image:
|
|
repository: quay.io/minio/minio
|
|
tag: RELEASE.2024-01-13T07-53-03Z
|
|
pullPolicy: IfNotPresent
|
|
|
|
## Set default image, imageTag, and imagePullPolicy for the `mc` (the minio
|
|
## client used to create a default bucket).
|
|
##
|
|
mcImage:
|
|
repository: quay.io/minio/mc
|
|
tag: RELEASE.2024-01-13T08-44-48Z
|
|
pullPolicy: IfNotPresent
|
|
|
|
## minio mode, i.e. standalone or distributed
|
|
mode: standalone ## other supported values are "standalone"
|
|
|
|
## Update strategy for Deployments
|
|
deploymentUpdate:
|
|
type: RollingUpdate
|
|
maxUnavailable: 0
|
|
maxSurge: 100%
|
|
|
|
## Update strategy for StatefulSets
|
|
statefulSetUpdate:
|
|
updateStrategy: RollingUpdate
|
|
|
|
## | Chart var | .data.<key> in Secret |
|
|
## |:----------------------|:-------------------------|
|
|
## | rootUser | rootUser |
|
|
## | rootPassword | rootPassword |
|
|
##
|
|
## All mentioned variables will be ignored in values file.
|
|
## .data.rootUser and .data.rootPassword are mandatory,
|
|
## others depend on enabled status of corresponding sections.
|
|
existingSecret: "minio-root"
|
|
|
|
## Path where PV would be mounted on the MinIO Pod
|
|
mountPath: "/data"
|
|
|
|
# Number of drives attached to a node
|
|
drivesPerNode: 1
|
|
# Number of MinIO containers running
|
|
replicas: 1
|
|
# Number of expanded MinIO clusters
|
|
pools: 1
|
|
|
|
## TLS Settings for MinIO
|
|
tls:
|
|
enabled: false
|
|
|
|
## Enable persistence using Persistent Volume Claims
|
|
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
|
##
|
|
persistence:
|
|
enabled: true
|
|
|
|
storageClass: "local-path"
|
|
accessMode: ReadWriteOnce
|
|
size: 200Gi
|
|
|
|
ingress:
|
|
enabled: true
|
|
ingressClassName: ~
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: vault-issuer
|
|
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
|
path: /
|
|
hosts:
|
|
- s3.dc
|
|
tls:
|
|
- secretName: minio-s3-tls
|
|
hosts:
|
|
- s3.dc
|
|
|
|
consoleIngress:
|
|
enabled: true
|
|
ingressClassName: ~
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: vault-issuer
|
|
path: /
|
|
hosts:
|
|
- minio-console.dc
|
|
tls:
|
|
- secretName: minio-console-tls
|
|
hosts:
|
|
- minio-console.dc
|
|
|
|
securityContext:
|
|
enabled: true
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
fsGroupChangePolicy: "OnRootMismatch"
|
|
|
|
## Configure resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
requests:
|
|
memory: 200Mi
|
|
|
|
## List of policies to be created after minio install
|
|
##
|
|
## In addition to default policies [readonly|readwrite|writeonly|consoleAdmin|diagnostics]
|
|
## you can define additional policies with custom supported actions and resources
|
|
policies: []
|
|
## writeexamplepolicy policy grants creation or deletion of buckets with name
|
|
## starting with example. In addition, grants objects write permissions on buckets starting with
|
|
## example.
|
|
# - name: writeexamplepolicy
|
|
# statements:
|
|
# - resources:
|
|
# - 'arn:aws:s3:::example*/*'
|
|
# actions:
|
|
# - "s3:AbortMultipartUpload"
|
|
# - "s3:GetObject"
|
|
# - "s3:DeleteObject"
|
|
# - "s3:PutObject"
|
|
# - "s3:ListMultipartUploadParts"
|
|
# - resources:
|
|
# - 'arn:aws:s3:::example*'
|
|
# actions:
|
|
# - "s3:CreateBucket"
|
|
# - "s3:DeleteBucket"
|
|
# - "s3:GetBucketLocation"
|
|
# - "s3:ListBucket"
|
|
# - "s3:ListBucketMultipartUploads"
|
|
## readonlyexamplepolicy policy grants access to buckets with name starting with example.
|
|
## In addition, grants objects read permissions on buckets starting with example.
|
|
# - name: readonlyexamplepolicy
|
|
# statements:
|
|
# - resources:
|
|
# - 'arn:aws:s3:::example*/*'
|
|
# actions:
|
|
# - "s3:GetObject"
|
|
# - resources:
|
|
# - 'arn:aws:s3:::example*'
|
|
# actions:
|
|
# - "s3:GetBucketLocation"
|
|
# - "s3:ListBucket"
|
|
# - "s3:ListBucketMultipartUploads"
|
|
## conditionsexample policy creates all access to example bucket with aws:username="johndoe" and source ip range 10.0.0.0/8 and 192.168.0.0/24 only
|
|
# - name: conditionsexample
|
|
# statements:
|
|
# - resources:
|
|
# - 'arn:aws:s3:::example/*'
|
|
# actions:
|
|
# - 's3:*'
|
|
# conditions:
|
|
# - StringEquals: '"aws:username": "johndoe"'
|
|
# - IpAddress: |
|
|
# "aws:SourceIp": [
|
|
# "10.0.0.0/8",
|
|
# "192.168.0.0/24"
|
|
# ]
|
|
#
|
|
## Additional Annotations for the Kubernetes Job makePolicyJob
|
|
makePolicyJob:
|
|
securityContext:
|
|
enabled: true
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
resources:
|
|
requests:
|
|
memory: 128Mi
|
|
# Command to run after the main command on exit
|
|
exitCommand: ""
|
|
|
|
## List of users to be created after minio install
|
|
##
|
|
users: []
|
|
## Username, password and policy to be assigned to the user
|
|
## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics]
|
|
## Add new policies as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management.html#access-management
|
|
## NOTE: this will fail if LDAP is enabled in your MinIO deployment
|
|
## make sure to disable this if you are using LDAP.
|
|
# - accessKey: console
|
|
# secretKey: console123
|
|
# policy: consoleAdmin
|
|
# Or you can refer to specific secret
|
|
#- accessKey: externalSecret
|
|
# existingSecret: my-secret
|
|
# existingSecretKey: password
|
|
# policy: readonly
|
|
|
|
## Additional Annotations for the Kubernetes Job makeUserJob
|
|
makeUserJob:
|
|
securityContext:
|
|
enabled: false
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
resources:
|
|
requests:
|
|
memory: 128Mi
|
|
# Command to run after the main command on exit
|
|
exitCommand: ""
|
|
|
|
## List of service accounts to be created after minio install
|
|
##
|
|
svcaccts: []
|
|
## accessKey, secretKey and parent user to be assigned to the service accounts
|
|
## Add new service accounts as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#service-accounts
|
|
# - accessKey: console-svcacct
|
|
# secretKey: console123
|
|
# user: console
|
|
## Or you can refer to specific secret
|
|
# - accessKey: externalSecret
|
|
# existingSecret: my-secret
|
|
# existingSecretKey: password
|
|
# user: console
|
|
## You also can pass custom policy
|
|
# - accessKey: console-svcacct
|
|
# secretKey: console123
|
|
# user: console
|
|
# policy:
|
|
# statements:
|
|
# - resources:
|
|
# - 'arn:aws:s3:::example*/*'
|
|
# actions:
|
|
# - "s3:AbortMultipartUpload"
|
|
# - "s3:GetObject"
|
|
# - "s3:DeleteObject"
|
|
# - "s3:PutObject"
|
|
# - "s3:ListMultipartUploadParts"
|
|
|
|
makeServiceAccountJob:
|
|
securityContext:
|
|
enabled: true
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
resources:
|
|
requests:
|
|
memory: 128Mi
|
|
# Command to run after the main command on exit
|
|
exitCommand: ""
|
|
|
|
## List of buckets to be created after minio install
|
|
##
|
|
buckets: []
|
|
# # Name of the bucket
|
|
# - name: bucket1
|
|
# # Policy to be set on the
|
|
# # bucket [none|download|upload|public]
|
|
# policy: none
|
|
# # Purge if bucket exists already
|
|
# purge: false
|
|
# # set versioning for
|
|
# # bucket [true|false]
|
|
# versioning: false
|
|
# # set objectlocking for
|
|
# # bucket [true|false] NOTE: versioning is enabled by default if you use locking
|
|
# objectlocking: false
|
|
# - name: bucket2
|
|
# policy: none
|
|
# purge: false
|
|
# versioning: true
|
|
# # set objectlocking for
|
|
# # bucket [true|false] NOTE: versioning is enabled by default if you use locking
|
|
# objectlocking: false
|
|
|
|
## Additional Annotations for the Kubernetes Job makeBucketJob
|
|
makeBucketJob:
|
|
securityContext:
|
|
enabled: false
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
resources:
|
|
requests:
|
|
memory: 128Mi
|
|
# Command to run after the main command on exit
|
|
exitCommand: ""
|
|
|
|
## Use this field to add environment variables relevant to MinIO server. These fields will be passed on to MinIO container(s)
|
|
## when Chart is deployed
|
|
environment:
|
|
## Please refer for comprehensive list https://min.io/docs/minio/linux/reference/minio-server/minio-server.html
|
|
## MINIO_SUBNET_LICENSE: "License key obtained from https://subnet.min.io"
|
|
## MINIO_BROWSER: "off"
|
|
|
|
## The name of a secret in the same kubernetes namespace which contain secret values
|
|
## This can be useful for LDAP password, etc
|
|
## The key in the secret must be 'config.env'
|
|
##
|
|
extraSecret: ~
|
|
|
|
podDisruptionBudget:
|
|
enabled: false
|
|
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: false
|