diff --git a/.github/workflows/dev-release.yaml b/.github/workflows/dev-release.yaml index 9360f9782..836634c1d 100644 --- a/.github/workflows/dev-release.yaml +++ b/.github/workflows/dev-release.yaml @@ -1,11 +1,11 @@ ## For each release, the value of name, branches, RELEASE_NAME and PR_NUMBER need to be adjusted accordingly ## For each release, update lib/config.js: version and releaseBranch -name: TFRS Dev release-2.15.0 +name: TFRS Dev release-2.16.0 on: push: - branches: [ release-2.15.0 ] + branches: [ release-2.16.0 ] paths: - frontend/** - backend/** @@ -15,8 +15,8 @@ on: env: ## The pull request number of the Tracking pull request to merge the release branch to main ## Also remember to update the version in .pipeline/lib/config.js - PR_NUMBER: 2828 - RELEASE_NAME: release-2.15.0 + PR_NUMBER: 2836 + RELEASE_NAME: release-2.16.0 concurrency: group: ${{ github.workflow }}-${{ github.ref }} diff --git a/.github/workflows/tfrs-release.yaml b/.github/workflows/tfrs-release.yaml index d5709b4bd..f9989da47 100644 --- a/.github/workflows/tfrs-release.yaml +++ b/.github/workflows/tfrs-release.yaml @@ -1,7 +1,7 @@ ## For each release, the value of name, branches, RELEASE_NAME and PR_NUMBER need to be adjusted accordingly ## For each release, update lib/config.js: version and releaseBranch -name: TFRS release-2.15.0 +name: TFRS release-2.16.0 on: workflow_dispatch: @@ -10,8 +10,8 @@ on: env: ## The pull request number of the Tracking pull request to merge the release branch to main ## Also remember to update the version in .pipeline/lib/config.js - PR_NUMBER: 2828 - RELEASE_NAME: release-2.15.0 + PR_NUMBER: 2836 + RELEASE_NAME: release-2.16.0 concurrency: group: ${{ github.workflow }}-${{ github.ref }} diff --git a/.pipeline/lib/config.js b/.pipeline/lib/config.js index 3874b12fb..d04b647af 100644 --- a/.pipeline/lib/config.js +++ b/.pipeline/lib/config.js @@ -1,7 +1,7 @@ 'use strict'; const options= require('@bcgov/pipeline-cli').Util.parseArguments() const changeId = options.pr //aka pull-request -const version = '2.15.0' +const version = '2.16.0' const name = 'tfrs' const ocpName = 'apps.silver.devops' @@ -13,7 +13,7 @@ options.git.repository='tfrs' const phases = { build: { namespace:'0ab226-tools' , name: `${name}`, phase: 'build' , changeId:changeId, suffix: `-build-${changeId}` , instance: `${name}-build-${changeId}` , version:`${version}-${changeId}`, tag:`build-${version}-${changeId}`, - releaseBranch: 'release-2.15.0' + releaseBranch: 'release-2.16.0' }, dev: {namespace:'0ab226-dev' , name: `${name}`, phase: 'dev' , changeId:changeId, suffix: `-dev` , instance: `${name}-dev` , version:`${version}`, tag:`dev-${version}`, dbServiceName: 'tfrs-spilo', diff --git a/charts/tfrs-minio/readme.txt b/charts/tfrs-minio/readme.txt new file mode 100644 index 000000000..1c3a757a7 --- /dev/null +++ b/charts/tfrs-minio/readme.txt @@ -0,0 +1,6 @@ +Add the following two keys to tfrs-minio-[env] secret + root-user + root-password +helm -n namespace -f ./values-dev.yaml install tfrs-minio oci://registry-1.docker.io/bitnamicharts/minio --version 13.6.2 +Create Opensift route tfrs-minio-console-test +Update the existing route tfrs-minio-test to use the newly created service tfrs-minio api port \ No newline at end of file diff --git a/charts/tfrs-minio/values-dev.yaml b/charts/tfrs-minio/values-dev.yaml new file mode 100644 index 000000000..75bc316bb --- /dev/null +++ b/charts/tfrs-minio/values-dev.yaml @@ -0,0 +1,1196 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## e.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" +## @section Common parameters + +## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) +## +nameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: "" +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param clusterDomain Default Kubernetes cluster domain +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## @section MinIO® parameters + +## Bitnami MinIO® image version +## ref: https://hub.docker.com/r/bitnami/minio/tags/ +## @param image.registry [default: REGISTRY_NAME] MinIO® image registry +## @param image.repository [default: REPOSITORY_NAME/minio] MinIO® image repository +## @skip image.tag MinIO® image tag (immutable tags are recommended) +## @param image.digest MinIO® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy Image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Specify if debug logs should be enabled +## +image: + registry: docker.io + repository: bitnami/minio + tag: 2024.2.17-debian-12-r2 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false +## Bitnami MinIO® Client image version +## ref: https://hub.docker.com/r/bitnami/minio-client/tags/ +## @param clientImage.registry [default: REGISTRY_NAME] MinIO® Client image registry +## @param clientImage.repository [default: REPOSITORY_NAME/minio-client] MinIO® Client image repository +## @skip clientImage.tag MinIO® Client image tag (immutable tags are recommended) +## @param clientImage.digest MinIO® Client image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## +clientImage: + registry: docker.io + repository: bitnami/minio-client + tag: 2024.2.16-debian-12-r2 + digest: "" +## @param mode MinIO® server mode (`standalone` or `distributed`) +## ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide +## +mode: standalone +## MinIO® authentication parameters +## +auth: + ## @param auth.rootUser MinIO® root username + ## + rootUser: admin + ## @param auth.rootPassword Password for MinIO® root user + ## + rootPassword: "" + ## @param auth.existingSecret Use existing secret for credentials details (`auth.rootUser` and `auth.rootPassword` will be ignored and picked up from this secret). The secret has to contain the keys `root-user` and `root-password`) + ## + existingSecret: "tfrs-minio-dev" + ## @param auth.forcePassword Force users to specify required passwords + ## + forcePassword: false + ## @param auth.useCredentialsFiles Mount credentials as a files instead of using an environment variable + ## + useCredentialsFiles: false + ## @param auth.forceNewKeys Force root credentials (user and password) to be reconfigured every time they change in the secrets + ## + forceNewKeys: false +## @param defaultBuckets Comma, semi-colon or space separated list of buckets to create at initialization (only in standalone mode) +## e.g: +## defaultBuckets: "my-bucket, my-second-bucket" +## +defaultBuckets: "" +## @param disableWebUI Disable MinIO® Web UI +## ref: https://github.com/minio/minio/tree/master/docs/config/#browser +## +disableWebUI: false +## Enable tls in front of MinIO® containers. +## +tls: + ## @param tls.enabled Enable tls in front of the container + ## + enabled: false + ## @param tls.autoGenerated Generate automatically self-signed TLS certificates + ## + autoGenerated: false + ## @param tls.existingSecret Name of an existing secret holding the certificate information + ## + existingSecret: "" + ## @param tls.mountPath The mount path where the secret will be located + ## Custom mount path where the certificates will be located, if empty will default to /certs + mountPath: "" +## @param extraEnvVars Extra environment variables to be set on MinIO® container +## e.g: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## @param extraEnvVarsCM ConfigMap with extra environment variables +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Secret with extra environment variables +## +extraEnvVarsSecret: "" +## @param command Default container command (useful when using custom images). Use array form +## +command: [] +## @param args Default container args (useful when using custom images). Use array form +## +args: [] +## @section MinIO® deployment/statefulset parameters + +## @param schedulerName Specifies the schedulerName, if it's nil uses kube-scheduler +## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param terminationGracePeriodSeconds In seconds, time the given to the MinIO pod needs to terminate gracefully +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +terminationGracePeriodSeconds: "" +## MinIO® deployment parameters +## Only when 'mode' is 'standalone' +## +deployment: + ## @param deployment.updateStrategy.type Deployment strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## e.g: + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## + updateStrategy: + type: Recreate +## MinIO® statefulset parameters +## Only when mode is 'distributed' +## +statefulset: + ## @param statefulset.updateStrategy.type StatefulSet strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## e.g: + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## + updateStrategy: + type: RollingUpdate + ## @param statefulset.podManagementPolicy StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel + ## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy + ## + podManagementPolicy: Parallel + ## @param statefulset.replicaCount Number of pods per zone (only for MinIO® distributed mode). Should be even and `>= 4` + ## + replicaCount: 4 + ## @param statefulset.zones Number of zones (only for MinIO® distributed mode) + ## + zones: 1 + ## @param statefulset.drivesPerNode Number of drives attached to every node (only for MinIO® distributed mode) + ## + drivesPerNode: 1 +## MinIO® provisioning +## +provisioning: + ## @param provisioning.enabled Enable MinIO® provisioning Job + ## + enabled: false + ## @param provisioning.schedulerName Name of the k8s scheduler (other than default) for MinIO® provisioning + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param provisioning.nodeSelector Node labels for pod assignment. Evaluated as a template. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/ + ## + nodeSelector: {} + ## @param provisioning.podLabels Extra labels for provisioning pods + ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param provisioning.podAnnotations Provisioning Pod annotations. + ## + podAnnotations: {} + ## @param provisioning.command Default provisioning container command (useful when using custom images). Use array form + ## + command: [] + ## @param provisioning.args Default provisioning container args (useful when using custom images). Use array form + ## + args: [] + ## @param provisioning.extraCommands Optionally specify extra list of additional commands for MinIO® provisioning pod + ## + extraCommands: [] + ## @param provisioning.extraVolumes Optionally specify extra list of additional volumes for MinIO® provisioning pod + ## + extraVolumes: [] + ## @param provisioning.extraVolumeMounts Optionally specify extra list of additional volumeMounts for MinIO® provisioning container + ## + extraVolumeMounts: [] + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param provisioning.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if provisioning.resources is set (provisioning.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param provisioning.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param provisioning.policies MinIO® policies provisioning + ## https://docs.min.io/docs/minio-admin-complete-guide.html#policy + ## e.g. + ## policies: + ## - name: custom-bucket-specific-policy + ## statements: + ## - resources: + ## - "arn:aws:s3:::my-bucket" + ## actions: + ## - "s3:GetBucketLocation" + ## - "s3:ListBucket" + ## - "s3:ListBucketMultipartUploads" + ## - resources: + ## - "arn:aws:s3:::my-bucket/*" + ## # Allowed values: "Allow" | "Deny" + ## # Defaults to "Deny" if not specified + ## effect: "Allow" + ## actions: + ## - "s3:AbortMultipartUpload" + ## - "s3:DeleteObject" + ## - "s3:GetObject" + ## - "s3:ListMultipartUploadParts" + ## - "s3:PutObject" + policies: [] + ## @param provisioning.users MinIO® users provisioning. Can be used in addition to provisioning.usersExistingSecrets. + ## https://docs.min.io/docs/minio-admin-complete-guide.html#user + ## e.g. + ## users: + ## - username: test-username + ## password: test-password + ## disabled: false + ## policies: + ## - readwrite + ## - consoleAdmin + ## - diagnostics + ## # When set to true, it will replace all policies with the specified. + ## # When false, the policies will be added to the existing. + ## setPolicies: false + users: [] + ## @param provisioning.usersExistingSecrets Array if existing secrets containing MinIO® users to be provisioned. Can be used in addition to provisioning.users. + ## https://docs.min.io/docs/minio-admin-complete-guide.html#user + ## + ## Instead of configuring users inside values.yaml, referring to existing Kubernetes secrets containing user + ## configurations is possible. + ## e.g. + ## usersExistingSecrets: + ## - centralized-minio-users + ## + ## All provided Kubernetes secrets require a specific data structure. The same data from the provisioning.users example above + ## can be defined via secrets with the following data structure. The secret keys have no meaning to the provisioning job except that + ## they are used as filenames. + ## ## apiVersion: v1 + ## ## kind: Secret + ## ## metadata: + ## ## name: centralized-minio-users + ## ## type: Opaque + ## ## stringData: + ## ## username1: | + ## ## username=test-username + ## ## password=test-password + ## ## disabled=false + ## ## policies=readwrite,consoleAdmin,diagnostics + ## ## setPolicies=false + usersExistingSecrets: [] + ## @param provisioning.groups MinIO® groups provisioning + ## https://docs.min.io/docs/minio-admin-complete-guide.html#group + ## e.g. + ## groups + ## - name: test-group + ## disabled: false + ## members: + ## - test-username + ## policies: + ## - readwrite + ## # When set to true, it will replace all policies with the specified. + ## # When false, the policies will be added to the existing. + ## setPolicies: false + groups: [] + ## @param provisioning.buckets MinIO® buckets, versioning, lifecycle, quota and tags provisioning + ## Buckets https://docs.min.io/docs/minio-client-complete-guide.html#mb + ## Lifecycle https://docs.min.io/docs/minio-client-complete-guide.html#ilm + ## Quotas https://docs.min.io/docs/minio-admin-complete-guide.html#bucket + ## Tags https://docs.min.io/docs/minio-client-complete-guide.html#tag + ## Versioning https://docs.min.io/docs/minio-client-complete-guide.html#version + ## e.g. + ## buckets: + ## - name: test-bucket + ## region: us-east-1 + ## # Only when mode is 'distributed' + ## # Allowed values: "Versioned" | "Suspended" | "Unchanged" + ## # Defaults to "Suspended" if not specified. + ## # For compatibility, accepts boolean values as well, where true maps + ## # to "Versioned" and false to "Suspended". + ## # ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide + ## versioning: Suspended + ## # Versioning is automatically enabled if withLock is true + ## # ref: https://docs.min.io/docs/minio-bucket-versioning-guide.html + ## withLock: true + ## # Only when mode is 'distributed' + ## # ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide + ## lifecycle: + ## - id: TestPrefix7dRetention + ## prefix: test-prefix + ## disabled: false + ## expiry: + ## days: 7 + ## # Days !OR! date + ## # date: "2021-11-11T00:00:00Z" + ## nonconcurrentDays: 3 + ## # Only when mode is 'distributed' + ## # ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide + ## quota: + ## # set (hard still works as an alias but is deprecated) or clear(+ omit size) + ## type: set + ## size: 10GiB + ## tags: + ## key1: value1 + buckets: [] + ## @param provisioning.config MinIO® config provisioning + ## https://docs.min.io/docs/minio-server-configuration-guide.html + ## e.g. + ## config: + ## - name: region + ## options: + ## name: us-east-1 + config: [] + ## MinIO® pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param provisioning.podSecurityContext.enabled Enable pod Security Context + ## @param provisioning.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param provisioning.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param provisioning.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param provisioning.podSecurityContext.fsGroup Group ID for the container + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## MinIO® container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param provisioning.containerSecurityContext.enabled Enabled containers' Security Context + ## @param provisioning.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param provisioning.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param provisioning.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param provisioning.containerSecurityContext.privileged Set container's Security Context privileged + ## @param provisioning.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param provisioning.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param provisioning.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param provisioning.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: null + runAsUser: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Automatic Cleanup for Finished Jobs + ## @param provisioning.cleanupAfterFinished.enabled Enables Cleanup for Finished Jobs + ## @param provisioning.cleanupAfterFinished.seconds Sets the value of ttlSecondsAfterFinished + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ + ## + cleanupAfterFinished: + enabled: false + seconds: 600 +## @param automountServiceAccountToken Mount Service Account token in pod +## +automountServiceAccountToken: false +## @param hostAliases MinIO® pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param containerPorts.api MinIO® container port to open for MinIO® API +## @param containerPorts.console MinIO® container port to open for MinIO® Console +## +containerPorts: + api: 9000 + console: 9001 +## MinIO® pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enable pod Security Context +## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface +## @param podSecurityContext.supplementalGroups Set filesystem extra groups +## @param podSecurityContext.fsGroup Group ID for the container +## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy +## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface +## @param podSecurityContext.supplementalGroups Set filesystem extra groups +## @param podSecurityContext.fsGroupChangePolicy When K8s should preform chown on attached volumes +## +podSecurityContext: + enabled: false + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" +## MinIO® container Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled containers' Security Context +## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container +## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot +## @param containerSecurityContext.privileged Set container's Security Context privileged +## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem +## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation +## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped +## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile +## +containerSecurityContext: + enabled: false + seLinuxOptions: null + runAsUser: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" +## @param podLabels Extra labels for MinIO® pods +## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations Annotations for MinIO® pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +## +nodeSelector: {} +## @param tolerations Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param topologySpreadConstraints Topology Spread Constraints for MinIO® pods assignment spread across your cluster among failure-domains +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods +## +topologySpreadConstraints: [] +## @param priorityClassName MinIO® pods' priorityClassName +## +priorityClassName: "" +## @param runtimeClassName Name of the runtime class to be used by MinIO® pods' +## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ +## +runtimeClassName: "" +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 +## +resourcesPreset: "none" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: + requests: + cpu: 50m + memory: 150Mi + limits: + cpu: 100m + memory: 300Mi +## Configure extra options for liveness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 45 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 10 +## Configure extra options for readiness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 10 +## Configure extra options for startupProbe probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 60 +## @param customLivenessProbe Override default liveness probe +## +customLivenessProbe: {} +## @param customReadinessProbe Override default readiness probe +## +customReadinessProbe: {} +## @param customStartupProbe Override default startup probe +## +customStartupProbe: {} +## @param lifecycleHooks for the MinIO® container(s) to automate configuration before or after startup +## +lifecycleHooks: {} +## @param extraVolumes Optionally specify extra list of additional volumes for MinIO® pods +## +extraVolumes: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for MinIO® container(s) +## +extraVolumeMounts: [] +## @param initContainers Add additional init containers to the MinIO® pods +## e.g: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: [] +## @param sidecars Add additional sidecar containers to the MinIO® pods +## e.g: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: [] +## @section Traffic exposure parameters + +## MinIO® Service properties +## +service: + ## @param service.type MinIO® service type + ## + type: ClusterIP + ## @param service.ports.api MinIO® API service port + ## @param service.ports.console MinIO® Console service port + ## + ports: + api: 9000 + console: 9001 + ## @param service.nodePorts.api Specify the MinIO® API nodePort value for the LoadBalancer and NodePort service types + ## @param service.nodePorts.console Specify the MinIO® Console nodePort value for the LoadBalancer and NodePort service types + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + api: "" + console: "" + ## @param service.clusterIP Service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer` (optional, cloud specific) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.annotations Annotations for MinIO® service + ## This can be used to set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## Headless service properties + ## + headless: + ## @param service.headless.annotations Annotations for the headless service. + ## + annotations: {} +## Configure the ingress resource that allows you to access the +## MinIO® Console. Set up the URL +## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## +ingress: + ## @param ingress.enabled Enable ingress controller resource for MinIO Console + ## + enabled: false + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster. + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.hostname Default host for the ingress resource + ## + hostname: minio.local + ## @param ingress.path The Path to MinIO®. You may need to set this to '/*' in order to use this with ALB ingress controllers. + ## + path: / + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.servicePort Service port to be used + ## Default is http. Alternative is https. + ## + servicePort: minio-console + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.tls Enable TLS configuration for the hostname defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## e.g: + ## extraHosts: + ## - name: minio.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths Any additional paths that may need to be added to the ingress under the main host + ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - minio.local + ## secretName: minio.local-tls + ## + extraTls: [] + ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate are expected in PEM format + ## name should line up with a secretName set further up + ## + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## + ## Example + ## secrets: + ## - name: minio.local-tls + ## key: "" + ## certificate: "" + ## + secrets: [] + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] +## Configure the ingress resource that allows you to access the +## MinIO® API. Set up the URL +## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## +apiIngress: + ## @param apiIngress.enabled Enable ingress controller resource for MinIO API + ## + enabled: false + ## @param apiIngress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param apiIngress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster. + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param apiIngress.hostname Default host for the ingress resource + ## + hostname: minio.local + ## @param apiIngress.path The Path to MinIO®. You may need to set this to '/*' in order to use this with ALB ingress controllers. + ## + path: / + ## @param apiIngress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param apiIngress.servicePort Service port to be used + ## Default is http. Alternative is https. + ## + servicePort: minio-api + ## @param apiIngress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param apiIngress.tls Enable TLS configuration for the hostname defined at `apiIngress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.apiIngress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param apiIngress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param apiIngress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## e.g: + ## extraHosts: + ## - name: minio.local + ## path: / + ## + extraHosts: [] + ## @param apiIngress.extraPaths Any additional paths that may need to be added to the ingress under the main host + ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param apiIngress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - minio.local + ## secretName: minio.local-tls + ## + extraTls: [] + ## @param apiIngress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate are expected in PEM format + ## name should line up with a secretName set further up + ## + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## + ## Example + ## secrets: + ## - name: minio.local-tls + ## key: "" + ## certificate: "" + ## + secrets: [] + ## @param apiIngress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] +## Network Policy configuration +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: false + ## @param networkPolicy.allowExternal The Policy model to apply + ## When set to false, only pods with the correct client label will have network access to the ports Keycloak is + ## listening on. When true, Keycloak will accept connections from any source (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable MinIO® data persistence using PVC. If false, use emptyDir + ## + enabled: true + ## @param persistence.storageClass PVC Storage Class for MinIO® data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param persistence.mountPath Data volume mount path + ## + mountPath: /bitnami/minio/data + ## @param persistence.accessModes PVC Access Modes for MinIO® data volume + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size PVC Storage Request for MinIO® data volume + ## + size: 200Mi + ## @param persistence.annotations Annotations for the PVC + ## + annotations: {} + ## @param persistence.existingClaim Name of an existing PVC to use (only in `standalone` mode) + ## + existingClaim: "" +## @section Volume Permissions parameters + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` + ## + enabled: false + ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry + ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository + ## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) + ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 12-debian-12-r16 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container' resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Init container' Security Context + ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser + ## and not the below volumePermissions.containerSecurityContext.runAsUser + ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container + ## + containerSecurityContext: + seLinuxOptions: null + runAsUser: 0 +## @section RBAC parameters + +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + ## @param serviceAccount.create Enable the creation of a ServiceAccount for MinIO® pods + ## + create: true + ## @param serviceAccount.name Name of the created ServiceAccount + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token + ## + automountServiceAccountToken: false + ## @param serviceAccount.annotations Custom annotations for MinIO® ServiceAccount + ## + annotations: {} +## @section Other parameters + +## MinIO® Pod Disruption Budget configuration in distributed mode. +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Enable/disable a Pod Disruption Budget creation + ## + create: false + ## @param pdb.minAvailable Minimum number/percentage of pods that must still be available after the eviction + ## + minAvailable: 1 + ## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable after the eviction + ## + maxUnavailable: "" +## @section Metrics parameters +metrics: + ## @param metrics.prometheusAuthType Authentication mode for Prometheus (`jwt` or `public`) + ## To allow public access without authentication for prometheus metrics set environment as follows. + ## + prometheusAuthType: public + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in + ## + namespace: "" + ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## DEPRECATED metrics.serviceMonitor.path - please use `metrics.serviceMonitor.paths` instead + ## + ## path: /minio/v2/metrics/cluster + ## @param metrics.serviceMonitor.paths HTTP paths to scrape for metrics + ## + paths: + - /minio/v2/metrics/cluster + - /minio/v2/metrics/node + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## e.g: + ## scrapeTimeout: 30s + scrapeTimeout: "" + ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.relabelings Metrics relabelings to add to the scrape endpoint, applied before scraping + ## + relabelings: [] + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## + selector: {} + ## @param metrics.serviceMonitor.apiVersion ApiVersion for the serviceMonitor Resource (defaults to "monitoring.coreos.com/v1") + apiVersion: "" + ## @param metrics.serviceMonitor.tlsConfig Additional TLS configuration for metrics endpoint with "https" scheme + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.TLSConfig + tlsConfig: {} + ## Prometheus Operator PrometheusRule configuration + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Create a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) + ## + enabled: false + ## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace) + ## + namespace: "" + ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so PrometheusRule will be discovered by Prometheus + ## + additionalLabels: {} + ## @param metrics.prometheusRule.rules Prometheus Rule definitions + # - alert: minio cluster nodes offline + # annotations: + # summary: "minio cluster nodes offline" + # description: "minio cluster nodes offline, pod {{`{{`}} $labels.pod {{`}}`}} service {{`{{`}} $labels.job {{`}}`}} offline" + # for: 10m + # expr: minio_cluster_nodes_offline_total > 0 + # labels: + # severity: critical + # group: PaaS + ## + rules: [] diff --git a/charts/tfrs-minio/values-original.yaml b/charts/tfrs-minio/values-original.yaml new file mode 100644 index 000000000..c4315eea7 --- /dev/null +++ b/charts/tfrs-minio/values-original.yaml @@ -0,0 +1,1190 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## e.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" +## @section Common parameters + +## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) +## +nameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: "" +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param clusterDomain Default Kubernetes cluster domain +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## @section MinIO® parameters + +## Bitnami MinIO® image version +## ref: https://hub.docker.com/r/bitnami/minio/tags/ +## @param image.registry [default: REGISTRY_NAME] MinIO® image registry +## @param image.repository [default: REPOSITORY_NAME/minio] MinIO® image repository +## @skip image.tag MinIO® image tag (immutable tags are recommended) +## @param image.digest MinIO® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy Image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Specify if debug logs should be enabled +## +image: + registry: docker.io + repository: bitnami/minio + tag: 2024.2.17-debian-12-r2 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false +## Bitnami MinIO® Client image version +## ref: https://hub.docker.com/r/bitnami/minio-client/tags/ +## @param clientImage.registry [default: REGISTRY_NAME] MinIO® Client image registry +## @param clientImage.repository [default: REPOSITORY_NAME/minio-client] MinIO® Client image repository +## @skip clientImage.tag MinIO® Client image tag (immutable tags are recommended) +## @param clientImage.digest MinIO® Client image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## +clientImage: + registry: docker.io + repository: bitnami/minio-client + tag: 2024.2.16-debian-12-r2 + digest: "" +## @param mode MinIO® server mode (`standalone` or `distributed`) +## ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide +## +mode: standalone +## MinIO® authentication parameters +## +auth: + ## @param auth.rootUser MinIO® root username + ## + rootUser: admin + ## @param auth.rootPassword Password for MinIO® root user + ## + rootPassword: "" + ## @param auth.existingSecret Use existing secret for credentials details (`auth.rootUser` and `auth.rootPassword` will be ignored and picked up from this secret). The secret has to contain the keys `root-user` and `root-password`) + ## + existingSecret: "" + ## @param auth.forcePassword Force users to specify required passwords + ## + forcePassword: false + ## @param auth.useCredentialsFiles Mount credentials as a files instead of using an environment variable + ## + useCredentialsFiles: false + ## @param auth.forceNewKeys Force root credentials (user and password) to be reconfigured every time they change in the secrets + ## + forceNewKeys: false +## @param defaultBuckets Comma, semi-colon or space separated list of buckets to create at initialization (only in standalone mode) +## e.g: +## defaultBuckets: "my-bucket, my-second-bucket" +## +defaultBuckets: "" +## @param disableWebUI Disable MinIO® Web UI +## ref: https://github.com/minio/minio/tree/master/docs/config/#browser +## +disableWebUI: false +## Enable tls in front of MinIO® containers. +## +tls: + ## @param tls.enabled Enable tls in front of the container + ## + enabled: false + ## @param tls.autoGenerated Generate automatically self-signed TLS certificates + ## + autoGenerated: false + ## @param tls.existingSecret Name of an existing secret holding the certificate information + ## + existingSecret: "" + ## @param tls.mountPath The mount path where the secret will be located + ## Custom mount path where the certificates will be located, if empty will default to /certs + mountPath: "" +## @param extraEnvVars Extra environment variables to be set on MinIO® container +## e.g: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## @param extraEnvVarsCM ConfigMap with extra environment variables +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Secret with extra environment variables +## +extraEnvVarsSecret: "" +## @param command Default container command (useful when using custom images). Use array form +## +command: [] +## @param args Default container args (useful when using custom images). Use array form +## +args: [] +## @section MinIO® deployment/statefulset parameters + +## @param schedulerName Specifies the schedulerName, if it's nil uses kube-scheduler +## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param terminationGracePeriodSeconds In seconds, time the given to the MinIO pod needs to terminate gracefully +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +terminationGracePeriodSeconds: "" +## MinIO® deployment parameters +## Only when 'mode' is 'standalone' +## +deployment: + ## @param deployment.updateStrategy.type Deployment strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## e.g: + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## + updateStrategy: + type: Recreate +## MinIO® statefulset parameters +## Only when mode is 'distributed' +## +statefulset: + ## @param statefulset.updateStrategy.type StatefulSet strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## e.g: + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## + updateStrategy: + type: RollingUpdate + ## @param statefulset.podManagementPolicy StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel + ## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy + ## + podManagementPolicy: Parallel + ## @param statefulset.replicaCount Number of pods per zone (only for MinIO® distributed mode). Should be even and `>= 4` + ## + replicaCount: 4 + ## @param statefulset.zones Number of zones (only for MinIO® distributed mode) + ## + zones: 1 + ## @param statefulset.drivesPerNode Number of drives attached to every node (only for MinIO® distributed mode) + ## + drivesPerNode: 1 +## MinIO® provisioning +## +provisioning: + ## @param provisioning.enabled Enable MinIO® provisioning Job + ## + enabled: false + ## @param provisioning.schedulerName Name of the k8s scheduler (other than default) for MinIO® provisioning + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param provisioning.nodeSelector Node labels for pod assignment. Evaluated as a template. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/ + ## + nodeSelector: {} + ## @param provisioning.podLabels Extra labels for provisioning pods + ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param provisioning.podAnnotations Provisioning Pod annotations. + ## + podAnnotations: {} + ## @param provisioning.command Default provisioning container command (useful when using custom images). Use array form + ## + command: [] + ## @param provisioning.args Default provisioning container args (useful when using custom images). Use array form + ## + args: [] + ## @param provisioning.extraCommands Optionally specify extra list of additional commands for MinIO® provisioning pod + ## + extraCommands: [] + ## @param provisioning.extraVolumes Optionally specify extra list of additional volumes for MinIO® provisioning pod + ## + extraVolumes: [] + ## @param provisioning.extraVolumeMounts Optionally specify extra list of additional volumeMounts for MinIO® provisioning container + ## + extraVolumeMounts: [] + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param provisioning.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if provisioning.resources is set (provisioning.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param provisioning.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param provisioning.policies MinIO® policies provisioning + ## https://docs.min.io/docs/minio-admin-complete-guide.html#policy + ## e.g. + ## policies: + ## - name: custom-bucket-specific-policy + ## statements: + ## - resources: + ## - "arn:aws:s3:::my-bucket" + ## actions: + ## - "s3:GetBucketLocation" + ## - "s3:ListBucket" + ## - "s3:ListBucketMultipartUploads" + ## - resources: + ## - "arn:aws:s3:::my-bucket/*" + ## # Allowed values: "Allow" | "Deny" + ## # Defaults to "Deny" if not specified + ## effect: "Allow" + ## actions: + ## - "s3:AbortMultipartUpload" + ## - "s3:DeleteObject" + ## - "s3:GetObject" + ## - "s3:ListMultipartUploadParts" + ## - "s3:PutObject" + policies: [] + ## @param provisioning.users MinIO® users provisioning. Can be used in addition to provisioning.usersExistingSecrets. + ## https://docs.min.io/docs/minio-admin-complete-guide.html#user + ## e.g. + ## users: + ## - username: test-username + ## password: test-password + ## disabled: false + ## policies: + ## - readwrite + ## - consoleAdmin + ## - diagnostics + ## # When set to true, it will replace all policies with the specified. + ## # When false, the policies will be added to the existing. + ## setPolicies: false + users: [] + ## @param provisioning.usersExistingSecrets Array if existing secrets containing MinIO® users to be provisioned. Can be used in addition to provisioning.users. + ## https://docs.min.io/docs/minio-admin-complete-guide.html#user + ## + ## Instead of configuring users inside values.yaml, referring to existing Kubernetes secrets containing user + ## configurations is possible. + ## e.g. + ## usersExistingSecrets: + ## - centralized-minio-users + ## + ## All provided Kubernetes secrets require a specific data structure. The same data from the provisioning.users example above + ## can be defined via secrets with the following data structure. The secret keys have no meaning to the provisioning job except that + ## they are used as filenames. + ## ## apiVersion: v1 + ## ## kind: Secret + ## ## metadata: + ## ## name: centralized-minio-users + ## ## type: Opaque + ## ## stringData: + ## ## username1: | + ## ## username=test-username + ## ## password=test-password + ## ## disabled=false + ## ## policies=readwrite,consoleAdmin,diagnostics + ## ## setPolicies=false + usersExistingSecrets: [] + ## @param provisioning.groups MinIO® groups provisioning + ## https://docs.min.io/docs/minio-admin-complete-guide.html#group + ## e.g. + ## groups + ## - name: test-group + ## disabled: false + ## members: + ## - test-username + ## policies: + ## - readwrite + ## # When set to true, it will replace all policies with the specified. + ## # When false, the policies will be added to the existing. + ## setPolicies: false + groups: [] + ## @param provisioning.buckets MinIO® buckets, versioning, lifecycle, quota and tags provisioning + ## Buckets https://docs.min.io/docs/minio-client-complete-guide.html#mb + ## Lifecycle https://docs.min.io/docs/minio-client-complete-guide.html#ilm + ## Quotas https://docs.min.io/docs/minio-admin-complete-guide.html#bucket + ## Tags https://docs.min.io/docs/minio-client-complete-guide.html#tag + ## Versioning https://docs.min.io/docs/minio-client-complete-guide.html#version + ## e.g. + ## buckets: + ## - name: test-bucket + ## region: us-east-1 + ## # Only when mode is 'distributed' + ## # Allowed values: "Versioned" | "Suspended" | "Unchanged" + ## # Defaults to "Suspended" if not specified. + ## # For compatibility, accepts boolean values as well, where true maps + ## # to "Versioned" and false to "Suspended". + ## # ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide + ## versioning: Suspended + ## # Versioning is automatically enabled if withLock is true + ## # ref: https://docs.min.io/docs/minio-bucket-versioning-guide.html + ## withLock: true + ## # Only when mode is 'distributed' + ## # ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide + ## lifecycle: + ## - id: TestPrefix7dRetention + ## prefix: test-prefix + ## disabled: false + ## expiry: + ## days: 7 + ## # Days !OR! date + ## # date: "2021-11-11T00:00:00Z" + ## nonconcurrentDays: 3 + ## # Only when mode is 'distributed' + ## # ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide + ## quota: + ## # set (hard still works as an alias but is deprecated) or clear(+ omit size) + ## type: set + ## size: 10GiB + ## tags: + ## key1: value1 + buckets: [] + ## @param provisioning.config MinIO® config provisioning + ## https://docs.min.io/docs/minio-server-configuration-guide.html + ## e.g. + ## config: + ## - name: region + ## options: + ## name: us-east-1 + config: [] + ## MinIO® pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param provisioning.podSecurityContext.enabled Enable pod Security Context + ## @param provisioning.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param provisioning.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param provisioning.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param provisioning.podSecurityContext.fsGroup Group ID for the container + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## MinIO® container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param provisioning.containerSecurityContext.enabled Enabled containers' Security Context + ## @param provisioning.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param provisioning.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param provisioning.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param provisioning.containerSecurityContext.privileged Set container's Security Context privileged + ## @param provisioning.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param provisioning.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param provisioning.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param provisioning.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: null + runAsUser: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Automatic Cleanup for Finished Jobs + ## @param provisioning.cleanupAfterFinished.enabled Enables Cleanup for Finished Jobs + ## @param provisioning.cleanupAfterFinished.seconds Sets the value of ttlSecondsAfterFinished + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ + ## + cleanupAfterFinished: + enabled: false + seconds: 600 +## @param automountServiceAccountToken Mount Service Account token in pod +## +automountServiceAccountToken: false +## @param hostAliases MinIO® pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param containerPorts.api MinIO® container port to open for MinIO® API +## @param containerPorts.console MinIO® container port to open for MinIO® Console +## +containerPorts: + api: 9000 + console: 9001 +## MinIO® pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enable pod Security Context +## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface +## @param podSecurityContext.supplementalGroups Set filesystem extra groups +## @param podSecurityContext.fsGroup Group ID for the container +## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy +## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface +## @param podSecurityContext.supplementalGroups Set filesystem extra groups +## @param podSecurityContext.fsGroupChangePolicy When K8s should preform chown on attached volumes +## +podSecurityContext: + enabled: true + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" +## MinIO® container Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled containers' Security Context +## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container +## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot +## @param containerSecurityContext.privileged Set container's Security Context privileged +## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem +## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation +## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped +## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile +## +containerSecurityContext: + enabled: true + seLinuxOptions: null + runAsUser: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" +## @param podLabels Extra labels for MinIO® pods +## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations Annotations for MinIO® pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +## +nodeSelector: {} +## @param tolerations Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param topologySpreadConstraints Topology Spread Constraints for MinIO® pods assignment spread across your cluster among failure-domains +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods +## +topologySpreadConstraints: [] +## @param priorityClassName MinIO® pods' priorityClassName +## +priorityClassName: "" +## @param runtimeClassName Name of the runtime class to be used by MinIO® pods' +## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ +## +runtimeClassName: "" +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 +## +resourcesPreset: "none" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: {} +## Configure extra options for liveness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 +## Configure extra options for readiness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 +## Configure extra options for startupProbe probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 60 +## @param customLivenessProbe Override default liveness probe +## +customLivenessProbe: {} +## @param customReadinessProbe Override default readiness probe +## +customReadinessProbe: {} +## @param customStartupProbe Override default startup probe +## +customStartupProbe: {} +## @param lifecycleHooks for the MinIO® container(s) to automate configuration before or after startup +## +lifecycleHooks: {} +## @param extraVolumes Optionally specify extra list of additional volumes for MinIO® pods +## +extraVolumes: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for MinIO® container(s) +## +extraVolumeMounts: [] +## @param initContainers Add additional init containers to the MinIO® pods +## e.g: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: [] +## @param sidecars Add additional sidecar containers to the MinIO® pods +## e.g: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: [] +## @section Traffic exposure parameters + +## MinIO® Service properties +## +service: + ## @param service.type MinIO® service type + ## + type: ClusterIP + ## @param service.ports.api MinIO® API service port + ## @param service.ports.console MinIO® Console service port + ## + ports: + api: 9000 + console: 9001 + ## @param service.nodePorts.api Specify the MinIO® API nodePort value for the LoadBalancer and NodePort service types + ## @param service.nodePorts.console Specify the MinIO® Console nodePort value for the LoadBalancer and NodePort service types + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + api: "" + console: "" + ## @param service.clusterIP Service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer` (optional, cloud specific) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.annotations Annotations for MinIO® service + ## This can be used to set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## Headless service properties + ## + headless: + ## @param service.headless.annotations Annotations for the headless service. + ## + annotations: {} +## Configure the ingress resource that allows you to access the +## MinIO® Console. Set up the URL +## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## +ingress: + ## @param ingress.enabled Enable ingress controller resource for MinIO Console + ## + enabled: false + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster. + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.hostname Default host for the ingress resource + ## + hostname: minio.local + ## @param ingress.path The Path to MinIO®. You may need to set this to '/*' in order to use this with ALB ingress controllers. + ## + path: / + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.servicePort Service port to be used + ## Default is http. Alternative is https. + ## + servicePort: minio-console + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.tls Enable TLS configuration for the hostname defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## e.g: + ## extraHosts: + ## - name: minio.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths Any additional paths that may need to be added to the ingress under the main host + ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - minio.local + ## secretName: minio.local-tls + ## + extraTls: [] + ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate are expected in PEM format + ## name should line up with a secretName set further up + ## + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## + ## Example + ## secrets: + ## - name: minio.local-tls + ## key: "" + ## certificate: "" + ## + secrets: [] + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] +## Configure the ingress resource that allows you to access the +## MinIO® API. Set up the URL +## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## +apiIngress: + ## @param apiIngress.enabled Enable ingress controller resource for MinIO API + ## + enabled: false + ## @param apiIngress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param apiIngress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster. + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param apiIngress.hostname Default host for the ingress resource + ## + hostname: minio.local + ## @param apiIngress.path The Path to MinIO®. You may need to set this to '/*' in order to use this with ALB ingress controllers. + ## + path: / + ## @param apiIngress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param apiIngress.servicePort Service port to be used + ## Default is http. Alternative is https. + ## + servicePort: minio-api + ## @param apiIngress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param apiIngress.tls Enable TLS configuration for the hostname defined at `apiIngress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.apiIngress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param apiIngress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param apiIngress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## e.g: + ## extraHosts: + ## - name: minio.local + ## path: / + ## + extraHosts: [] + ## @param apiIngress.extraPaths Any additional paths that may need to be added to the ingress under the main host + ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param apiIngress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - minio.local + ## secretName: minio.local-tls + ## + extraTls: [] + ## @param apiIngress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate are expected in PEM format + ## name should line up with a secretName set further up + ## + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## + ## Example + ## secrets: + ## - name: minio.local-tls + ## key: "" + ## certificate: "" + ## + secrets: [] + ## @param apiIngress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] +## Network Policy configuration +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply + ## When set to false, only pods with the correct client label will have network access to the ports Keycloak is + ## listening on. When true, Keycloak will accept connections from any source (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable MinIO® data persistence using PVC. If false, use emptyDir + ## + enabled: true + ## @param persistence.storageClass PVC Storage Class for MinIO® data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param persistence.mountPath Data volume mount path + ## + mountPath: /bitnami/minio/data + ## @param persistence.accessModes PVC Access Modes for MinIO® data volume + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size PVC Storage Request for MinIO® data volume + ## + size: 8Gi + ## @param persistence.annotations Annotations for the PVC + ## + annotations: {} + ## @param persistence.existingClaim Name of an existing PVC to use (only in `standalone` mode) + ## + existingClaim: "" +## @section Volume Permissions parameters + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` + ## + enabled: false + ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry + ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository + ## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) + ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 12-debian-12-r16 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container' resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Init container' Security Context + ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser + ## and not the below volumePermissions.containerSecurityContext.runAsUser + ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container + ## + containerSecurityContext: + seLinuxOptions: null + runAsUser: 0 +## @section RBAC parameters + +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + ## @param serviceAccount.create Enable the creation of a ServiceAccount for MinIO® pods + ## + create: true + ## @param serviceAccount.name Name of the created ServiceAccount + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token + ## + automountServiceAccountToken: false + ## @param serviceAccount.annotations Custom annotations for MinIO® ServiceAccount + ## + annotations: {} +## @section Other parameters + +## MinIO® Pod Disruption Budget configuration in distributed mode. +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Enable/disable a Pod Disruption Budget creation + ## + create: false + ## @param pdb.minAvailable Minimum number/percentage of pods that must still be available after the eviction + ## + minAvailable: 1 + ## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable after the eviction + ## + maxUnavailable: "" +## @section Metrics parameters +metrics: + ## @param metrics.prometheusAuthType Authentication mode for Prometheus (`jwt` or `public`) + ## To allow public access without authentication for prometheus metrics set environment as follows. + ## + prometheusAuthType: public + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in + ## + namespace: "" + ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## DEPRECATED metrics.serviceMonitor.path - please use `metrics.serviceMonitor.paths` instead + ## + ## path: /minio/v2/metrics/cluster + ## @param metrics.serviceMonitor.paths HTTP paths to scrape for metrics + ## + paths: + - /minio/v2/metrics/cluster + - /minio/v2/metrics/node + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## e.g: + ## scrapeTimeout: 30s + scrapeTimeout: "" + ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.relabelings Metrics relabelings to add to the scrape endpoint, applied before scraping + ## + relabelings: [] + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## + selector: {} + ## @param metrics.serviceMonitor.apiVersion ApiVersion for the serviceMonitor Resource (defaults to "monitoring.coreos.com/v1") + apiVersion: "" + ## @param metrics.serviceMonitor.tlsConfig Additional TLS configuration for metrics endpoint with "https" scheme + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.TLSConfig + tlsConfig: {} + ## Prometheus Operator PrometheusRule configuration + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Create a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) + ## + enabled: false + ## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace) + ## + namespace: "" + ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so PrometheusRule will be discovered by Prometheus + ## + additionalLabels: {} + ## @param metrics.prometheusRule.rules Prometheus Rule definitions + # - alert: minio cluster nodes offline + # annotations: + # summary: "minio cluster nodes offline" + # description: "minio cluster nodes offline, pod {{`{{`}} $labels.pod {{`}}`}} service {{`{{`}} $labels.job {{`}}`}} offline" + # for: 10m + # expr: minio_cluster_nodes_offline_total > 0 + # labels: + # severity: critical + # group: PaaS + ## + rules: [] diff --git a/charts/tfrs-minio/values-test.yaml b/charts/tfrs-minio/values-test.yaml new file mode 100644 index 000000000..ec6d653e9 --- /dev/null +++ b/charts/tfrs-minio/values-test.yaml @@ -0,0 +1,1196 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## e.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" +## @section Common parameters + +## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) +## +nameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: "" +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param clusterDomain Default Kubernetes cluster domain +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## @section MinIO® parameters + +## Bitnami MinIO® image version +## ref: https://hub.docker.com/r/bitnami/minio/tags/ +## @param image.registry [default: REGISTRY_NAME] MinIO® image registry +## @param image.repository [default: REPOSITORY_NAME/minio] MinIO® image repository +## @skip image.tag MinIO® image tag (immutable tags are recommended) +## @param image.digest MinIO® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy Image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Specify if debug logs should be enabled +## +image: + registry: docker.io + repository: bitnami/minio + tag: 2024.2.17-debian-12-r2 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false +## Bitnami MinIO® Client image version +## ref: https://hub.docker.com/r/bitnami/minio-client/tags/ +## @param clientImage.registry [default: REGISTRY_NAME] MinIO® Client image registry +## @param clientImage.repository [default: REPOSITORY_NAME/minio-client] MinIO® Client image repository +## @skip clientImage.tag MinIO® Client image tag (immutable tags are recommended) +## @param clientImage.digest MinIO® Client image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## +clientImage: + registry: docker.io + repository: bitnami/minio-client + tag: 2024.2.16-debian-12-r2 + digest: "" +## @param mode MinIO® server mode (`standalone` or `distributed`) +## ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide +## +mode: standalone +## MinIO® authentication parameters +## +auth: + ## @param auth.rootUser MinIO® root username + ## + rootUser: admin + ## @param auth.rootPassword Password for MinIO® root user + ## + rootPassword: "" + ## @param auth.existingSecret Use existing secret for credentials details (`auth.rootUser` and `auth.rootPassword` will be ignored and picked up from this secret). The secret has to contain the keys `root-user` and `root-password`) + ## + existingSecret: "tfrs-minio-test" + ## @param auth.forcePassword Force users to specify required passwords + ## + forcePassword: false + ## @param auth.useCredentialsFiles Mount credentials as a files instead of using an environment variable + ## + useCredentialsFiles: false + ## @param auth.forceNewKeys Force root credentials (user and password) to be reconfigured every time they change in the secrets + ## + forceNewKeys: false +## @param defaultBuckets Comma, semi-colon or space separated list of buckets to create at initialization (only in standalone mode) +## e.g: +## defaultBuckets: "my-bucket, my-second-bucket" +## +defaultBuckets: "" +## @param disableWebUI Disable MinIO® Web UI +## ref: https://github.com/minio/minio/tree/master/docs/config/#browser +## +disableWebUI: false +## Enable tls in front of MinIO® containers. +## +tls: + ## @param tls.enabled Enable tls in front of the container + ## + enabled: false + ## @param tls.autoGenerated Generate automatically self-signed TLS certificates + ## + autoGenerated: false + ## @param tls.existingSecret Name of an existing secret holding the certificate information + ## + existingSecret: "" + ## @param tls.mountPath The mount path where the secret will be located + ## Custom mount path where the certificates will be located, if empty will default to /certs + mountPath: "" +## @param extraEnvVars Extra environment variables to be set on MinIO® container +## e.g: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## @param extraEnvVarsCM ConfigMap with extra environment variables +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Secret with extra environment variables +## +extraEnvVarsSecret: "" +## @param command Default container command (useful when using custom images). Use array form +## +command: [] +## @param args Default container args (useful when using custom images). Use array form +## +args: [] +## @section MinIO® deployment/statefulset parameters + +## @param schedulerName Specifies the schedulerName, if it's nil uses kube-scheduler +## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param terminationGracePeriodSeconds In seconds, time the given to the MinIO pod needs to terminate gracefully +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +terminationGracePeriodSeconds: "" +## MinIO® deployment parameters +## Only when 'mode' is 'standalone' +## +deployment: + ## @param deployment.updateStrategy.type Deployment strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## e.g: + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## + updateStrategy: + type: Recreate +## MinIO® statefulset parameters +## Only when mode is 'distributed' +## +statefulset: + ## @param statefulset.updateStrategy.type StatefulSet strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## e.g: + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## + updateStrategy: + type: RollingUpdate + ## @param statefulset.podManagementPolicy StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel + ## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy + ## + podManagementPolicy: Parallel + ## @param statefulset.replicaCount Number of pods per zone (only for MinIO® distributed mode). Should be even and `>= 4` + ## + replicaCount: 4 + ## @param statefulset.zones Number of zones (only for MinIO® distributed mode) + ## + zones: 1 + ## @param statefulset.drivesPerNode Number of drives attached to every node (only for MinIO® distributed mode) + ## + drivesPerNode: 1 +## MinIO® provisioning +## +provisioning: + ## @param provisioning.enabled Enable MinIO® provisioning Job + ## + enabled: false + ## @param provisioning.schedulerName Name of the k8s scheduler (other than default) for MinIO® provisioning + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param provisioning.nodeSelector Node labels for pod assignment. Evaluated as a template. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/ + ## + nodeSelector: {} + ## @param provisioning.podLabels Extra labels for provisioning pods + ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param provisioning.podAnnotations Provisioning Pod annotations. + ## + podAnnotations: {} + ## @param provisioning.command Default provisioning container command (useful when using custom images). Use array form + ## + command: [] + ## @param provisioning.args Default provisioning container args (useful when using custom images). Use array form + ## + args: [] + ## @param provisioning.extraCommands Optionally specify extra list of additional commands for MinIO® provisioning pod + ## + extraCommands: [] + ## @param provisioning.extraVolumes Optionally specify extra list of additional volumes for MinIO® provisioning pod + ## + extraVolumes: [] + ## @param provisioning.extraVolumeMounts Optionally specify extra list of additional volumeMounts for MinIO® provisioning container + ## + extraVolumeMounts: [] + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param provisioning.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if provisioning.resources is set (provisioning.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param provisioning.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param provisioning.policies MinIO® policies provisioning + ## https://docs.min.io/docs/minio-admin-complete-guide.html#policy + ## e.g. + ## policies: + ## - name: custom-bucket-specific-policy + ## statements: + ## - resources: + ## - "arn:aws:s3:::my-bucket" + ## actions: + ## - "s3:GetBucketLocation" + ## - "s3:ListBucket" + ## - "s3:ListBucketMultipartUploads" + ## - resources: + ## - "arn:aws:s3:::my-bucket/*" + ## # Allowed values: "Allow" | "Deny" + ## # Defaults to "Deny" if not specified + ## effect: "Allow" + ## actions: + ## - "s3:AbortMultipartUpload" + ## - "s3:DeleteObject" + ## - "s3:GetObject" + ## - "s3:ListMultipartUploadParts" + ## - "s3:PutObject" + policies: [] + ## @param provisioning.users MinIO® users provisioning. Can be used in addition to provisioning.usersExistingSecrets. + ## https://docs.min.io/docs/minio-admin-complete-guide.html#user + ## e.g. + ## users: + ## - username: test-username + ## password: test-password + ## disabled: false + ## policies: + ## - readwrite + ## - consoleAdmin + ## - diagnostics + ## # When set to true, it will replace all policies with the specified. + ## # When false, the policies will be added to the existing. + ## setPolicies: false + users: [] + ## @param provisioning.usersExistingSecrets Array if existing secrets containing MinIO® users to be provisioned. Can be used in addition to provisioning.users. + ## https://docs.min.io/docs/minio-admin-complete-guide.html#user + ## + ## Instead of configuring users inside values.yaml, referring to existing Kubernetes secrets containing user + ## configurations is possible. + ## e.g. + ## usersExistingSecrets: + ## - centralized-minio-users + ## + ## All provided Kubernetes secrets require a specific data structure. The same data from the provisioning.users example above + ## can be defined via secrets with the following data structure. The secret keys have no meaning to the provisioning job except that + ## they are used as filenames. + ## ## apiVersion: v1 + ## ## kind: Secret + ## ## metadata: + ## ## name: centralized-minio-users + ## ## type: Opaque + ## ## stringData: + ## ## username1: | + ## ## username=test-username + ## ## password=test-password + ## ## disabled=false + ## ## policies=readwrite,consoleAdmin,diagnostics + ## ## setPolicies=false + usersExistingSecrets: [] + ## @param provisioning.groups MinIO® groups provisioning + ## https://docs.min.io/docs/minio-admin-complete-guide.html#group + ## e.g. + ## groups + ## - name: test-group + ## disabled: false + ## members: + ## - test-username + ## policies: + ## - readwrite + ## # When set to true, it will replace all policies with the specified. + ## # When false, the policies will be added to the existing. + ## setPolicies: false + groups: [] + ## @param provisioning.buckets MinIO® buckets, versioning, lifecycle, quota and tags provisioning + ## Buckets https://docs.min.io/docs/minio-client-complete-guide.html#mb + ## Lifecycle https://docs.min.io/docs/minio-client-complete-guide.html#ilm + ## Quotas https://docs.min.io/docs/minio-admin-complete-guide.html#bucket + ## Tags https://docs.min.io/docs/minio-client-complete-guide.html#tag + ## Versioning https://docs.min.io/docs/minio-client-complete-guide.html#version + ## e.g. + ## buckets: + ## - name: test-bucket + ## region: us-east-1 + ## # Only when mode is 'distributed' + ## # Allowed values: "Versioned" | "Suspended" | "Unchanged" + ## # Defaults to "Suspended" if not specified. + ## # For compatibility, accepts boolean values as well, where true maps + ## # to "Versioned" and false to "Suspended". + ## # ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide + ## versioning: Suspended + ## # Versioning is automatically enabled if withLock is true + ## # ref: https://docs.min.io/docs/minio-bucket-versioning-guide.html + ## withLock: true + ## # Only when mode is 'distributed' + ## # ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide + ## lifecycle: + ## - id: TestPrefix7dRetention + ## prefix: test-prefix + ## disabled: false + ## expiry: + ## days: 7 + ## # Days !OR! date + ## # date: "2021-11-11T00:00:00Z" + ## nonconcurrentDays: 3 + ## # Only when mode is 'distributed' + ## # ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide + ## quota: + ## # set (hard still works as an alias but is deprecated) or clear(+ omit size) + ## type: set + ## size: 10GiB + ## tags: + ## key1: value1 + buckets: [] + ## @param provisioning.config MinIO® config provisioning + ## https://docs.min.io/docs/minio-server-configuration-guide.html + ## e.g. + ## config: + ## - name: region + ## options: + ## name: us-east-1 + config: [] + ## MinIO® pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param provisioning.podSecurityContext.enabled Enable pod Security Context + ## @param provisioning.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param provisioning.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param provisioning.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param provisioning.podSecurityContext.fsGroup Group ID for the container + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## MinIO® container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param provisioning.containerSecurityContext.enabled Enabled containers' Security Context + ## @param provisioning.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param provisioning.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param provisioning.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param provisioning.containerSecurityContext.privileged Set container's Security Context privileged + ## @param provisioning.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param provisioning.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param provisioning.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param provisioning.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: null + runAsUser: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Automatic Cleanup for Finished Jobs + ## @param provisioning.cleanupAfterFinished.enabled Enables Cleanup for Finished Jobs + ## @param provisioning.cleanupAfterFinished.seconds Sets the value of ttlSecondsAfterFinished + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ + ## + cleanupAfterFinished: + enabled: false + seconds: 600 +## @param automountServiceAccountToken Mount Service Account token in pod +## +automountServiceAccountToken: false +## @param hostAliases MinIO® pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param containerPorts.api MinIO® container port to open for MinIO® API +## @param containerPorts.console MinIO® container port to open for MinIO® Console +## +containerPorts: + api: 9000 + console: 9001 +## MinIO® pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enable pod Security Context +## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface +## @param podSecurityContext.supplementalGroups Set filesystem extra groups +## @param podSecurityContext.fsGroup Group ID for the container +## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy +## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface +## @param podSecurityContext.supplementalGroups Set filesystem extra groups +## @param podSecurityContext.fsGroupChangePolicy When K8s should preform chown on attached volumes +## +podSecurityContext: + enabled: false + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" +## MinIO® container Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled containers' Security Context +## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container +## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot +## @param containerSecurityContext.privileged Set container's Security Context privileged +## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem +## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation +## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped +## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile +## +containerSecurityContext: + enabled: false + seLinuxOptions: null + runAsUser: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" +## @param podLabels Extra labels for MinIO® pods +## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations Annotations for MinIO® pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +## +nodeSelector: {} +## @param tolerations Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param topologySpreadConstraints Topology Spread Constraints for MinIO® pods assignment spread across your cluster among failure-domains +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods +## +topologySpreadConstraints: [] +## @param priorityClassName MinIO® pods' priorityClassName +## +priorityClassName: "" +## @param runtimeClassName Name of the runtime class to be used by MinIO® pods' +## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ +## +runtimeClassName: "" +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 +## +resourcesPreset: "none" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: + requests: + cpu: 50m + memory: 150Mi + limits: + cpu: 100m + memory: 300Mi +## Configure extra options for liveness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 45 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 10 +## Configure extra options for readiness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 10 +## Configure extra options for startupProbe probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 60 +## @param customLivenessProbe Override default liveness probe +## +customLivenessProbe: {} +## @param customReadinessProbe Override default readiness probe +## +customReadinessProbe: {} +## @param customStartupProbe Override default startup probe +## +customStartupProbe: {} +## @param lifecycleHooks for the MinIO® container(s) to automate configuration before or after startup +## +lifecycleHooks: {} +## @param extraVolumes Optionally specify extra list of additional volumes for MinIO® pods +## +extraVolumes: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for MinIO® container(s) +## +extraVolumeMounts: [] +## @param initContainers Add additional init containers to the MinIO® pods +## e.g: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: [] +## @param sidecars Add additional sidecar containers to the MinIO® pods +## e.g: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: [] +## @section Traffic exposure parameters + +## MinIO® Service properties +## +service: + ## @param service.type MinIO® service type + ## + type: ClusterIP + ## @param service.ports.api MinIO® API service port + ## @param service.ports.console MinIO® Console service port + ## + ports: + api: 9000 + console: 9001 + ## @param service.nodePorts.api Specify the MinIO® API nodePort value for the LoadBalancer and NodePort service types + ## @param service.nodePorts.console Specify the MinIO® Console nodePort value for the LoadBalancer and NodePort service types + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + api: "" + console: "" + ## @param service.clusterIP Service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer` (optional, cloud specific) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.annotations Annotations for MinIO® service + ## This can be used to set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## Headless service properties + ## + headless: + ## @param service.headless.annotations Annotations for the headless service. + ## + annotations: {} +## Configure the ingress resource that allows you to access the +## MinIO® Console. Set up the URL +## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## +ingress: + ## @param ingress.enabled Enable ingress controller resource for MinIO Console + ## + enabled: false + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster. + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.hostname Default host for the ingress resource + ## + hostname: minio.local + ## @param ingress.path The Path to MinIO®. You may need to set this to '/*' in order to use this with ALB ingress controllers. + ## + path: / + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.servicePort Service port to be used + ## Default is http. Alternative is https. + ## + servicePort: minio-console + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.tls Enable TLS configuration for the hostname defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## e.g: + ## extraHosts: + ## - name: minio.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths Any additional paths that may need to be added to the ingress under the main host + ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - minio.local + ## secretName: minio.local-tls + ## + extraTls: [] + ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate are expected in PEM format + ## name should line up with a secretName set further up + ## + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## + ## Example + ## secrets: + ## - name: minio.local-tls + ## key: "" + ## certificate: "" + ## + secrets: [] + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] +## Configure the ingress resource that allows you to access the +## MinIO® API. Set up the URL +## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## +apiIngress: + ## @param apiIngress.enabled Enable ingress controller resource for MinIO API + ## + enabled: false + ## @param apiIngress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param apiIngress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster. + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param apiIngress.hostname Default host for the ingress resource + ## + hostname: minio.local + ## @param apiIngress.path The Path to MinIO®. You may need to set this to '/*' in order to use this with ALB ingress controllers. + ## + path: / + ## @param apiIngress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param apiIngress.servicePort Service port to be used + ## Default is http. Alternative is https. + ## + servicePort: minio-api + ## @param apiIngress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param apiIngress.tls Enable TLS configuration for the hostname defined at `apiIngress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.apiIngress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param apiIngress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param apiIngress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## e.g: + ## extraHosts: + ## - name: minio.local + ## path: / + ## + extraHosts: [] + ## @param apiIngress.extraPaths Any additional paths that may need to be added to the ingress under the main host + ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param apiIngress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - minio.local + ## secretName: minio.local-tls + ## + extraTls: [] + ## @param apiIngress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate are expected in PEM format + ## name should line up with a secretName set further up + ## + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## + ## Example + ## secrets: + ## - name: minio.local-tls + ## key: "" + ## certificate: "" + ## + secrets: [] + ## @param apiIngress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] +## Network Policy configuration +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: false + ## @param networkPolicy.allowExternal The Policy model to apply + ## When set to false, only pods with the correct client label will have network access to the ports Keycloak is + ## listening on. When true, Keycloak will accept connections from any source (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable MinIO® data persistence using PVC. If false, use emptyDir + ## + enabled: true + ## @param persistence.storageClass PVC Storage Class for MinIO® data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param persistence.mountPath Data volume mount path + ## + mountPath: /bitnami/minio/data + ## @param persistence.accessModes PVC Access Modes for MinIO® data volume + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size PVC Storage Request for MinIO® data volume + ## + size: 200Mi + ## @param persistence.annotations Annotations for the PVC + ## + annotations: {} + ## @param persistence.existingClaim Name of an existing PVC to use (only in `standalone` mode) + ## + existingClaim: "" +## @section Volume Permissions parameters + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` + ## + enabled: false + ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry + ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository + ## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) + ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 12-debian-12-r16 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container' resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Init container' Security Context + ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser + ## and not the below volumePermissions.containerSecurityContext.runAsUser + ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container + ## + containerSecurityContext: + seLinuxOptions: null + runAsUser: 0 +## @section RBAC parameters + +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + ## @param serviceAccount.create Enable the creation of a ServiceAccount for MinIO® pods + ## + create: true + ## @param serviceAccount.name Name of the created ServiceAccount + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token + ## + automountServiceAccountToken: false + ## @param serviceAccount.annotations Custom annotations for MinIO® ServiceAccount + ## + annotations: {} +## @section Other parameters + +## MinIO® Pod Disruption Budget configuration in distributed mode. +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Enable/disable a Pod Disruption Budget creation + ## + create: false + ## @param pdb.minAvailable Minimum number/percentage of pods that must still be available after the eviction + ## + minAvailable: 1 + ## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable after the eviction + ## + maxUnavailable: "" +## @section Metrics parameters +metrics: + ## @param metrics.prometheusAuthType Authentication mode for Prometheus (`jwt` or `public`) + ## To allow public access without authentication for prometheus metrics set environment as follows. + ## + prometheusAuthType: public + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in + ## + namespace: "" + ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## DEPRECATED metrics.serviceMonitor.path - please use `metrics.serviceMonitor.paths` instead + ## + ## path: /minio/v2/metrics/cluster + ## @param metrics.serviceMonitor.paths HTTP paths to scrape for metrics + ## + paths: + - /minio/v2/metrics/cluster + - /minio/v2/metrics/node + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## e.g: + ## scrapeTimeout: 30s + scrapeTimeout: "" + ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.relabelings Metrics relabelings to add to the scrape endpoint, applied before scraping + ## + relabelings: [] + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## + selector: {} + ## @param metrics.serviceMonitor.apiVersion ApiVersion for the serviceMonitor Resource (defaults to "monitoring.coreos.com/v1") + apiVersion: "" + ## @param metrics.serviceMonitor.tlsConfig Additional TLS configuration for metrics endpoint with "https" scheme + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.TLSConfig + tlsConfig: {} + ## Prometheus Operator PrometheusRule configuration + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Create a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) + ## + enabled: false + ## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace) + ## + namespace: "" + ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so PrometheusRule will be discovered by Prometheus + ## + additionalLabels: {} + ## @param metrics.prometheusRule.rules Prometheus Rule definitions + # - alert: minio cluster nodes offline + # annotations: + # summary: "minio cluster nodes offline" + # description: "minio cluster nodes offline, pod {{`{{`}} $labels.pod {{`}}`}} service {{`{{`}} $labels.job {{`}}`}} offline" + # for: 10m + # expr: minio_cluster_nodes_offline_total > 0 + # labels: + # severity: critical + # group: PaaS + ## + rules: [] diff --git a/frontend/package.json b/frontend/package.json index 0d5941385..40612cd38 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -1,6 +1,6 @@ { "name": "tfrs", - "version": "2.15.0", + "version": "2.16.0", "dependencies": { "@babel/eslint-parser": "^7.19.1", "@babel/plugin-proposal-object-rest-spread": "^7.20.7", diff --git a/frontend/src/compliance_reporting/components/ComplianceReportingPage.js b/frontend/src/compliance_reporting/components/ComplianceReportingPage.js index b83e60f65..ff9c8f8cb 100644 --- a/frontend/src/compliance_reporting/components/ComplianceReportingPage.js +++ b/frontend/src/compliance_reporting/components/ComplianceReportingPage.js @@ -335,7 +335,7 @@ const ComplianceReportingPage = (props) => { { Array.from({ length: new Date().getFullYear() - 2017 }, (_, index) => { const year = new Date().getFullYear() - index + 1 - if (year >= 2023) return null + if (year >= 2024) return null return (