diff --git a/helm/operator/values.yaml b/helm/operator/values.yaml index ceb1fd0cff6..8d7b3f2d041 100644 --- a/helm/operator/values.yaml +++ b/helm/operator/values.yaml @@ -1,54 +1,127 @@ -# Default values for minio-operator. - +### +# Root key for Operator Helm Chart operator: - ## Setup environment variables for the Operator -# env: -# - name: MINIO_OPERATOR_DEPLOYMENT_NAME -# valueFrom: -# fieldRef: -# fieldPath: metadata.labels['app.kubernetes.io/name'] -# - name: MINIO_CONSOLE_TLS_ENABLE -# value: "off" -# - name: CLUSTER_DOMAIN -# value: "cluster.domain" -# - name: WATCHED_NAMESPACE -# value: "" -# - name: MINIO_OPERATOR_RUNTIME -# value: "OpenShift" + ### + # An array of environment variables to pass to the Operator deployment. + # Pass an empty array to start Operator with defaults. + # + # For example: + # + # .. code-block:: yaml + # + # env: + # - name: MINIO_OPERATOR_DEPLOYMENT_NAME + # valueFrom: + # fieldRef: + # fieldPath: metadata.labels['app.kubernetes.io/name'] + # - name: MINIO_CONSOLE_TLS_ENABLE + # value: "off" + # - name: CLUSTER_DOMAIN + # value: "cluster.domain" + # - name: WATCHED_NAMESPACE + # value: "" + # - name: MINIO_OPERATOR_RUNTIME + # value: "OpenShift" + # + # See `Operator environment variables `__ for a list of all supported values. env: [ ] + ### + # Specify the Operator container image to use for the deployment. + # ``image.tag`` + # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.10 tag. + # The container pulls the image if not already present: + # + # .. code-block:: yaml + # + # image: + # repository: quay.io/minio/operator + # tag: v5.0.10 + # pullPolicy: IfNotPresent + # + # The chart also supports specifying an image based on digest value: + # + # .. code-block:: yaml + # + # image: + # repository: quay.io/minio/operator@sha256 + # digest: 28c80b379c75242c6fe793dfbf212f43c602140a0de5ebe3d9c2a3a7b9f9f983 + # pullPolicy: IfNotPresent # - ### Image field: - ## Image from tag (original behaviour), for example: - # image: - # repository: quay.io/minio/operator - # tag: v5.0.10 - # pullPolicy: IfNotPresent - ## Image from digest (added after original behaviour), for example: - # image: - # repository: quay.io/minio/operator@sha256 - # digest: 28c80b379c75242c6fe793dfbf212f43c602140a0de5ebe3d9c2a3a7b9f9f983 - # pullPolicy: IfNotPresent image: repository: quay.io/minio/operator tag: v5.0.10 pullPolicy: IfNotPresent + ### + # + # An array of Kubernetes secrets to use for pulling images from a private ``image.repository``. + # Only one array element is supported at this time. imagePullSecrets: [ ] + ### + # + # The name of a custom `Container Runtime `__ to use for the Operator pods. runtimeClassName: ~ + ### + # An array of `initContainers `__ to start up before the Operator pods. + # Exercise care as ``initContainer`` failures prevent Operator pods from starting. + # Pass an empty array to start the Operator normally. initContainers: [ ] + ### + # The number of Operator pods to deploy. + # Higher values increase availability in the event of worker node failures. + # + # The cluster must have sufficient number of available worker nodes to fulfill the request. + # Operator pods deploy with pod anti-affinity by default, preventing Kubernetes from scheduling multiple pods onto a single Worker node. replicaCount: 2 + ### + # The Kubernetes `SecurityContext `__ to use for deploying Operator resources. + # + # You may need to modify these values to meet your cluster's security and access settings. securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true fsGroup: 1000 + ### + # The Kubernetes `SecurityContext `__ to use for deploying Operator containers. + # You may need to modify these values to meet your cluster's security and access settings. containerSecurityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true + ### + # An array of `Volumes `__ which the Operator can mount to pods. + # + # The volumes must exist *and* be accessible to the Operator pods. volumes: [ ] + ### + # An array of volume mount points associated to each Operator container. + # + # Specify each item in the array as follows: + # + # .. code-block:: yaml + # + # volumeMounts: + # - name: volumename + # mountPath: /path/to/mount + # + # The ``name`` field must correspond to an entry in the ``volumes`` array. volumeMounts: [ ] + ### + # Any `Node Selectors `__ to apply to Operator pods. + # + # The Kubernetes scheduler uses these selectors to determine which worker nodes onto which it can deploy Operator pods. + # + # If no worker nodes match the specified selectors, the Operator deployment will fail. nodeSelector: { } + ### + # + # The `Pod Priority `__ to assign to Operator pods. priorityClassName: "" + ### + # + # The `affinity `__ or anti-affinity settings to apply to Operator pods. + # + # These settings determine the distribution of pods across worker nodes and can help prevent or allow colocating pods onto the same worker nodes. affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -59,39 +132,150 @@ operator: values: - minio-operator topologyKey: kubernetes.io/hostname + ### + # + # An array of `Toleration labels `__ to associate to Operator pods. + # + # These settings determine the distribution of pods across worker nodes. tolerations: [ ] + ### + # + # An array of `Topology Spread Constraints `__ to associate to Operator pods. + # + # These settings determine the distribution of pods across worker nodes. topologySpreadConstraints: [ ] + ### + # + # The `Requests or Limits `__ for resources to associate to Operator pods. + # + # These settings can control the minimum and maximum resources requested for each pod. + # If no worker nodes can meet the specified requests, the Operator may fail to deploy. resources: requests: cpu: 200m memory: 256Mi ephemeral-storage: 500Mi +### +# Root key for Operator Console console: + ### + # Specify ``false`` to disable the Operator Console. + # + # If the Operator Console is disabled, all management of Operator Tenants must be done through the Kubernetes API. enabled: true + ### + # Specify the Operator Console container image to use for the deployment. + # ``image.tag`` + # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.10 tag. + # The container pulls the image if not already present: + # + # .. code-block:: yaml + # + # image: + # repository: quay.io/minio/operator + # tag: v5.0.10 + # pullPolicy: IfNotPresent + # + # The chart also supports specifying an image based on digest value: + # + # .. code-block:: yaml + # + # image: + # repository: quay.io/minio/operator@sha256 + # digest: 28c80b379c75242c6fe793dfbf212f43c602140a0de5ebe3d9c2a3a7b9f9f983 + # pullPolicy: IfNotPresent + # + # The specified values should match that of ``operator.image`` to ensure predictable operations. image: repository: quay.io/minio/operator tag: v5.0.10 pullPolicy: IfNotPresent + ### + # An array of environment variables to pass to the Operator Console deployment. + # Pass an empty array to start Operator Console with defaults. env: [ ] + ### + # + # An array of Kubernetes secrets to use for pulling images from a private ``image.repository``. imagePullSecrets: [ ] + ### + # + # The name of a custom `Container Runtime `__ to use for the Operator Console pods. runtimeClassName: ~ + ### + # An array of `initContainers `__ to start up before the Operator Console pods. + # Exercise care as ``initContainer`` failures prevent Console pods from starting. + # Pass an empty array to start the Console normally. initContainers: [ ] + ### + # The number of Operator Console pods to deploy. + # Higher values increase availability in the event of worker node failures. + # + # The cluster must have sufficient number of available worker nodes to fulfill the request. + # Console pods deploy with pod anti-affinity by default, preventing Kubernetes from scheduling multiple pods onto a single Worker node. replicaCount: 1 + ### + # Any `Node Selectors `__ to apply to Operator Console pods. + # + # The Kubernetes scheduler uses these selectors to determine which worker nodes onto which it can deploy Console pods. + # + # If no worker nodes match the specified selectors, the Console deployment will fail. nodeSelector: { } - affinity: { } + ### + # + # The `affinity `__ or anti-affinity settings to apply to Operator Console pods. + # + # These settings determine the distribution of pods across worker nodes and can help prevent or allow colocating pods onto the same worker nodes. + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - minio-operator + topologyKey: kubernetes.io/hostname + ### + # + # An array of `Toleration labels `__ to associate to Operator Console pods. + # + # These settings determine the distribution of pods across worker nodes. tolerations: [ ] + ### + # + # An array of `Topology Spread Constraints `__ to associate to Operator Console pods. + # + # These settings determine the distribution of pods across worker nodes. topologySpreadConstraints: [ ] + ### + # + # The `Requests or Limits `__ for resources to associate to Operator Console pods. + # + # These settings can control the minimum and maximum resources requested for each pod. + # If no worker nodes can meet the specified requests, the Console may fail to deploy. resources: requests: cpu: 0.25 memory: 512Mi + ### + # The Kubernetes `SecurityContext `__ to use for deploying Operator Console resources. + # + # You may need to modify these values to meet your cluster's security and access settings. securityContext: runAsUser: 1000 runAsNonRoot: true + ### + # The Kubernetes `SecurityContext `__ to use for deploying Operator Console containers. + # You may need to modify these values to meet your cluster's security and access settings. containerSecurityContext: runAsUser: 1000 runAsNonRoot: true + ### + # Configures `Ingress `__ for the Operator Console. + # + # Set the keys to conform to the Ingress controller and configuration of your choice. ingress: enabled: false ingressClassName: "" @@ -101,5 +285,21 @@ console: host: console.local path: / pathType: Prefix + ### + # An array of `Volumes `__ which the Operator Console can mount to pods. + # + # The volumes must exist *and* be accessible to the Console pods. volumes: [ ] + ### + # An array of volume mount points associated to each Operator Console container. + # + # Specify each item in the array as follows: + # + # .. code-block:: yaml + # + # volumeMounts: + # - name: volumename + # mountPath: /path/to/mount + # + # The ``name`` field must correspond to an entry in the ``volumes`` array. volumeMounts: [ ] diff --git a/helm/tenant/values.yaml b/helm/tenant/values.yaml index b0c7727b42e..0b7152e560f 100644 --- a/helm/tenant/values.yaml +++ b/helm/tenant/values.yaml @@ -1,189 +1,339 @@ -## Secret with default environment variable configurations to be used by MinIO Tenant. -## Not recommended for production deployments! Create the secret manually instead. +### +# Root key for dynamically creating a secret for use with configuring root MinIO User +# Specify the ``name`` and then a list of environment variables. +# +# .. important:: +# +# Do not use this in production environments. +# This field is intended for use with rapid development or testing only. +# +# For example: +# +# .. code-block:: yaml +# +# name: myminio-env-configuration +# accessKey: minio +# secretKey: minio123 +# secrets: name: myminio-env-configuration - # MinIO root user and password - accessKey: minio + accessKey: minio secretKey: minio123 - ## Set the value for existingSecret to use a pre created secret and dont create default one - # existingSecret: random-env-configuration -## MinIO Tenant Definition +### +# The name of an existing Kubernetes secret to import to the MinIO Tenant +# The secret must contain a key ``config.env``. +# The values should be a series of export statements to set environment variables for the Tenant. +# For example: +# +# .. code-block:: shell +# +# stringData: +# config.env: | - +# export MINIO_ROOT_USER=ROOTUSERNAME +# export MINIO_ROOT_PASSWORD=ROOTUSERPASSWORD +# +existingSecret: + name: myminio-env-configuration +### +# Root key for MinIO Tenant Chart tenant: - # Tenant name + ### + # The Tenant name + # + # Change this to match your preferred MinIO Tenant name. name: myminio - ### Registry location and Tag or Digest to download MinIO Server image, options: - ## Option 1: Image from tag (original behaviour): - # image: - # repository: quay.io/minio/minio - # tag: RELEASE.2023-10-07T15-07-38Z - # pullPolicy: IfNotPresent - ## Option 2: Image from digest (added after original): - # image: - # repository: quay.io/minio/minio@sha256 - # digest: 28c80b379c75242c6fe793dfbf212f43c602140a0de5ebe3d9c2a3a7b9f9f983 - # pullPolicy: IfNotPresent + ### + # Specify the Operator container image to use for the deployment. + # ``image.tag`` + # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.10 tag. + # The container pulls the image if not already present: + # + # .. code-block:: yaml + # + # image: + # repository: quay.io/minio/minio + # tag: RELEASE.2023-10-07T15-07-38Z + # pullPolicy: IfNotPresent + # + # The chart also supports specifying an image based on digest value: + # + # .. code-block:: yaml + # + # image: + # repository: quay.io/minio/minio@sha256 + # digest: 28c80b379c75242c6fe793dfbf212f43c602140a0de5ebe3d9c2a3a7b9f9f983 + # pullPolicy: IfNotPresent + # + # image: repository: quay.io/minio/minio tag: RELEASE.2023-10-07T15-07-38Z pullPolicy: IfNotPresent - ## Customize any private registry image pull secret. - ## currently only one secret registry is supported + ### + # + # An array of Kubernetes secrets to use for pulling images from a private ``image.repository``. + # Only one array element is supported at this time. imagePullSecret: { } - ## If a scheduler is specified here, Tenant pods will be dispatched by specified scheduler. - ## If not specified, the Tenant pods will be dispatched by default scheduler. + ### + # The Kubernetes `Scheduler `__ to use for dispatching Tenant pods. + # + # Specify an empty dictionary ``{}`` to dispatch pods with the default scheduler. scheduler: { } - ## Secret name that contains additional environment variable configurations. - ## The secret is expected to have a key named config.env containing environment variables exports. + ### + # The Kubernetes secret name that contains MinIO environment variable configurations. + # The secret is expected to have a key named config.env containing environment variables exports. configuration: name: myminio-env-configuration - ## Specification for MinIO Pool(s) in this Tenant. + ### + # Top level key for configuring MinIO Pool(s) in this Tenant. + # + # See `Operator CRD: Pools `__ for more information on all subfields. pools: - ## Servers specifies the number of MinIO Tenant Pods / Servers in this pool. - ## For standalone mode, supply 1. For distributed mode, supply 4 or more. - ## Note that the operator does not support upgrading from standalone to distributed mode. + ### + # The number of MinIO Tenant Pods / Servers in this pool. + # For standalone mode, supply 1. For distributed mode, supply 4 or more. + # Note that the operator does not support upgrading from standalone to distributed mode. - servers: 4 - ## custom name for the pool + ### + # Custom name for the pool name: pool-0 - ## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server. + ### + # The number of volumes attached per MinIO Tenant Pod / Server. volumesPerServer: 4 - ## size specifies the capacity per volume + ### + # The capacity per volume requested per MinIO Tenant Pod. size: 10Gi - ## storageClass specifies the storage class name to be used for this pool - ### If using Amazon Elastic Block Store (EBS) CSI driver - ### Please make sure to set xfs for "csi.storage.k8s.io/fstype" parameter - ### under StorageClass.parameters. - ### Docs: https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/docs/parameters.md + ### + # The `storageClass `__ to associate with volumes generated for this pool. + # + # If using Amazon Elastic Block Store (EBS) CSI driver + # Please make sure to set xfs for "csi.storage.k8s.io/fstype" parameter under StorageClass.parameters. + # Docs: https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/docs/parameters.md storageClassName: standard - ## Used to specify annotations for pods + ### + # Specify `annotations `__ to associate to Tenant pods. annotations: { } - ## Used to specify labels for pods + ### + # Specify `labels `__ to associate to Tenant pods. labels: { } - ## Used to specify a toleration for a pod + ### + # + # An array of `Toleration labels `__ to associate to Tenant pods. + # + # These settings determine the distribution of pods across worker nodes. tolerations: [ ] - ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be - ## eligible to run on a node, the node must have each of the - ## indicated key-value pairs as labels. - ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ### + # Any `Node Selectors `__ to apply to Tenant pods. + # + # The Kubernetes scheduler uses these selectors to determine which worker nodes onto which it can deploy Tenant pods. + # + # If no worker nodes match the specified selectors, the Tenant deployment will fail. nodeSelector: { } - ## Affinity settings for MinIO pods. Read more about affinity - ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity. + ### + # + # The `affinity `__ or anti-affinity settings to apply to Tenant pods. + # + # These settings determine the distribution of pods across worker nodes and can help prevent or allow colocating pods onto the same worker nodes. affinity: { } - ## Configure resource requests and limits for MinIO containers + ### + # + # The `Requests or Limits `__ for resources to associate to Tenant pods. + # + # These settings can control the minimum and maximum resources requested for each pod. + # If no worker nodes can meet the specified requests, the Operator may fail to deploy. resources: { } - ## Configure Pod's security context - ## We recommend to skip the recursive permission change by using - ## fsGroupChangePolicy as OnRootMismatch because it can be pretty - ## expensive for larger volumes with lots of small files. + ### + # The Kubernetes `SecurityContext `__ to use for deploying Tenant resources. + # + # You may need to modify these values to meet your cluster's security and access settings. + # + # We recommend disabling recursive permission changes by setting ``fsGroupChangePolicy`` to ``OnRootMismatch`` as those operations can be expensive for certain workloads (e.g. large volumes with many small files). securityContext: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: "OnRootMismatch" runAsNonRoot: true - ## Configure container security context + ### + # The Kubernetes `SecurityContext `__ to use for deploying Tenant containers. + # You may need to modify these values to meet your cluster's security and access settings. containerSecurityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true - ## Configure topology constraints + ### + # + # An array of `Topology Spread Constraints `__ to associate to Operator Console pods. + # + # These settings determine the distribution of pods across worker nodes. topologySpreadConstraints: [ ] - ## Configure Runtime Class + ### + # + # The name of a custom `Container Runtime `__ to use for the Operator Console pods. # runtimeClassName: "" - ## Mount path where PV will be mounted inside container(s). + ### + # The mount path where Persistent Volumes are mounted inside Tenant container(s). mountPath: /export - ## Sub path inside Mount path where MinIO stores data. - ## WARNING: - ## We recommend you to keep the same mountPath and the same subPath once the - ## Tenant has been deployed over your different PVs. - ## This is because if you change these values once Tenant is deployed, then - ## you will end up with multiple paths for different buckets. So please, be - ## very careful to keep same value for the life of the Tenant. + ### + # The Sub path inside Mount path where MinIO stores data. + # + # .. warning:: + # + # Treat the ``mountPath`` and ``subPath`` values as immutable once you deploy the Tenant. + # If you change these values post-deployment, then you may have different paths for new and pre-existing data. + # This can vastly increase operational complexity and may result in unpredictable data states. subPath: /data - # pool metrics to be read by Prometheus + ### + # Configures a Prometheus-compatible scraping endpoint at the specified port. metrics: enabled: false port: 9000 protocol: http + ### + # Configures external certificate settings for the Tenant. certificate: - ## Use this field to provide one or more external CA certificates. This is used by MinIO - ## to verify TLS connections with other applications: - ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + ### + # Specify an array of Kubernetes TLS secrets, where each entry corresponds to a secret the TLS private key and public certificate pair. + # + # This is used by MinIO to verify TLS connections from clients using those CAs + # If you omit this and have clients using TLS certificates minted by an external CA, those connections may fail with warnings around certificate verification. + # See `Operator CRD: TenantSpec `__. externalCaCertSecret: [ ] - ## Use this field to provide a list of Secrets with external certificates. This can be used to configure - ## TLS for MinIO Tenant pods. Create secrets as explained here: - ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + ### + # Specify an array of Kubernetes secrets, where each entry corresponds to a secret contains the TLS private key and public certificate pair. + # + # Omit this to use only the MinIO Operator autogenerated certificates. + # + # If you omit this field *and* set ``requestAutoCert`` to false, the Tenant starts without TLS. + # + # See `Operator CRD: TenantSpec `__. + # + # .. important:: + # + # The MinIO Operator may output TLS connectivity errors if it cannot trust the Certificate Authority (CA) which minted the custom certificates. + # + # You can pass the CA to the Operator to allow it to trust that cert. + # See `Self-Signed, Internal, and Private Certificates `__ for more information. + # This step may also be necessary for globally trusted CAs where you must provide intermediate certificates to the Operator to help build the full chain of trust. externalCertSecret: [ ] - ## Enable automatic Kubernetes based certificate generation and signing as explained in - ## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster + ### + # Enable automatic Kubernetes based `certificate generation and signing `__ requestAutoCert: true - ## This field is used only when "requestAutoCert" is set to true. Use this field to set CommonName - ## for the auto-generated certificate. Internal DNS name for the pod will be used if CommonName is - ## not provided. DNS name format is *.minio.default.svc.cluster.local + ### + # This field is used only when ``requestAutoCert: true``. + # Use this field to set CommonName for the auto-generated certificate. + # MinIO defaults to using the internal Kubernetes DNS name for the pod + # The default DNS name format is typically ``*.minio.default.svc.cluster.local``. + # + # See `Operator CRD: CertificateConfig `__ certConfig: { } - ## MinIO features to enable or disable in the MinIO Tenant - ## https://github.com/minio/operator/blob/master/docs/tenant_crd.adoc#features + ### + # MinIO features to enable or disable in the MinIO Tenant + # See `Operator CRD: Features `__. features: bucketDNS: false domains: { } enableSFTP: false - ## List of bucket definitions to create during tenant provisioning. - ## Example: - # - name: my-minio-bucket - # objectLock: false # optional - # region: us-east-1 # optional + ### + # Array of objects describing one or more buckets to create during tenant provisioning. + # Example: + # + # .. code-block:: yaml + # + # - name: my-minio-bucket + # objectLock: false # optional + # region: us-east-1 # optional buckets: [ ] - ## List of secret names to use for generating MinIO users during tenant provisioning + ### + # Array of Kubernetes secrets from which the Operator generates MinIO users during tenant provisioning. + # + # Each secret should specify the ``CONSOLE_ACCESS_KEY`` and ``CONSOLE_SECRET_KEY`` as the access key and secret key for that user. users: [ ] - ## PodManagement policy for MinIO Tenant Pods. Can be "OrderedReady" or "Parallel" - ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy - ## for details. + ### + # The `PodManagement `__ policy for MinIO Tenant Pods. + # Can be "OrderedReady" or "Parallel" podManagementPolicy: Parallel - # Liveness Probe for container liveness. Container will be restarted if the probe fails. - # Refer https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes. + # The `Liveness Probe `__ for monitoring Tenant pod liveness. + # Tenant pods will be restarted if the probe fails. liveness: { } - # Readiness Probe for container readiness. Container will be removed from service endpoints if the probe fails. - # Refer https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + ### + # `Readiness Probe `__ for monitoring Tenant container readiness. + # Tenant pods will be removed from service endpoints if the probe fails. readiness: { } - # Startup Probe for container startup. Container will be restarted if the probe fails. - # Refer https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + ### + # `Startup Probe `__ for monitoring container startup. + # Tenant pods will be restarted if the probe fails. + # Refer startup: { } - ## exposeServices defines the exposure of the MinIO object storage and Console services. - ## service is exposed as a loadbalancer in k8s service. + ### + # Directs the Operator to deploy the MinIO S3 API and Console services as LoadBalancer objects. + # + # If the Kubernetes cluster has a configured LoadBalancer, it can attempt to route traffic to those services automatically. + # + # - Specify ``minio: true`` to expose the MinIO S3 API. + # - Specify ``console: true`` to expose the Console. + # + # Both fields default to ``false``. exposeServices: { } - # kubernetes service account associated with a specific tenant - # https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ### + # The `Kubernetes Service Account `__ associated with the Tenant. serviceAccountName: "" - # Tenant scrape configuration will be added to prometheus managed by the prometheus-operator. + ### + # Directs the Operator to add the Tenant's metric scrape configuration to an existing Kubernetes Prometheus deployment managed by the Prometheus Operator. prometheusOperator: false - # Enable JSON, Anonymous logging for MinIO tenants. - # Refer https://github.com/minio/operator/blob/master/pkg/apis/minio.min.io/v2/types.go#L303 - # How logs will look: - # $ k logs myminio-pool-0-0 -n default - # {"level":"INFO","errKind":"","time":"2022-04-07T21:49:33.740058549Z","message":"All MinIO sub-systems initialized successfully"} - # Notice they are in JSON format to be consumed + ### + # Configure pod logging configuration for the MinIO Tenant. + # + # - Specify ``json`` for JSON-formatted logs. + # - Specify ``anonymous`` for anonymized logs. + # - Specify ``quiet`` to supress logging. + # + # An example of JSON-formatted logs is as follows: + # + # .. code-block:: shell + # + # $ k logs myminio-pool-0-0 -n default + # {"level":"INFO","errKind":"","time":"2022-04-07T21:49:33.740058549Z","message":"All MinIO sub-systems initialized successfully"} logging: { } - ## serviceMetadata allows passing additional labels and annotations to MinIO and Console specific - ## services created by the operator. + ### + # serviceMetadata allows passing additional labels and annotations to MinIO and Console specific + # services created by the operator. serviceMetadata: { } - ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config) + ### + # Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config) env: [ ] - ## PriorityClassName indicates the Pod priority and hence importance of a Pod relative to other Pods. - ## This is applied to MinIO pods only. - ## Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass/ + ### + # PriorityClassName indicates the Pod priority and hence importance of a Pod relative to other Pods. + # This is applied to MinIO pods only. + # Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass/ priorityClassName: "" - ## additionalVolumes allows adding additional volumes to MinIO pods + ### + # An array of `Volumes `__ which the Operator can mount to Tenant pods. + # + # The volumes must exist *and* be accessible to the Tenant pods. additionalVolumes: [ ] - ## additionalVolumeMounts allows mounting additional volumes to MinIO pods + ### + # An array of volume mount points associated to each Tenant container. + # + # Specify each item in the array as follows: + # + # .. code-block:: yaml + # + # volumeMounts: + # - name: volumename + # mountPath: /path/to/mount + # + # The ``name`` field must correspond to an entry in the ``additionalVolumes`` array. additionalVolumeMounts: [ ] - ## Define configuration for KES (stateless and distributed key-management system) - ## Refer https://github.com/minio/kes + # Define configuration for KES (stateless and distributed key-management system) + # Refer https://github.com/minio/kes #kes: - # ### Image field: - # ## Image from tag (original behaviour), for example: + # ## Image field: + # # Image from tag (original behavior), for example: # # image: # # repository: quay.io/minio/kes # # tag: 2023-10-03T00-48-37Z - # ## Image from digest (added after original behaviour), for example: + # # Image from digest (added after original behavior), for example: # # image: # # repository: quay.io/minio/kes@sha256 # # digest: fb15af611149892f357a8a99d1bcd8bf5dae713bd64c15e6eb27fbdb88fc208b @@ -219,8 +369,8 @@ tenant: # error: on # audit: off # keys: - # ## KES configured with fs (File System mode) doesnt work in Kubernetes environments and it's not recommended - # ## use a real KMS + # # KES configured with fs (File System mode) doesn't work in Kubernetes environments and is not recommended + # # use a real KMS # # fs: # # path: "./keys" # Path to directory. Keys will be stored as files. Not Recommended for Production. # vault: @@ -252,7 +402,7 @@ tenant: # imagePullPolicy: "IfNotPresent" # externalCertSecret: null # clientCertSecret: null - # ## Key name to be created on the KMS, default is "my-minio-key" + # # Key name to be created on the KMS, default is "my-minio-key" # keyName: "" # resources: { } # nodeSelector: { } @@ -269,7 +419,10 @@ tenant: # runAsGroup: 1000 # runAsNonRoot: true # fsGroup: 1000 - +### +# Configures `Ingress `__ for the Tenant S3 API and Console. +# +# Set the keys to conform to the Ingress controller and configuration of your choice. ingress: api: enabled: false @@ -289,12 +442,8 @@ ingress: host: minio-console.local path: / pathType: Prefix - -## Use an extraResources template section to include additional Kubernetes resources -## with the Helm deployment. -## Example: the following creates the config secret together with the tenant: -#secrets: -# existingSecret: custom-env-configuration +# Use an extraResources template section to include additional Kubernetes resources +# with the Helm deployment. #extraResources: # - | # apiVersion: v1