Erasure Code 計算器 
參考硬體 租戶 Helm 圖表
MinIO 發佈用於 Helm 圖表的Helm Operator 圖表和 Helm 租戶圖表。您可以使用這些圖表透過 Helm 部署 MinIO Operator 和受管理的租戶。
以下頁面記載了 MinIO 租戶的 values.yaml 圖表。如需 MinIO Operator 圖表的相關文件,請參閱 Operator Helm 圖表
MinIO 租戶圖表
- 租戶
- 名稱
租戶名稱
變更此設定以符合您偏好的 MinIO 租戶名稱。
- 映像檔
指定要用於部署的 Operator 容器映像檔。
image.tag例如,下列設定會將映像檔設定為quay.io/minio/operator存放庫和 v6.0.3 標籤。如果容器尚未存在,則會提取映像檔image: repository: quay.io/minio/minio tag: RELEASE.2024-08-17T01-24-54Z pullPolicy: IfNotPresent
圖表也支援指定基於摘要值的映像檔
image: repository: quay.io/minio/minio@sha256 digest: 28c80b379c75242c6fe793dfbf212f43c602140a0de5ebe3d9c2a3a7b9f9f983 pullPolicy: IfNotPresent
- imagePullSecret
用於從私有
image.repository提取映像檔的 Kubernetes 機密陣列。目前僅支援一個陣列元素。- 排程器
用於分派租戶 Pod 的 Kubernetes 排程器。
指定空字典
{}以使用預設排程器分派 Pod。- 組態
包含 MinIO 環境變數組態的 Kubernetes 機密名稱。機密預期會有一個名為 config.env 的金鑰,其中包含環境變數匯出。
- configSecret
用於動態建立機密的根金鑰,以便設定根 MinIO 使用者。指定
name,然後指定環境變數清單。重要
請勿在生產環境中使用此設定。此欄位僅供快速開發或測試使用。
例如
name: myminio-env-configuration accessKey: minio secretKey: minio123
- 集區
- 伺服器
此集區中 MinIO 租戶 Pod/伺服器的數量。對於獨立模式,請提供 1。對於分散式模式,請提供 4 個或更多。請注意,Operator 不支援從獨立模式升級到分散式模式。
- 名稱
集區的自訂名稱
- volumesPerServer
每個 MinIO 租戶 Pod/伺服器附加的磁碟區數量。
- 大小
每個 MinIO 租戶 Pod 要求的每個磁碟區容量。
- storageAnnotations
指定要與 PVC 關聯的 storageAnnotations。
- 註釋
指定要與租戶 Pod 關聯的 annotations。
- 標籤
指定要與租戶 Pod 關聯的 labels。
- 容忍度
要與租戶 Pod 關聯的 容忍度標籤陣列。
這些設定決定 Pod 在工作節點上的分佈。
- nodeSelector
要套用至租戶 Pod 的任何 節點選取器。
Kubernetes 排程器會使用這些選取器來判斷可以將租戶 Pod 部署到哪些工作節點上。
如果沒有工作節點符合指定的選取器,租戶部署將會失敗。
- 親和性
要套用至租戶 Pod 的親和性或反親和性設定。
這些設定決定 Pod 在工作節點上的分佈,並且可以協助防止或允許將 Pod 配置在相同的工作節點上。
- 資源
與租戶 Pod 相關聯的資源請求或限制。
這些設定可以控制每個 Pod 請求的最小和最大資源。如果沒有任何工作節點能滿足指定的請求,Operator 可能會部署失敗。
- securityContext
用於部署租戶資源的 Kubernetes SecurityContext。
您可能需要修改這些值,以符合叢集的安全性和存取設定。
我們建議停用遞迴權限變更,方法是將
fsGroupChangePolicy設定為OnRootMismatch,因為這些操作對於某些工作負載 (例如,具有許多小型檔案的大型磁碟區) 來說可能成本高昂。- containerSecurityContext
用於部署租戶容器的 Kubernetes SecurityContext。您可能需要修改這些值,以符合叢集的安全性和存取設定。
- topologySpreadConstraints
要與 Operator 控制台 Pod 關聯的 拓撲分散約束陣列。
這些設定決定 Pod 在工作節點上的分佈。
用於在此租戶中設定 MinIO 集區的頂層金鑰。
如需所有子欄位的詳細資訊,請參閱 Operator CRD:集區。
- mountPath
持久磁碟區掛載在租戶容器內的掛載路徑。
- subPath
MinIO 儲存資料的掛載路徑內的子路徑。
警告
一旦部署租戶,請將
mountPath和subPath值視為不可變的。如果您在部署後變更這些值,則新資料和先前存在的資料的路徑可能會不同。這會大幅增加操作複雜性,並可能導致無法預測的資料狀態。- metrics
在指定的埠配置與 Prometheus 相容的抓取端點。
- certificate
- externalCaCertSecret
指定 Kubernetes TLS 機密陣列,其中每個條目都對應於 TLS 私密金鑰和公開憑證對的機密。
MinIO 使用此來驗證來自使用這些 CA 的用戶端的 TLS 連線。如果您省略此項,且用戶端使用由外部 CA 鑄造的 TLS 憑證,則這些連線可能會因憑證驗證而失敗並發出警告。請參閱 Operator CRD: TenantSpec。
- externalCertSecret
指定 Kubernetes 機密陣列,其中每個條目都對應於包含 TLS 私密金鑰和公開憑證對的機密。
省略此項以僅使用 MinIO Operator 自動產生的憑證。
如果您省略此欄位且將
requestAutoCert設定為 false,則租戶會以不使用 TLS 的方式啟動。重要
如果 MinIO Operator 無法信任鑄造自訂憑證的憑證授權單位 (CA),則可能會輸出 TLS 連線錯誤。
您可以將 CA 傳遞給 Operator,以允許它信任該憑證。如需詳細資訊,請參閱自我簽署、內部和私有憑證。此步驟對於必須向 Operator 提供中繼憑證以協助建立完整信任鏈的全域信任 CA 也可能是必要的。
- requestAutoCert
啟用自動 Kubernetes 基礎的憑證產生和簽署
- certConfig
僅當
requestAutoCert: true時才使用此欄位。使用此欄位為自動產生的憑證設定 CommonName。MinIO 預設使用 Pod 的內部 Kubernetes DNS 名稱。預設 DNS 名稱格式通常為*.minio.default.svc.cluster.local。
設定租戶的外部憑證設定。
- features
在 MinIO 租戶中啟用或停用 MinIO 功能。請參閱 Operator CRD: Features。
- buckets
描述在租戶佈建期間要建立的一個或多個儲存貯體的物件陣列。範例
- name: my-minio-bucket objectLock: false # optional region: us-east-1 # optional
- users
Kubernetes 機密陣列,Operator 會從中在租戶佈建期間產生 MinIO 使用者。
每個機密都應該指定
CONSOLE_ACCESS_KEY和CONSOLE_SECRET_KEY作為該使用者的存取金鑰和秘密金鑰。- podManagementPolicy
MinIO 租戶 Pod 的 PodManagement 原則。可以是「OrderedReady」或「Parallel」。
- readiness
用於監控租戶容器是否就緒的 就緒探測。如果探測失敗,則會將租戶 Pod 從服務端點中移除。
- startup
用於監控容器啟動的啟動探測。如果探測失敗,則會重新啟動租戶 Pod。請參閱
- lifecycle
容器的生命週期掛鉤。
- exposeServices
指示 Operator 將 MinIO S3 API 和 Console 服務部署為 LoadBalancer 物件。
如果 Kubernetes 叢集已設定 LoadBalancer,則可以嘗試自動將流量路由到這些服務。
指定
minio: true以公開 MinIO S3 API。指定
console: true以公開 Console。
這兩個欄位的預設值皆為
false。- serviceAccountName
與租戶相關聯的 Kubernetes 服務帳戶。
- prometheusOperator
指示 Operator 將租戶的度量抓取組態新增至由 Prometheus Operator 管理的現有 Kubernetes Prometheus 部署。
- logging
設定 MinIO 租戶的 Pod 記錄組態。
為 JSON 格式的記錄指定
json。為匿名記錄指定
anonymous。指定
quiet以抑制記錄。
以下為 JSON 格式記錄的範例
$ k logs myminio-pool-0-0 -n default {"level":"INFO","errKind":"","time":"2022-04-07T21:49:33.740058549Z","message":"All MinIO sub-systems initialized successfully"}
- serviceMetadata
serviceMetadata 允許將其他標籤和註解傳遞給 Operator 建立的 MinIO 和 Console 特定服務。
- env
新增要在 MinIO 容器中設定的環境變數 (https://github.com/minio/minio/tree/master/docs/config)
- priorityClassName
PriorityClassName 表示 Pod 的優先順序,因此 Pod 相對於其他 Pod 的重要性。這僅適用於 MinIO Pod。如需詳細資訊,請參閱 Kubernetes 文件 https://kubernetes.dev.org.tw/docs/concepts/configuration/pod-priority-preemption/#priorityclass/
- additionalVolumes
Operator 可以掛載到租戶 Pod 的磁碟區陣列。
磁碟區必須存在且可供租戶 Pod 存取。
- additionalVolumeMounts
與每個租戶容器相關聯的磁碟區掛載點陣列。
按如下所示指定陣列中的每個項目
volumeMounts: - name: volumename mountPath: /path/to/mount
name欄位必須對應於additionalVolumes陣列中的項目。
- ingress
為租戶 S3 API 和 Console 設定Ingress。
設定金鑰以符合您選擇的 Ingress 控制器和組態。
# Root key for MinIO Tenant Chart
tenant:
###
# The Tenant name
#
# Change this to match your preferred MinIO Tenant name.
name: myminio
###
# Specify the Operator container image to use for the deployment.
# ``image.tag``
# For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v6.0.3 tag.
# The container pulls the image if not already present:
#
# .. code-block:: yaml
#
# image:
# repository: quay.io/minio/minio
# tag: RELEASE.2024-08-17T01-24-54Z
# pullPolicy: IfNotPresent
#
# The chart also supports specifying an image based on digest value:
#
# .. code-block:: yaml
#
# image:
# repository: quay.io/minio/minio@sha256
# digest: 28c80b379c75242c6fe793dfbf212f43c602140a0de5ebe3d9c2a3a7b9f9f983
# pullPolicy: IfNotPresent
#
#
image:
repository: quay.io/minio/minio
tag: RELEASE.2024-08-17T01-24-54Z
pullPolicy: IfNotPresent
###
#
# An array of Kubernetes secrets to use for pulling images from a private ``image.repository``.
# Only one array element is supported at this time.
imagePullSecret: { }
###
# The Kubernetes `Scheduler <https://kubernetes.dev.org.tw/docs/concepts/scheduling-eviction/kube-scheduler/>`__ to use for dispatching Tenant pods.
#
# Specify an empty dictionary ``{}`` to dispatch pods with the default scheduler.
scheduler: { }
###
# The Kubernetes secret name that contains MinIO environment variable configurations.
# The secret is expected to have a key named config.env containing environment variables exports.
configuration:
name: myminio-env-configuration
###
# Root key for dynamically creating a secret for use with configuring root MinIO User
# Specify the ``name`` and then a list of environment variables.
#
# .. important::
#
# Do not use this in production environments.
# This field is intended for use with rapid development or testing only.
#
# For example:
#
# .. code-block:: yaml
#
# name: myminio-env-configuration
# accessKey: minio
# secretKey: minio123
#
configSecret:
name: myminio-env-configuration
accessKey: minio
secretKey: minio123
###
# If this variable is set to true, then enable the usage of an existing Kubernetes secret to set environment variables for the Tenant.
# The existing Kubernetes secret name must be placed under .tenant.configuration.name e.g. existing-minio-env-configuration
# The secret must contain a key ``config.env``.
# The values should be a series of export statements to set environment variables for the Tenant.
# For example:
#
# .. code-block:: shell
#
# stringData:
# config.env: |-
# export MINIO_ROOT_USER=ROOTUSERNAME
# export MINIO_ROOT_PASSWORD=ROOTUSERPASSWORD
#
# existingSecret: false
###
# Top level key for configuring MinIO Pool(s) in this Tenant.
#
# See `Operator CRD: Pools <https://minio.dev.org.tw/docs/minio/kubernetes/upstream/reference/operator-crd.html#pool>`__ for more information on all subfields.
pools:
###
# The number of MinIO Tenant Pods / Servers in this pool.
# For standalone mode, supply 1. For distributed mode, supply 4 or more.
# Note that the operator does not support upgrading from standalone to distributed mode.
- servers: 4
###
# Custom name for the pool
name: pool-0
###
# The number of volumes attached per MinIO Tenant Pod / Server.
volumesPerServer: 4
###
# The capacity per volume requested per MinIO Tenant Pod.
size: 10Gi
###
# The `storageClass <https://kubernetes.dev.org.tw/docs/concepts/storage/storage-classes/>`__ to associate with volumes generated for this pool.
#
# If using Amazon Elastic Block Store (EBS) CSI driver
# Please make sure to set xfs for "csi.storage.k8s.io/fstype" parameter under StorageClass.parameters.
# Docs: https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/docs/parameters.md
# storageClassName: standard
###
# Specify `storageAnnotations <https://kubernetes.dev.org.tw/docs/concepts/overview/working-with-objects/annotations/>`__ to associate to PVCs.
storageAnnotations: { }
###
# Specify `annotations <https://kubernetes.dev.org.tw/docs/concepts/overview/working-with-objects/annotations/>`__ to associate to Tenant pods.
annotations: { }
###
# Specify `labels <https://kubernetes.dev.org.tw/docs/concepts/overview/working-with-objects/labels/>`__ to associate to Tenant pods.
labels: { }
###
#
# An array of `Toleration labels <https://kubernetes.dev.org.tw/docs/concepts/scheduling-eviction/taint-and-toleration/>`__ to associate to Tenant pods.
#
# These settings determine the distribution of pods across worker nodes.
tolerations: [ ]
###
# Any `Node Selectors <https://kubernetes.dev.org.tw/docs/concepts/scheduling-eviction/assign-pod-node/>`__ to apply to Tenant pods.
#
# The Kubernetes scheduler uses these selectors to determine which worker nodes onto which it can deploy Tenant pods.
#
# If no worker nodes match the specified selectors, the Tenant deployment will fail.
nodeSelector: { }
###
#
# The `affinity <https://kubernetes.dev.org.tw/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/>`__ or anti-affinity settings to apply to Tenant pods.
#
# These settings determine the distribution of pods across worker nodes and can help prevent or allow colocating pods onto the same worker nodes.
affinity: { }
###
#
# The `Requests or Limits <https://kubernetes.dev.org.tw/docs/concepts/configuration/manage-resources-containers/>`__ for resources to associate to Tenant pods.
#
# These settings can control the minimum and maximum resources requested for each pod.
# If no worker nodes can meet the specified requests, the Operator may fail to deploy.
resources: { }
###
# The Kubernetes `SecurityContext <https://kubernetes.dev.org.tw/docs/tasks/configure-pod-container/security-context/>`__ to use for deploying Tenant resources.
#
# You may need to modify these values to meet your cluster's security and access settings.
#
# We recommend disabling recursive permission changes by setting ``fsGroupChangePolicy`` to ``OnRootMismatch`` as those operations can be expensive for certain workloads (e.g. large volumes with many small files).
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch"
runAsNonRoot: true
###
# The Kubernetes `SecurityContext <https://kubernetes.dev.org.tw/docs/tasks/configure-pod-container/security-context/>`__ to use for deploying Tenant containers.
# You may need to modify these values to meet your cluster's security and access settings.
containerSecurityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
###
#
# An array of `Topology Spread Constraints <https://kubernetes.dev.org.tw/docs/concepts/scheduling-eviction/topology-spread-constraints/>`__ to associate to Operator Console pods.
#
# These settings determine the distribution of pods across worker nodes.
topologySpreadConstraints: [ ]
###
#
# The name of a custom `Container Runtime <https://kubernetes.dev.org.tw/docs/concepts/containers/runtime-class/>`__ to use for the Operator Console pods.
# runtimeClassName: ""
###
# The mount path where Persistent Volumes are mounted inside Tenant container(s).
mountPath: /export
###
# The Sub path inside Mount path where MinIO stores data.
#
# .. warning::
#
# Treat the ``mountPath`` and ``subPath`` values as immutable once you deploy the Tenant.
# If you change these values post-deployment, then you may have different paths for new and pre-existing data.
# This can vastly increase operational complexity and may result in unpredictable data states.
subPath: /data
###
# Configures a Prometheus-compatible scraping endpoint at the specified port.
metrics:
enabled: false
port: 9000
protocol: http
###
# Configures external certificate settings for the Tenant.
certificate:
###
# Specify an array of Kubernetes TLS secrets, where each entry corresponds to a secret the TLS private key and public certificate pair.
#
# This is used by MinIO to verify TLS connections from clients using those CAs
# If you omit this and have clients using TLS certificates minted by an external CA, those connections may fail with warnings around certificate verification.
# See `Operator CRD: TenantSpec <https://minio.dev.org.tw/docs/minio/kubernetes/upstream/reference/operator-crd.html#tenantspec>`__.
externalCaCertSecret: [ ]
###
# Specify an array of Kubernetes secrets, where each entry corresponds to a secret contains the TLS private key and public certificate pair.
#
# Omit this to use only the MinIO Operator autogenerated certificates.
#
# If you omit this field *and* set ``requestAutoCert`` to false, the Tenant starts without TLS.
#
# See `Operator CRD: TenantSpec <https://minio.dev.org.tw/docs/minio/kubernetes/upstream/reference/operator-crd.html#tenantspec>`__.
#
# .. important::
#
# The MinIO Operator may output TLS connectivity errors if it cannot trust the Certificate Authority (CA) which minted the custom certificates.
#
# You can pass the CA to the Operator to allow it to trust that cert.
# See `Self-Signed, Internal, and Private Certificates <https://minio.dev.org.tw/docs/minio/kubernetes/upstream/operations/network-encryption.html#self-signed-internal-and-private-certificates>`__ for more information.
# This step may also be necessary for globally trusted CAs where you must provide intermediate certificates to the Operator to help build the full chain of trust.
externalCertSecret: [ ]
###
# Enable automatic Kubernetes based `certificate generation and signing <https://kubernetes.dev.org.tw/docs/tasks/tls/managing-tls-in-a-cluster>`__
requestAutoCert: true
###
# The minimum number of days to expiry before an alert for an expiring certificate is fired.
# In the below example, if a given certificate will expire in 7 days then expiration events will only be triggered 1 day before expiry
# certExpiryAlertThreshold: 1
###
# This field is used only when ``requestAutoCert: true``.
# Use this field to set CommonName for the auto-generated certificate.
# MinIO defaults to using the internal Kubernetes DNS name for the pod
# The default DNS name format is typically ``*.minio.default.svc.cluster.local``.
#
# See `Operator CRD: CertificateConfig <https://minio.dev.org.tw/docs/minio/kubernetes/upstream/reference/operator-crd.html#certificateconfig>`__
certConfig: { }
###
# MinIO features to enable or disable in the MinIO Tenant
# See `Operator CRD: Features <https://minio.dev.org.tw/docs/minio/kubernetes/upstream/reference/operator-crd.html#features>`__.
features:
bucketDNS: false
domains: { }
enableSFTP: false
###
# Array of objects describing one or more buckets to create during tenant provisioning.
# Example:
#
# .. code-block:: yaml
#
# - name: my-minio-bucket
# objectLock: false # optional
# region: us-east-1 # optional
buckets: [ ]
###
# Array of Kubernetes secrets from which the Operator generates MinIO users during tenant provisioning.
#
# Each secret should specify the ``CONSOLE_ACCESS_KEY`` and ``CONSOLE_SECRET_KEY`` as the access key and secret key for that user.
users: [ ]
###
# The `PodManagement <https://kubernetes.dev.org.tw/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy>`__ policy for MinIO Tenant Pods.
# Can be "OrderedReady" or "Parallel"
podManagementPolicy: Parallel
# The `Liveness Probe <https://kubernetes.dev.org.tw/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes>`__ for monitoring Tenant pod liveness.
# Tenant pods will be restarted if the probe fails.
liveness: { }
###
# `Readiness Probe <https://kubernetes.dev.org.tw/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/>`__ for monitoring Tenant container readiness.
# Tenant pods will be removed from service endpoints if the probe fails.
readiness: { }
###
# `Startup Probe <https://kubernetes.dev.org.tw/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/>`__ for monitoring container startup.
# Tenant pods will be restarted if the probe fails.
# Refer
startup: { }
###
# The `Lifecycle hooks <https://kubernetes.dev.org.tw/docs/concepts/containers/container-lifecycle-hooks/>`__ for container.
lifecycle: { }
###
# Directs the Operator to deploy the MinIO S3 API and Console services as LoadBalancer objects.
#
# If the Kubernetes cluster has a configured LoadBalancer, it can attempt to route traffic to those services automatically.
#
# - Specify ``minio: true`` to expose the MinIO S3 API.
# - Specify ``console: true`` to expose the Console.
#
# Both fields default to ``false``.
exposeServices: { }
###
# The `Kubernetes Service Account <https://kubernetes.dev.org.tw/docs/tasks/configure-pod-container/configure-service-account/>`__ associated with the Tenant.
serviceAccountName: ""
###
# Directs the Operator to add the Tenant's metric scrape configuration to an existing Kubernetes Prometheus deployment managed by the Prometheus Operator.
prometheusOperator: false
###
# Configure pod logging configuration for the MinIO Tenant.
#
# - Specify ``json`` for JSON-formatted logs.
# - Specify ``anonymous`` for anonymized logs.
# - Specify ``quiet`` to supress logging.
#
# An example of JSON-formatted logs is as follows:
#
# .. code-block:: shell
#
# $ k logs myminio-pool-0-0 -n default
# {"level":"INFO","errKind":"","time":"2022-04-07T21:49:33.740058549Z","message":"All MinIO sub-systems initialized successfully"}
logging: { }
###
# serviceMetadata allows passing additional labels and annotations to MinIO and Console specific
# services created by the operator.
serviceMetadata: { }
###
# Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config)
env: [ ]
###
# PriorityClassName indicates the Pod priority and hence importance of a Pod relative to other Pods.
# This is applied to MinIO pods only.
# Refer Kubernetes documentation for details https://kubernetes.dev.org.tw/docs/concepts/configuration/pod-priority-preemption/#priorityclass/
priorityClassName: ""
###
# An array of `Volumes <https://kubernetes.dev.org.tw/docs/concepts/storage/volumes/>`__ which the Operator can mount to Tenant pods.
#
# The volumes must exist *and* be accessible to the Tenant pods.
additionalVolumes: [ ]
###
# An array of volume mount points associated to each Tenant container.
#
# Specify each item in the array as follows:
#
# .. code-block:: yaml
#
# volumeMounts:
# - name: volumename
# mountPath: /path/to/mount
#
# The ``name`` field must correspond to an entry in the ``additionalVolumes`` array.
additionalVolumeMounts: [ ]
# Define configuration for KES (stateless and distributed key-management system)
# Refer https://github.com/minio/kes
#kes:
# ## Image field:
# # Image from tag (original behavior), for example:
# # image:
# # repository: quay.io/minio/kes
# # tag: 2024-08-16T14-39-28Z
# # Image from digest (added after original behavior), for example:
# # image:
# # repository: quay.io/minio/kes@sha256
# # digest: fb15af611149892f357a8a99d1bcd8bf5dae713bd64c15e6eb27fbdb88fc208b
# image:
# repository: quay.io/minio/kes
# tag: 2024-08-16T14-39-28Z
# pullPolicy: IfNotPresent
# env: [ ]
# replicas: 2
# configuration: |-
# address: :7373
# tls:
# key: /tmp/kes/server.key # Path to the TLS private key
# cert: /tmp/kes/server.crt # Path to the TLS certificate
# proxy:
# identities: []
# header:
# cert: X-Tls-Client-Cert
# admin:
# identity: ${MINIO_KES_IDENTITY}
# cache:
# expiry:
# any: 5m0s
# unused: 20s
# log:
# error: on
# audit: off
# keystore:
# # KES configured with fs (File System mode) doesn't work in Kubernetes environments and is not recommended
# # use a real KMS
# # fs:
# # path: "./keys" # Path to directory. Keys will be stored as files. Not Recommended for Production.
# vault:
# endpoint: "http://vault.default.svc.cluster.local:8200" # The Vault endpoint
# namespace: "" # An optional Vault namespace. See: https://www.vaultproject.io/docs/enterprise/namespaces/index.html
# prefix: "my-minio" # An optional K/V prefix. The server will store keys under this prefix.
# approle: # AppRole credentials. See: https://www.vaultproject.io/docs/auth/approle.html
# id: "<YOUR APPROLE ID HERE>" # Your AppRole Role ID
# secret: "<YOUR APPROLE SECRET ID HERE>" # Your AppRole Secret ID
# retry: 15s # Duration until the server tries to re-authenticate after connection loss.
# tls: # The Vault client TLS configuration for mTLS authentication and certificate verification
# key: "" # Path to the TLS client private key for mTLS authentication to Vault
# cert: "" # Path to the TLS client certificate for mTLS authentication to Vault
# ca: "" # Path to one or multiple PEM root CA certificates
# status: # Vault status configuration. The server will periodically reach out to Vault to check its status.
# ping: 10s # Duration until the server checks Vault's status again.
# # aws:
# # # The AWS SecretsManager key store. The server will store
# # # secret keys at the AWS SecretsManager encrypted with
# # # AWS-KMS. See: https://aws.amazon.com/secrets-manager
# # secretsmanager:
# # endpoint: "" # The AWS SecretsManager endpoint - e.g.: secretsmanager.us-east-2.amazonaws.com
# # region: "" # The AWS region of the SecretsManager - e.g.: us-east-2
# # kmskey: "" # The AWS-KMS key ID used to en/decrypt secrets at the SecretsManager. By default (if not set) the default AWS-KMS key will be used.
# # credentials: # The AWS credentials for accessing secrets at the AWS SecretsManager.
# # accesskey: "" # Your AWS Access Key
# # secretkey: "" # Your AWS Secret Key
# # token: "" # Your AWS session token (usually optional)
# imagePullPolicy: "IfNotPresent"
# externalCertSecret: null
# clientCertSecret: null
# # Key name to be created on the KMS, default is "my-minio-key"
# keyName: ""
# resources: { }
# nodeSelector: { }
# affinity:
# nodeAffinity: { }
# podAffinity: { }
# podAntiAffinity: { }
# tolerations: [ ]
# annotations: { }
# labels: { }
# serviceAccountName: ""
# securityContext:
# runAsUser: 1000
# runAsGroup: 1000
# runAsNonRoot: true
# fsGroup: 1000
# containerSecurityContext:
# runAsUser: 1000
# runAsGroup: 1000
# runAsNonRoot: true
# allowPrivilegeEscalation: false
# capabilities:
# drop:
# - ALL
# seccompProfile:
# type: RuntimeDefault
###
# Configures `Ingress <https://kubernetes.dev.org.tw/docs/concepts/services-networking/ingress/>`__ for the Tenant S3 API and Console.
#
# Set the keys to conform to the Ingress controller and configuration of your choice.
ingress:
api:
enabled: false
ingressClassName: ""
labels: { }
annotations: { }
tls: [ ]
host: minio.local
path: /
pathType: Prefix
console:
enabled: false
ingressClassName: ""
labels: { }
annotations: { }
tls: [ ]
host: minio-console.local
path: /
pathType: Prefix
# Use an extraResources template section to include additional Kubernetes resources
# with the Helm deployment.
#extraResources:
# - |
# apiVersion: v1
# kind: Secret
# type: Opaque
# metadata:
# name: {{ dig "tenant" "configSecret" "name" "" (.Values | merge (dict)) }}
# stringData:
# config.env: |-
# export MINIO_ROOT_USER='minio'
# export MINIO_ROOT_PASSWORD='minio123'
本作品採用 創用 CC 姓名標示 4.0 國際授權條款 授權。2020 年至今,MinIO, Inc. 