global:
  security:
    allowInsecureImages: true

mode: standalone

image:
  registry: public.ecr.aws
  repository: bitnami/minio
  tag: 2025.4.22-debian-12-r0
 
persistence:
  enabled: true
  storageClass: nfs-client
  size: 300Gi

accessKey:
  password: "minioadmin"
secretKey:
  password: "minioadmin"

defaultBuckets: "mybucket"

service:
  type: ClusterIP

ingress:
  enabled: true
  hostname: minio.dvirlabs.com
  ingressClassName: traefik
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
  tls: true

auth:
  existingSecret: ""
  rootUser: minioadmin
  rootPassword: minioadmin

  # openid:
  #   enabled: true
  #   configUrl: https://keycloak.dvirlabs.com/realms/lab/.well-known/openid-configuration
  #   clientId: minio
  #   clientSecret: "xODiTgMmbW9ijiC4bMcRzaf2BXdKqH3P"
  #   redirectUri: https://minio.dvirlabs.com/oauth_callback
  #   claimName: groups
  #   scopes: openid,email,profile
  #   displayName: MinIO-OIDC
  #   userClaim: ""

extraEnvVars:
  - name: MINIO_IDENTITY_OPENID_CONFIG_URL
    value: https://keycloak.dvirlabs.com/realms/lab/.well-known/openid-configuration
  - name: MINIO_IDENTITY_OPENID_CLIENT_ID
    value: minio
  - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET
    value: xODiTgMmbW9ijiC4bMcRzaf2BXdKqH3P
  - name: MINIO_IDENTITY_OPENID_REDIRECT_URI
    value: https://minio.dvirlabs.com/oauth_callback
  - name: MINIO_IDENTITY_OPENID_CLAIM_NAME
    value: groups
  - name: MINIO_IDENTITY_OPENID_SCOPES
    value: openid,email,profile
  - name: MINIO_IDENTITY_OPENID_DISPLAY_NAME
    value: MinIO-OIDC

# Enable when i deploy prometheus and want to use the minio metrics
# metrics:
#   enabled: true
#   serviceMonitor:
#     enabled: true
#     namespace: monitoring
#     interval: 30s
#     path: /minio/v2/metrics/cluster
#     port: api