---
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# --  not using ingress nginx
# ------------------------------------------
istio:
  enabled: true
  istio:
    - name: minio-http
      gateway: badhouseplants-net
      kind: http
      hostname: min.e.badhouseplants.net
      service: minio-console
      port: 9001
    - name: s3-http
      gateway: badhouseplants-net
      kind: http
      hostname: s3.e.badhouseplants.net
      service: minio
      port: 9000
image:
  repository: quay.io/minio/minio
  tag: RELEASE.2024-01-11T07-46-16Z-cpuv1
  pullPolicy: IfNotPresent

mcImage:
  repository: quay.io/minio/mc
  tag: RELEASE.2024-01-11T05-49-32Z-cpuv1
  pullPolicy: IfNotPresent

rootUser: 'overlord'
replicas: 1
mode: standalone
environment:
  MINIO_SERVER_URL: "https://s3.e.badhouseplants.net:443"
tls:
  enabled: false
  certSecret: ''
  publicCrt: public.crt
  privateKey: private.key
persistence:
  enabled: true
  accessMode: ReadWriteOnce
  size: 30Gi
service:
  type: ClusterIP
  clusterIP: ~
  port: '9000'
consoleService:
  type: ClusterIP
  clusterIP: ~
  port: '9001'
resources:
  requests:
    memory: 0.7Gi
policies:
  - name: badhouseplants:owners
    statements:
      - resources:
          - 'arn:aws:s3:::*'
        actions:
          - "s3:*"
      - resources: []
        actions:
          - "admin:*"
      - resources: []
        actions:
          - "kms:*"
  - name: badhouseplants
    statements:
      - resources:
          - 'arn:aws:s3:::badhouseplants-net'
        actions:
          - "s3:*"
      - resources:
          - 'arn:aws:s3:::badhouseplants-net/*'
        actions:
          - "s3:*"
  - name: backup
    statements:
    - resources:
        - 'arn:aws:s3:::longhorn/*'
        - 'arn:aws:s3:::longhorn'
        - 'arn:aws:s3:::restic/*'
        - 'arn:aws:s3:::restic'
        - 'arn:aws:s3:::etcd/*'
        - 'arn:aws:s3:::etcd'
      actions:
        - "s3:DeleteObject"
        - "s3:GetObject"
        - "s3:ListBucket"
        - "s3:PutObject"
buckets:
  - name: longhorn
    policy: none
    purge: false
    versioning: false
  - name: velero-test
    policy: none
    purge: false
    versioning: false
  - name: restic
    policy: none
    purge: false
    versioning: false
  - name: etcd
    policy: none
    versioning: false
    purge: false
metrics:
  serviceMonitor:
    enabled: false
    public: true
    additionalLabels: {}