users indicates that they really appreciate Guava's high power-to-weight ratio. It's
        important to us to keep Guava as easy to use and understand as we can. That means boiling
        features down to compact but powerful abstractions, and controlling feature bloat carefully.


        Guava's main yardstick for evaluating proposed features can be summed up as [utility times

- apiGroups: ["networking.istio.io"]
  verbs: ["create"]
  resources: ["gateways"]

# For storing CA secret
- apiGroups: [""]
  resources: ["secrets"]
  # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config
  verbs: ["create", "get", "watch", "list", "update", "delete"]

# For status controller, so it can delete the distribution report configmap
- apiGroups: [""]

        users indicates that they really appreciate Guava's high power-to-weight ratio. It's
        important to us to keep Guava as easy to use and understand as we can. That means boiling
        features down to compact but powerful abstractions, and controlling feature bloat carefully.

  - type: textarea
    attributes:
      label: API(s)
      description: Which existing classes or methods do you want to improve?

          command:
          - pilot-agent
          - wait
  {{- else if $nativeSidecar }}
    {{- /* preStop is called when the pod starts shutdown. Initialize drain. We will get SIGTERM once applications are torn down. */}}
    lifecycle:
      preStop:
        exec:
          command:
          - pilot-agent
          - request

          command:
          - pilot-agent
          - wait
  {{- else if $nativeSidecar }}
    {{- /* preStop is called when the pod starts shutdown. Initialize drain. We will get SIGTERM once applications are torn down. */}}
    lifecycle:
      preStop:
        exec:
          command:
          - pilot-agent
          - request

- apiGroups: ["networking.istio.io"]
  verbs: ["create"]
  resources: ["gateways"]

# For storing CA secret
- apiGroups: [""]
  resources: ["secrets"]
  # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config
  verbs: ["create", "get", "watch", "list", "update", "delete"]

# For status controller, so it can delete the distribution report configmap
- apiGroups: [""]

        run: |
          export JOB_NAME=${{ steps.vars.outputs.sha_short }}
          for mode in $(echo compress-encrypt pools erasure); do
             docker-compose -f ${GITHUB_WORKSPACE}/.github/workflows/mint/minio-${mode}.yaml down || true
             docker-compose -f ${GITHUB_WORKSPACE}/.github/workflows/mint/minio-${mode}.yaml rm || true
          done

providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true` and you're installing certificates for third party CAs, remember to include Minio's own certificate with key `public.crt`, if it also needs to be trusted. For instance, given that TLS is enabled and you need to add trust for Minio's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret generic minio-trusted-certs...

providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true` and you're installing certificates for third party CAs, remember to include Minio's own certificate with key `public.crt`, if it also needs to be trusted. For instance, given that TLS is enabled and you need to add trust for Minio's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret generic minio-trusted-certs...

providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true` and you're installing certificates for third party CAs, remember to include Minio's own certificate with key `public.crt`, if it also needs to be trusted. For instance, given that TLS is enabled and you need to add trust for Minio's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret generic minio-trusted-certs...