to add trust for Minio's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt ``` If TLS is not enabled, you would need only the third party CA: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt ``` The name of the generated secret can then be passed to Helm using a values file or...

to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt ``` If TLS is not enabled, you would need only the third party CA: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt ``` The name of the generated secret can then be passed to Helm using a values file or...

# Adapted from istio-discovery/templates/mutatingwebhook.yaml
# Removed paths for legacy and default selectors since a revision tag
# is inherently created from a specific revision
{{/* Copy just what we need to avoid expensive deepCopy */}}
{{- $whv := dict
 "revision" .Values.revision
  "injectionURL" .Values.istiodRemote.injectionURL
  "namespace" .Release.Namespace }}
{{- define "core" }}
- name: {{.Prefix}}sidecar-injector.istio.io
  clientConfig:

        run: |
          GO_VERSION=$(go version | cut -d ' ' -f 3 | sed 's/go//')
          echo Detected go version $GO_VERSION
          cat > Dockerfile.fips.test <<EOF
          FROM golang:${GO_VERSION}
          COPY . /minio
          WORKDIR /minio
          ENV GOEXPERIMENT=boringcrypto
          RUN make
          EOF

      - name: Build
        uses: docker/build-push-action@v3

kind: WorkloadGroup
metadata:
  name: foo
  namespace: bar
spec:
  metadata:
    annotations:
      proxy.istio.io/config: |-
        proxyMetadata:
          # this should override the value from the global meshconfig
          PROXY_CONFIG_ANNOT_VALUE: bar
    labels: {}
  template:
    ports: {}
    serviceAccount: vm-serviceaccount
  probe:
    httpGet:

to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt ``` If TLS is not enabled, you would need only the third party CA: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt ``` The name of the generated secret can then be passed to Helm using a values file or...

to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt ``` If TLS is not enabled, you would need only the third party CA: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt ``` The name of the generated secret can then be passed to Helm using a values file or...

  {{ $prom := include "default-prometheus" . | eq "true" }}
  {{ $sdMetrics := include "default-sd-metrics" . | eq "true" }}
  {{ $sdLogs := include "default-sd-logs" . | eq "true" }}
  {{- if or $prom $sdMetrics $sdLogs }}
    defaultProviders:
    {{- if or $prom $sdMetrics }}
      metrics:
      {{ if $prom }}- prometheus{{ end }}

to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt ``` If TLS is not enabled, you would need only the third party CA: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt ``` The name of the generated secret can then be passed to Helm using a values file or...

to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt ``` If TLS is not enabled, you would need only the third party CA: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt ``` The name of the generated secret can then be passed to Helm using a values file or...