From 00aa9841b73653abf5634a956c6f6cbf86f5bfe6 Mon Sep 17 00:00:00 2001
From: Nitish Tiwari <nitish@minio.io>
Date: Sat, 21 Aug 2021 04:00:54 +0530
Subject: [PATCH] Add MinIO server helm chart (#12509)

---
 helm-reindex.sh                               |   5 +
 helm-releases/minio-1.0.0.tgz                 | Bin 0 -> 13850 bytes
 helm/minio/.helmignore                        |  23 ++
 helm/minio/Chart.yaml                         |  16 +
 helm/minio/README.md                          | 212 ++++++++++++
 helm/minio/templates/NOTES.txt                |  52 +++
 .../minio/templates/_helper_create_bucket.txt | 108 ++++++
 helm/minio/templates/_helper_create_user.txt  |  83 +++++
 helm/minio/templates/_helpers.tpl             | 171 ++++++++++
 helm/minio/templates/configmap.yaml           |  14 +
 helm/minio/templates/console-ingress.yaml     |  45 +++
 helm/minio/templates/console-service.yaml     |  47 +++
 helm/minio/templates/deployment.yaml          | 125 +++++++
 helm/minio/templates/ingress.yaml             |  45 +++
 helm/minio/templates/networkpolicy.yaml       |  25 ++
 helm/minio/templates/poddisruptionbudget.yaml |  13 +
 .../post-install-create-bucket-job.yaml       |  86 +++++
 .../post-install-create-user-job.yaml         |  86 +++++
 helm/minio/templates/pvc.yaml                 |  30 ++
 helm/minio/templates/secrets.yaml             |  15 +
 .../templates/securitycontextconstraints.yaml |  45 +++
 helm/minio/templates/service.yaml             |  47 +++
 helm/minio/templates/statefulset.yaml         | 182 ++++++++++
 helm/minio/values.yaml                        | 312 ++++++++++++++++++
 24 files changed, 1787 insertions(+)
 create mode 100755 helm-reindex.sh
 create mode 100644 helm-releases/minio-1.0.0.tgz
 create mode 100644 helm/minio/.helmignore
 create mode 100644 helm/minio/Chart.yaml
 create mode 100644 helm/minio/README.md
 create mode 100644 helm/minio/templates/NOTES.txt
 create mode 100644 helm/minio/templates/_helper_create_bucket.txt
 create mode 100644 helm/minio/templates/_helper_create_user.txt
 create mode 100644 helm/minio/templates/_helpers.tpl
 create mode 100644 helm/minio/templates/configmap.yaml
 create mode 100644 helm/minio/templates/console-ingress.yaml
 create mode 100644 helm/minio/templates/console-service.yaml
 create mode 100644 helm/minio/templates/deployment.yaml
 create mode 100644 helm/minio/templates/ingress.yaml
 create mode 100644 helm/minio/templates/networkpolicy.yaml
 create mode 100644 helm/minio/templates/poddisruptionbudget.yaml
 create mode 100644 helm/minio/templates/post-install-create-bucket-job.yaml
 create mode 100644 helm/minio/templates/post-install-create-user-job.yaml
 create mode 100644 helm/minio/templates/pvc.yaml
 create mode 100644 helm/minio/templates/secrets.yaml
 create mode 100644 helm/minio/templates/securitycontextconstraints.yaml
 create mode 100644 helm/minio/templates/service.yaml
 create mode 100644 helm/minio/templates/statefulset.yaml
 create mode 100644 helm/minio/values.yaml

diff --git a/helm-reindex.sh b/helm-reindex.sh
new file mode 100755
index 000000000..424533665
--- /dev/null
+++ b/helm-reindex.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+helm package helm/minio -d helm-releases/
+
+helm repo index --merge index.yaml --url https://charts.min.io .
diff --git a/helm-releases/minio-1.0.0.tgz b/helm-releases/minio-1.0.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..f88132a6b273bf9eb8a9bcca31f55fd74fd780d4
GIT binary patch
literal 13850
zcmV+#Hs#45iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKB#ciT3y=>E-5F)Mqwaj!^8wv%kN>)z+uZtL5`(XpNO>`VJ%
zh=e4pDS{<HJ8F{q+26qcAi*D!<-~E*U32#|76}Xnz+ir1FqpH1@!r9VWHMNgdHknO
z@bvrr{*&EZ{I}ol*Z=K5e*E}PgWbWP-|r80b|3$#KiJ-W`s7d0{}jm7pIk_i{i*-a
zZPh#X2YE=!ex#XTJQ>2(z$0l|{5(B+cC>$X6m0jm2Y&x={^05PcHe)z<M;pef4zu`
zFk`92lHarG3`R7Y@N7<!kappRd`z>1N-E%lNOncx#rR(|lyD|_MyAx8@i`sBOv+RY
zd%ZbJ0>(WSDrnW0y^IQ;XCW0mHlOxlKIOgV$0x@xUSIPpnv?7@NRz2|Nf+w37<xVk
z(}oWm8}-W<XFJ}UutXA;&<qRHIbrb-B6{_Ia4jf201~3md(M*M7hO0`LQlWI5}v_F
z)wZ}!nVjY0AmsC&UQxQ_l^x4L&=30F?>*TqkH+?j#5on8iUF)%|J&O;yHD!t|MAYl
z`oEWFV*^GRzhV&uf>aMIfixx|1wPUA4ilci1xeH41;k`bW8rOV;DUH@MYD`WbO@b}
z=QTk|4k8~5$z(1mf{`-{lRS>`yHHIO%Uc0epIQM6D&ex^DPf!oNi&GJTFr1hqZu{G
zG67khBrKUKfTrLfmK)l7LCixEBj7VCA)*tK#}e3_OlepDb55pRAW5Wujq*4i@tB2+
z0OmZRs+C;ONcE5<5etc=s&A@EtT6NdGMaM1B+nLxaTulmAj$Lw_6m>|O%CCBa>C^(
zqk<;V^9qd4XqZtchVbeaZv%Y8v^x0RSM_~?B|0C}(_+3Z=HUfAQh#auH#Q)Q8BJs{
z1Yt(i0FVOyI1ewW+zQlq%){dqBNDa`$5Vg%>3RQ&zx%`=e6@NwHa5)63z}Wg4Cki{
zET91hNs@@fJfXldh?tNW8|RWn3Nbh=e``(;8J(2kC*q+9tVqCLJqLo1U;JNl7G5e2
zBK>L3A|wEXz|d_Caomq0rlci_%_7pY6UKQ&;hM=AL^O^0Vy*_3X9{;oCwVNW^hi<n
z8CJy^uK^`V!X;5ZJ`D1HS-%y0Hq8|P1fCLs|LSocvxH;|kG_!^+0UkB^%2h`B>8+y
zGbAQG$Y(pSKRSl}Fr-3w2x5P9tjZ3d^Hsm!@2sf&O~$VU&EVigB6v(IP!2f0D<KUu
zq?c)=s8h&{NIKPYeOQc$@XEh+Nkyr0k<uZY@;GM6RKNBB=H$)Ggj^98lW|Ok(AV$I
z@@z_nFzEOHvb4c7Gw5ej3eWjbHkspJXQooUaXlmvq#5HGlMBTWB}=A?ZC2^FWRnHm
zhCB&rD)EmAo8}qLb1&tQZ{hiAM(G^&xt=0o`~Dy%LY!#E(&Qr<=kleXSr`8r5h0Wk
zhNOcN^8;NVYtej2{bB;9G@+`Kk>cA4BwVV_e99GR(ZoKum=>LSDJal4OsF9R%~wIr
zh(ujdiLN;2*Xr99$(WjaF;svzHsBqg@uWV0`@Dl7B9a9ExTK4(l~6TM)hDbs^jn{0
z@6{*Wp6w0P+G~Gbv{#v;dcEd*QxE4djzKLC#uFNqBLLSdj$urJO%tBcNOe*xk}zR0
zMINiipukMgLiws_lql(~ShW%jT~&|E8O?-ZTr`P*CqNU`W`xWuN5vuJSw=<5lSs{r
zpds?Ez_Zh+$Ge!}LzdA{!B^0fFw+E<@`)GHOo|bavmtbPRE9={$Jf1%rx%U-J`bxU
z=3&n;D<Wq`3mN?g*F29SH869YCyJIUEsl8P;fJEdH!06#N5Qdr4;EKL1W|$Z^^Aox
zD8#T8cVdRE;V+nEe2(LOJb{=_B&a35=mIO2Eb?sy1ZPT(<J-3o{HXQ+0xfv|-av`y
zge5dW5c6C})h(j5I={q>PY`0NDvFebY{E1(EC=mr4dIk?J40}yc|D&%l(8!+fJjNg
znbt4}Bs`*?{xYK33Ch?(rJ5ezkX!4n&;v7?#w;Xa2)mUE^i4{VsNgk5ITYS+JfT8C
zS7UJg>`bvd<h7+B@?<O&(>7!|gb9g-5)m64aA36|&GobhPBV5zBn>VNM@;i^%)%hd
zBrX=AU!q)9Y)6q&0H-eZYd0}_GNZINCkk`T5@jqL8L+YKYwgT0-x;;g15hOHtP?P3
z9ViJ}VyND0^naj>q1zQbLYW%32o7i_*#vcA(K2MU?zAxT8Nc==SJ>ql^$AK4^+Gdt
zP4B)MO<%@hgC#<eIQB!QSzj#xU(Q$-`6<cd!Vd{b$Zzr_iYd(VSh6&xAPvrLWnhWq
zpp->3algZqY;3?!N+{++Gqrf)3pPz^n06tfbBbi_sCqccUkKpWiCbDNM72D}dI*pj
z6&05AYdJ<q4N6Rx`~wF<#zMU{1m6WYV*)}HeP$+v<^l+|f`FQof)U7A1Z6{kXJ$eX
zkEpTiBWw#&nh7Q(O+sqMWn|w-_>sr?oWem&*u1I>wW~t8pqW+-dIenRUm+BsHJ`G%
z$_kfRt`<0P_2jqjJ-z1lmHf&{952)#WJ;qJB-Jn?qPos0{WWJ96>bNEdUG`{Jo@pV
zV8fb-qO#>NohW5RcczfeW1c6G>WGnxh=Cqs1h1uu63Q(o8+RR`8rVd~IMy5`@gMH1
zuZtSWewQ3Ney6Qcr_(j!En-6J7SSRha~49H@hc`6M@DX;<%z*So25pyZJ}|a8%pvx
z?n1&FjiG=7X8HoEd>6tQ=SWx%w6bNI1ptqx>9&&N`#+s^ja`{3!EWJv_rp<FeT2Wl
zi<Bm3l7yFA_)(Xz0~snrl<*n-sPG)KBnsf0MQNE!h&jL1e6wgrxV3{~92B~vAC(y{
zl=00b6Pl^Xs}%1VnY?h=m<N@CG0b1jd7<nBXcqh&W$h^?(N7tZ^hFXX!W8T`I)uml
z{&&nPr#T;^jAsHT0)@U-7nBMeX|YQzg(|*5No4g0)OXC^x`gTJxnebn_h3hm)Mq4#
zv|(jnrExxGiDA_dPri_lpyN4SfXGv&VIdlblA7vAF}tKN)iQq~wgNj@rVk|-dXsWN
z9R*GaA{L@|ODRJ*Ml{k~j^|QX{mnY59zEkE`i8_L36;L4Yol*O5v;DS<{bej_G}n-
zQU5^yaXcz3qZOtK704`7&0vrRtKLeZA_CJ4etpJhU}|<~ew0RWfsN81?B7H9Up-gP
z$t4AmXE;1_BEy;Ln)MYJLtiNruDuVa-D$&pXS?6;<G>#nW0k^jGR@Q=jfp6=>4=Bu
zkw9LIWWAmZY<uS?R9^G!k|om~(+yyUJ@cbgy^D?i<?VY<Sx6g*xS#Qu2Guq#5J+Pp
zCp?>bEwV#{XssB8dSND0mb_^#C}ZK15Z9`b6`hsPh_YXOoPFqEXI7V=#(Yd-Us+o$
z^jYdBC0D?1E3^Vzx(dVSZ(|Z((j*c!{8rU8Rs1yLl7~DVLg)MQ^U>Klb+2bk(wGV9
zYk#tzkz`7T&=2r`y}lwkT-QAhV8(^S83ypR7UR=5WS+*<_=Z6#Jm|?%4TEoVLd_g2
z6_hfn3prpnv<2M`TUnHX$MozjmzLxGsw}TTb9oI442~a2{ejd!DXDL4fU?!C&s$0C
zlt(~>GHVq3_D~aE?Z0$n6B41Iv3B<$!&a}(@D0z9)+CQ<=D4!SWWo|A7g}G}e(k~w
z?m7%4hZ(s-`!7c)tNKRY$S$x+;epah0BYA+o&XVO3MsI;b#YBIo~Ll~;{0e>z&g;N
zlpe#Acu|03lQ#W-57qx#-8OS1%aeVfeVYR%IL({y6b8ksN#(a^9Q(w$_HjPS<?5w8
z+OHcqmAwE}!E6MkJbG60iK^7LJA07PUvny?_Ho2)&g3mEwUE!#TvERb1wgMZEjHqz
zXhReFoX&BRY4Aj8ryCpaj0w~&6;NR`H)}tUiPEyn?x8ki6?iN<)T~zxuwn~c^ap64
zWfDQEH_D76D2%0U9Bit-u6<}N3RRpbT|J}lDx)M)l<-ddaji7#clcj?XZZ7eG-t`X
zh>>Z+g=C@l#h9B>1PQ%%APS&w(wLx8gnr1npQRXA?M*>Xh>v4j_m~GWIgfQanuO8R
zM}nUa7AuN<cDO%syaB)xSn%9#(v;gx#=>+3m$C3PP&QHZa6GhSuK+7e+&6kLI-Ja4
z;LH{~3B~Kd_6~kY&F-K(boE^<hpvn5O(#_4fA|=YRnz@HeC#=Y4^gOA7Di3Vc~D>L
znid;^wQbS1F5CLT1*njGo#-91-~QY4D&1>$>zb5r3R~vB0cbcI%S?a7Pj<&yzZw+9
zNA9vvcA(bSi|@KTyh?aN-$nd7i8+bh<thH7{YOR?6_cupmhkgzN)_!GK<L>JKw`C$
z7Ph9|lq>wQSW_WmVsaF<O?cKoO7YcqSj*y2R&c>pJHNdg-xfq%h{(r3j7-15rY)fs
zzy6@4`cfFCFkv*-PX8zZnq0Arqo&~OJY_VdS0q90w=~LW7Qp$83aUYr8&ryE8^e*;
zw+SAJE!8@1Me3bACJYCok>@mTM8PPgL@1dyF&ooLIAwH36Tz-1D7CDW_iEShm}GQL
zC5d|oK#BaG>)x*Xa2T<UcsqOf&B@XE>u1LYM<-`TL+CtXAx#8De=Z+O&HmAkU{MhH
zIHA%Y(Q$!&bNb?^v!l}?bogY_@jPP=n;?reivTt2qc>8?!q}nQ5swa;$a360{w9y6
zRDRg@v}#{50ntl&gqyntsPW7;+iAtKzD+;)90Tt@lgI2>(77_+sOTw)e-_9$@($a$
zA^!LA<K24v?{2@p`w;(kAJ5yjJ{mW_78^9iKNg@zu~WDtI?y>WUW5+3fA2j<tsx{y
z#R+=Fi1t1@TfY_{zJLGT`tQn^io=sL9WUs5KvADGPLQGZ_AOW%g^u1ew6TI62;lwu
zKs9(ukvRuSUlAz@srn$U!k`xSch0TbRrdnh#c#^0?V??Wx(<!`wPNsdqO5z*0~iFL
z_v>Nw;_&s!{_~@~%}0u-g)#=k_!Q>?ADsvqg=L6=A44b8ANJ~n;Qjj!_#FNvc%n@C
zz0TW!Njev=`o9E9fM5`XYUF)qOX0O0fW<;#=TCTcO|l3!Et>FEzu#XAG0!`tB!W55
zD3CGFrJhj(QB7FsY`xKRGf3HgU%SZlJnx@8M;c1_b#+QibOTRpGsW}_RYwB&7Rkq%
zCLw8x3U0`ggoai(C}H8w=R7pQi*_~-js9sJ{EU}nz+bgptwpsi*$g|<b7E*^|KQ;0
z?CkXqNB^u*i`i*zA@9-&qY1oD4VA!}_Z@hL-ti~9;QJ8`c|^Cs1NHx%0*kYwgVUq)
zPlJVx<!Qx44aRPu#+Ag3=)IvESG12a-kkmwoTal_4s-`Pn`MVP;QJ(HAa<^H6*i9%
zn^>%ihUe|asP{-3FS=;7DzeQ5)r@Lv;u4LruIcFP@CQ_5HC@}?8k#L7tB^=K<r$-*
zH+bqP)=ZN~t;n0Ww7bLf@!XjtK#i6M$0MbNqZ1OotL-_p6oT<$=v7GTDqNczk~H1B
zaXvingk!KZk#4-f@d)N*0g_x&AQ19Ajco*bu52dbqp?b1a2wY153BR~$D^<RW7*GI
zllXb?sE<K)H6uf8Z_Ucu3F)30+3(E4lnTct=r(<1yInCkt?PRW9wl5tdzp#}x~1SM
zZZL#1mV^{e+_IHuC3Lx?YKF@Yz1KG@m1cGA=}jH$P0;Sk%0frKh4!OaRnzVJ@2%vo
zc<T1w>luwxn!VO8!q?in^^x}AP4?fDCw2Sp>F(h1gZ+0O&&Hp7W0v&9%u}4qr|@^!
zfbVe=49|B0eZ!;;A*5G$gk%B)cLHc+ZKJ@mDvDjUZqPI;BnPh#UYvY;{N3xr<I}y4
z!~1F_JKpnyy-qI|86q}U>H|ykMl1NfF6~DwgUz=Upzk|+$;E=|2A4tURM^snUB~DA
zxjx>6o=5`WjE0xKh$&5d{2OA<Q?=T!36nOi)yQ`z9>}T~UKQ@6EqLnzoE?0Bq-@54
z2e5yBe)N2Fezw<#zr(ZR=f~%J+h5@X?4xqA(+48e(v$){w#EF|ZJ2ASSojwbGHNu4
zOS-`LFfBgzHXnsVf;sllvyylV{%+)KO93nYw&3rk(f`top3kTqDtpLCb3CH#M1`>4
z`%=g$6lgf(&^a(Ql4)Hb8p5U?jA5_0sa=vsCx@dK$0z4Q^LzB-^t^+3;7mV%zJGGK
z*HQES9yH3h4ULZC`9fo}7Emzq6^vxnjck^!;P12Z{qvV+dz=4_zw$(~7+%4qehquj
zhhIE^h@(rpn9K|MCe2{e{)Yd8!36>^L-KRyTfKJd+z!jaKX*(?Hc>4VF#M^6O{5U`
z<?m{u6XQn5)j2SgCd~YSL<`$EZ3Cq_@gxG4NSa-dSiqRdYf2NBxSE}>cR%6@El9%9
zVMf)D3wi-W00||#!Yyek^DKeBr&pI+I(l#7Nbl1;+BC-ly$v|Pg~i;hC9|E=h4I2{
z3L@)K9aTD*Vm}wC@?3Zg*k+M^^YY*aMcitU9XvnW+kB*HCKi@VdYifod=0&bUiFeZ
zj$!-jzYey_4s8Cn=>dvD-AsXe7dG`?kNP9erd0LjD8XIMT0hih)eWWnh)Y}~o(r=D
z>Cua4#|Qu1+uT-vzdZf!Xm4}J1Niai^z8V>$??f|dz+~J*}brG^e|LG&B|X*`&de=
zM+nIrUCn?cX^ye4Y6j?=G-e@_u@0)dP#VvLXX#K^+(VClg#g*4Wq$3@RtXik!N?4S
z8KEys(Jz9IDdzAS9mJ`{&&2Eu5f%$mQqO2M2R{SfpYSZC^~rT$t|VAMp;1Bfn;L=;
zaVqer8jflg#3f5p)fJq4ga3qi_#Yf|a}2~GY&OAzI2A~GjQ_meFdCMs0Jn{zMnVtF
zeB3e`MK_mp((Irb%E3;l-gxa>r{z{KQpume{|z=v5`|x&N-3`@UoACN$;6_Dq5pW^
zuG(a+uVsHtIivBnQUZ-zkib2oWmuf$BBlC#*=_L<x@s#TNG3OvoYQ2Ugfo&%X;jRK
znv#8~mqp51BD*f7nL}X?t!e_Z=;H^f1G)8yP7}()lj<hF83(<YR}`8wNKXm(FE%yX
z(yLhyhpC~6$9!#!2=dtTY*8o|uBw1h2@21edMRUJ?M0=<iEu{ebPr9^iWca6aJ9aw
zY6hFSn6*)DBQ|K_{d=!vIqQZn^scQ&MQSK@H_>i={M!tR{e?W-{BUO7IQ|?T;N9Dk
zH`sqlQhfAo;0^ZQ?%>IwZvPD)_W$nZd9eQ;?7s*5@4^22wDzB(y2AR)O)zc4{zJ25
zJ?oD|bCy^;X2OjrST<u;+sm_~)210%t6Y+fD!#r&h#3va?kGdhtewI*-15qz4U|Uv
zYK3k)=H5=ja?nWLWH&g&tNXCrW<Y>nV5y3|;EYLSH6gf7g=*7&c<I2p(RN77q(UY#
z+OZmpYUq>V&p+=$2Re1dT(`R)MUFOFsGUYJce+;XoTG~t-7~EzjP|f*n`U0==ZvUX
zu)u7N0^8ruSDDq3?{!rc-?k{SMQMlBmCP=pvaPyWW_GEowx3>ieRw|pS)%`oK&E$=
z3UIalKN#$6H{$=EJbB3fcQ4P|x4kdnip__}7bh&Ha*@)#xf+&mMu+fa57%$+OYaEN
zr6Ai#oC5)P>?`n0Io~7)up6p+Gu1D@;YpZ4C!EDdw_>B$$@>TIKxTOo!jm2Rlg-ca
z$%MUuj$Z;(48_+w%e^nXgL)3SNgl@w_%$c7&PPMi6!8wcpQwh8<)vyv^+D-HA;|>=
z!RM8DdmWpoL&}x1i$|F3K_4dI(RhI)Vd5Aub4N<Ut-w2;fQj(aKupxRO`M_gEy^NJ
z9rNiaRjSO9xO8C4ooc@f5VB)g&!bqBSz2JN0atR!{@6t1hkNVKse@-R4jM`|^s&IT
z^7hsUrWs4*1Ui2a{$E6=22Hnn8!B7&cZK?#X;n+bIs=Kx7HQ~2m%<o?rPGULI!im_
zj<x>Vr0s=wkWrn#v-4ja=)CTHz*;)h>aN0-q-n;}jNw`-as{KRWg;`Qz+cV)s_`2I
zhzi{bI=`aX0iUO8eRaOx8w9(4zYG5u1W*0G>Mu#jn8i#oDgw1M4V0qWm4Si|eIsci
z@Z`YNU`!<$)TpG{=>PlBw#qyL!R6mD2)5beQo>npsLK;|OUKzMvfd#7V-S4xLH#9Z
zYDaZ@)!Hjc-rYDjsVkQbgj;6qkr+JrqYZ^U8oq28isSHW55ey0A^48T4_$0`xnK^d
zq}iO6S-MtANjEmIMNU?81vaE)?Q>g~Z1Sy^__5pcMXMN!!ov_U9&7ob{unddfLhwY
zFg)ckt@f}cEjl6$JMd^Zs#_l*BSsldX{Ps!=R^WeZKl{INn@Y8$zqrErpO^%wpz7I
zivs35ItkvtSB59tW?`j>Jsk4zl4gJjis6(_nULASX6nRn(WT3)mW0_N-22k|p2l<7
z4h938ct{6MmMITR5+qE(h`9~z!A6@{3s_Rk=M?gkcD->f!2tgX>0>(>^h>{xO>@L#
z7X*iE3JEnSs^@7;v1N1W+D96W`ILo$w;v1MHNIp7l%xM!uw)wRW41;wj>&HepbBrD
zbBF16Nn$3y94lvu>GT?~>_cN9Rmnz%>lR8_Q5}lIxplgzX#f`1dN=?8M%nUzl6kzc
zZi5W(yS)n8e~SxLm`qvEF(+5Kdm&?iy9PRWl#>>5De22t{6H7t#}ZsCZ>@Q??35_b
zCflJ&yXOHo`B2@RA)A-AWeV8@c-Gq1qogE~W^zI3bha#v&5&sD!##&(_73)yhTXv7
z9fUC@iQ5+g-e03nMO*ETv1PM$cN6u|bEJO{oh%F|#TskP?WmU`0G?a331}|qqEV$t
zI%;d!^fi?fq)TfTsYx5vokXRdgnY`b4)@%{Ij!}SV5OOoe#^#dMRnU`IaD9sVhN+u
zS(}<y%>HI`%FPfb)Wul0wv-|^*Cm5?zp}fMes8DRALyz3fAzNNoTPVn8O%-hKRxaD
zYyRKIg9rcb{XDh%pDtMv4NVTG=Op#)QR888C(_O5jEdB8xLQe?wpOZC0PPcNEoeMp
zMM>jO9X5`3*#a|~F-fMi5+>Q6Dr7sv5+)gmF_GyzANR|QiS$TYs++;NK_>Wy2#WH%
zv;2rmXA1&&2P}z{s=cf6AyI^BmOiEl8->-<z{k#i%la2QroMF_+yxi7Vf}A!Kd#4r
zJ=xjqKdk@zc$#5bPF~1DDJq=)YN?+X$Nw6xk4+OBg_pSu_v+1@xyK%hI)?PDX1)Y9
zylp_$aXDBU`>0lP-C@X5G{-Za+xcDD>puc_Q)7sS9G487$;7DLC)T*Eah2-1&DHSS
zi-$DFb2Ck?)rLrEIBba^beoZ}0dH<zXnF*eRZvQ%lLWI;72lWorYed)gLm+2&Lu6s
zIM~`#1yvKM{H@EhYpDQP9@F(YP{B=~w;dLED)JZQPgNi-Y)y9sIek-)$vZl%yaXG=
zc(R1#TZ-y*vZ|=N#w+8cCbN8l$s5)g-G{i5dwiD3e|sYRKIH$?$2$%Azw>bZ_g)@c
zz!)&5WNk+=nNEwdw&o~uYMDyH)UwO9)vhp7>O-swzf1!92avx_F=kbrwWa0F)z=fJ
zk9Y=;98XaVU^B~CXA2(bYhPAW+1fI~xRJNqx_-F40ZftL+<<Zto>xx?v{tgBf+kVT
z$$nE`8@Y09FP6886}9f?R5qB}_?J#+S@mkA$|l6Eny*Mn+*q<cv{F?ytFrW<Suwpz
z^)5>n*~rfiMg;|7&W@XgwMY)P1&@}Mv}x!q^{A&zO}`vTTc$a5>X9UyQh5`M)U96-
z&GLn6lN%k6%tCcuxcgC?47#w%(iP@S1C+0|v~+ottWvW~M)TY7xs}|jmH*e}zY|7s
zXAZy{;y?RO``dN@-){fG|93CX+eT(Fyx+J}UY*;i3H&=%6I6-vDnJEWiL1@(c}n$Z
z%XwSutZmgbjg}R%BreLa{mc7b|2^HEwK=L^CS3CbEGtzF3;8+eEZ0AlHn@LF<)^*o
zEiloV5ENJO>N#r2+xiW_j=(Pz8fS&H7w=Rq>@D`XGWTtf{kpg`coi15R4MA}nT>C#
z?UZ$Uqs1Ry$8GM#95e(D-Y@gaA?&qD`$m$r_3c#+<&r~vVC`k6p16YHEpWU6%Nhw6
z*IcwOmhy8!iGOPdbVRS3gk3*)giGY}p0M}1ue(iPDxjn`djn!dwjVzc`P}Vl(SqLH
zTfc$oZeUvz&4H>d^48H>b2+ySqFvJUhU@oLyGm{IDr;xqwAJi1-B2cXU74}3l0UzY
zdIi+xoh}vMVKezYRI}|@vIADzDoRzz*-6TOQ(Y|PR-UX;b5d4o&~<r-&d~9smN8gP
zxO&B(h`~(N>A+V(MpG^r-Y)$9{jl*_lBt=c3ZzjU$0mP0H0q?q$0`oy2z%8d>O;qz
zi|^Fm`yp+-D-N1R7*OcbL}m+2%Mpl~IVSC&EsJd`aw_^Zi>ljW_u@RA-O~E#mX>zz
z0yD?*TqO(N_zf26#9juq!F3|XM0K3%t8f+7SII)>`>gqv+vC70cSlz%tZ3ifMcH&<
z7Z*IbT%fgPr=__H;otbWwn^3&JLhbS47RH<93#Izer?9SeTwDSFp6u$bTee%y?kfw
z7ODj3)TPN)dw2BN{L>dN&R?5jxbB0ovfpNWUf;KHE(AKIljheI`b0f#Y)f4XO|n@N
zZbEyse|GlMi_^o;40W5&p+T9(eQ`+_UD&)LvFpHaZ(UhIC6{#3Y#lqSzbmMXy`B;S
ztB2ahxiY4yH54D~tEI6&>D~ud^)nT>#I<ir*42%c_1g^lcIrQAMaSMg=V*cUKDzbM
zs6ce?w{yH;&ZT$j!8OyRufA@|?HYr=EvGMU*VfEVUprl)fl$3_1d&!CyLVQ@yTaGH
z@+^acM$=iS9&}3|vaGn6654sV9SNOjJFoHpHz2b5?&Q|X_9j8mSv8Fx=l`ku|L!vG
z$38dh{|z43{eQbp`w#Iy_wv-1HT%SYKjJnKKkSyFK5a+d{zGDX*j)wpuumM-!`2Sx
zX_WlK#PP6)0G@{co<GP_m;cp6{dc1U+#vr4JA<e7_@BY<;6eW1$5Ug^tv7O%BD8YB
z#!cdQdFBUXD*u*yZPq)T^62co_ET7Si9bq_s?W%8hJc9H*bgUgXN|j8%6gNEZ^LhP
z-99ZtP#QohM#0>|Qn_6JLCD<EQ|JFFkIHLT$9Tu;M@xa5&VN1bH|~Gg*?!3XdoNFO
z|E_+;t}6vxj;~b&o4UgYh?c8>TNphO-R+sVWv(lB!Q1d}+X%ml&F+%z{N9uJ5l?gd
z3+bD?;C+4k%-4HI{=fM6!&t!$>;Li2lilk2-yRGe?>wyk`*>>W-$`KauJy56AiW}v
z8?T)IfEeyMxpb-N)*PS(!2POsEfE}@8I9+GnDu6yUv?B*EEiB0f8^;jBN1(u_9Gfo
zNqx;pJ43*iA`e4KBN}zbbiy<0<6B&cj3-TxP37+Yy5Hs&j+&bSb8a7MQ%uo~gMa7Y
zHZ_3NF=_^>m>#W;Mq3GFt(X-(4tPzc4O4iLd`noIXY|8&n_Tnlc3WR<wbtK;`fNA0
zR!;u1z?}~b&RGrpHlaFeKw2wsXEmHvVLVIs0?l2s7!8)|$#A#&GX5_bN?LPD7Mr>5
zOW!2!e@@comiO&q|17|^ow$|IR`0_tjb^S7N;6N2KM!xWL%2F|j(wbTDJ2eTCekV9
z2z|>3`=VFNrlR|OQ#e<Z5S(tdL~zZ+<JB=-wm?0KYgG)Ft<xUGWn;MDRS~w;Ey5Rj
zWuAx5FGZDFBuX`)!`>ND8N@QMVQuoPLLI$0T?Vn$HPaG0u`Cj6y@gr{urj0Ld|r?I
z*Ixij^LkZpe9<|qTr}z%@hbyEs_d>UOr-zdBwG5cWB=uXW*=_-tzrM|)a}3ilgAJK
z|9g3AYreSm;Zs?EmX<!y_H(K~Sbl0mly3Q8_pMU>?FfB@)wcx1gU$C@+kAG`K83}%
z4EAm9y_Im*w)U1md9d{!Y`y<5ThFH3d$9EWJuN-U>K^R8yLlS+-&J_0vEP4MBmV30
zZaw~Mx4-?6|LI<ywevqTPQbRE0D0s_4=p{&(Ma1+n3kiqLnHs*kz)Er#pgVtMFiK9
z!!TvZs=RP`rbg}8oH|j`Lh_7Em!Gi_?6(TQhEe90)v)lWv_lq;=&yKF$W2wu*&O$k
zIgj0`<@ISPvJCwyN}VMMbyjprlUg}>SH<t;tyb!+YV&g!MRoq~rWClVHg4kogWcW6
z{f|!{^8eh+(-QUBy!B{FGC%csJ?7kEg?;AiS?7p(k&<6?S|kj&M}c($jgp(#_vR*|
z`rCIP`I*dEGKF_AezHrG&|$br3D$h??OVu5679$7jGW|i*zPYYUmQYl4*0eqWxq8M
zE53Xva=SMm_eWrU4^JEaM;B74T}UBMgv<y_K1L+m!2h=gJCE!8KTn@N#Q)vPb4RId
z9#!uR+#ekqfgytLiGYrU8Ss=QV#X#?U;Ec-*aFK+mQu$>?x3X4e@`<34_$oEg*;@L
zRys#<K4r-eCL|WL{C+$-XuLDWbsFzS$A`^#cx=RdJIdG<i|LdeiIBwTVZuv->Yt+n
z>q4wlr;$q%LwNOzmr)YENaDpQ=ki+?Q?U?|&TTDoxPL!ttN3fqG8!FbJgt26eE8w`
z*)z|F=RcghIP`otJ34=PZ2tJ}_|UUH^CHjc^IXW&JlPjYev)LW?Is`Q<juPIkI>=8
zl68xh+X$^l<Sbf0-IJitSdzbSwkqlXMV^}5{z!}{h_V!x*iRN-;r(}f^qvn9zfP`6
z7VVFYJ-^74;Q8&@9MpTe9pG8t{Da{CLp@FTe|LG`?Q@g-f4u#qY5zUQ|9g4<DEZ$%
ze@R^%G4X*3-`nbaSf+PzixltTBXhfpTP1aGlm?SGU}ZLUaqBeh;sf)yiw{lQUT^U2
zU1V%;Kd!r8s&;X6j&^a|<m~kd&2fQRR`##@{r>XA>*5YFt}li08KqkPET4w_cW%$W
zD;;39{2%N-eOf>N`}j%!>4W^gk7wEbU&MsW*f^IoDiXl|#uIvg*GD@mPrcL<O4@RY
zF*M5AWYg86QO2&Q7|~3zCbxL?L#58A%0pkK8Flce<Q~0)Z1sqW$uH_Ovm|jTUW;ox
zvZQ#epUy7fk_t`<i;%mAwhXJr)*o!9xOcd$g8KF;ZUPcl;k{{tofhuisp*5Ac7?E0
zCIiXGF%z>BE>9_m7W+DFFBQg{Qqhu5ctSt1uJ9=Yp6~lNrGs%L%aROjXQs&6y8B9h
za2w%2@hXNKZznigeIbKG2<A3}YBj4+N6$$@rs(XlafF=_$w(a2xZ^dmqOHYQ%4-qc
zzJ+-nyMoV=ZFiPO!bZM5T$=E3X~HMIG@&K-^X@NBfM#~4hszT_-Q@`%c6UM@&MmG^
zaH^KE*yVi*-AY_AUYAgN^|{}c;5ZtFdyprRRb&80Ic!b{9-SHPX%WGyqCu6QNpze<
z^o=S*qNu3SC^)85mJ~(Xz(G~}8}@oGyS}LM`U}`p!tCu^xOjWfY~ua<APC;R1(A;(
z90$7K#ruo*?}M9xi>pwT+N{U`krGsMg5s;4KCRy#@;PA%HpC|IXe#UW-(bsN>t0q-
zcBJnhUaMGOkAKiu&=yF>zgRe;-nzG7T-0vCxX`y?z%LH%-gpm2X{^-_Wmx}QTc6v?
zwh&;oTH|Dlo3!0WpI5z1JxG7kwQZMGakzKcxy_sJ)^P3IR-m`LMx&X;{Z==LY~Fl@
z$nW06hx<d8v1F(2!~G%mjrza+{UH|G9o``VEgJA`Px-c@^<l?vp~+(I^cZdn{2R}g
zes;HMtaG=?RT=wY4L{-BMb{$S-Qh6{CSv09I9evyO?kgz;zLuy8%U*P<XCytgC+0^
zYQEueSveYx)ne+t-eN`?r!pGe<JvqdKi=mq+v<UpN?W>#)H;(JaO=v!O#}CzG*s)H
zO40j&!HmXpHcfa&KfxZ;4e>wy$4~mT{lD$qrw{vo_wsDOh)7AZM1bU=NdT^AG=Xu>
z;)o?vNJ)4}rc?yp2At2B0FkGtSb~_*IEHD=$J+JDl4%z*8WYK`C>}$1-jgKqHXxx>
z6e#d0&FF-^p^=tDf8Gk<MG`N7Cs<RV1S!oRW(f_v;PCAAndBMuHsFBI=RAQQ56&QB
znec)slRf;eM&Ap@zhyoAuYEC__SApuPjQv>N<d>0UgjxGSWJcYWgxCo@5^9JF1;@U
zIZwSW|JU1qA4$e|F5vj^NO*yXdh`MoQPR`pGX5`b177@ea&&rzuwcS7_#q$DETNJL
zPk;Ko=ez#s^?!P_fB5_;m`9(ajT`p=pYHC|<NpRvb{@`u-OIB9&slQ(0=}p59MIF~
z?WxCm_2*Y-F$ph!d4&7r!(LCQpUOT97}r1kTP{+%C$6Sj?WMNh)t_I*EToB`WeGN)
z24co&90>(!Ork06nNt4#ccW*2+3x?i<B#K<I&h~<&hl{(@_A3wtp4vf=HuR+2uZWv
zv*UxKle42O&(nQk0tkH1rZX7PY{IiSNkR%Q#%k@tnHHLMM<aqfiD(AjoxFto$%JMc
zzM~1vNDL!Pq5;n|hH$kL^aD7S3jF@)7(zZziDcuLYEHI4C%^Fo&UPS-c^+BmZ1<u9
zcqynEbjdZBg_%M!b&zDqBqKs*c_{NtvywScjFdu5NtPInO5%lNp+M&aNpaf>nXA%&
z;F@QbF(;7-JnvftK(Y3SO2U*v8}Ts5AaSga;vm2k6HLOZ8O@yeig;+uay4CBo_Czc
zj7NEhIVXJQ@jR3dxNiz$&ZUqUNrmaHi6jJ`z^jrk>UM^`-evI$DJK_7_Q)B9SBf@E
zbW9$tEi0E`j(dPv;CZ8r;z<F)6vOqasQH@4!<gxLDp9ce?_jfO&?xYH82t!o#?_GU
zgl1Oi0ZR}oB$s%hkgQHt;CTlYj=Q)rn(``67PX6ui!l*1Z)S_3yIA|dZLe`mg<XBB
zikb(^HD<?2uin-cY*CQq{NMl&y=v<weHr+EQaE&tL*5ru7S4=4^@p<Ix~`7^-=;)}
z!S)XL{uCFGqzDU~RjbiIpHaJk01@6^Zz+ZAA#Rx=Gx#=Uvy%QK00r??<=rojHY&fj
zlvRloA2T5Z0!v9o=2X&5{Uj1XlE9cc!~jvA>3PP%(T#cDOU&+e<LG<dKY5Nob3rvJ
zNN%>lO@FU+EQIPEfmrEIhARcIFGN09Z7g`6+1HBos4<Oz2)LLpeDnUI3sWi)9rU6I
zXB8FKTvsPtl{aNeIPf*_IC`z$<1S_~V~L_3WydO*6UD^gqS#luP(8S)RlU&K5Ux4H
zmsNR?1Um)SB#}5Gs=Fur+71mOT~cZdZ<AUN{7D^Ew;v6fJ2Zr2s|y`az^DL{Q8WwL
zgwe<n+C`%y0lX~m6J`j6G6fer|005zT~gB<AP_MnN@yZ&LkovHkOu$sJ@1rGXr|eo
z_C{c%zdQ<h4klYD5cGPcka8hV{Ah|bC<P_m>0T{>l5kd1yF(indU0RU#U8fus$2Z|
z%LR~ZijqQg>%!#{7Xc`_Lf?>i8q@AdR^rZzZmk|Gwl_Fu?M#A<`PDL3VKxJix(Fx`
zN}Wfur8u%={5FB-?Z+4%ENQ&xBJru=K_(xm>H6pX^Jkh`kr7yG5YC{PwQ@aErC5~#
zBej0$m`tET!}W0(m80b?lemSnQhHBoDiu@|a4$qa$g_-!lqXT^XsOw@Y&Pabuej)G
zFUmy#|K#}>aSREi5u~$)U?GVMU8lTlg)L>}iiA-dNsg*Y0LOL_Wkk-9Kq*|<LueOW
zh?qc_?Ohu$mJ72wy&13G9v(bw4))jZWoJJr&cE3aVQMjELW0hV8)-Y4z=%hvYYM@p
z35`^T2%PYUqR|VOPeFZ#m?u;9FH)DOmF0=j=CsTs5`D}8{8WLQ(K)}O5ni<g1dC`6
zkSrjhMDV1m#iCOC%!n7rGXXl=Xr$`UE1CtJFFo(bWO-PUbEi#>s3;VZ3XOrT3x>+#
zjFM<!dfqJ<5R*$p=^%gu98*NSj*+*$^0P*GCxBAPF>7&sdT`Sd?Tvmsczv?}{HRG7
z)%)*iLvqeR(-oL|)65k~I9154x}HVh6|seI@!^qPJ^yTOPH&3Z!l^cnV_GW373CQ<
z_MRl-QuIiq&{qr2Hw&*9(J&?%^$h|h3GIf-IlJJwkI@2KT~AT38mf!dYXL7%AjmAI
z7skSHR{7N+cnp74|2)y0cAg6fBo-WGo+XOhtNj@-R8wjaJk@U_s1IqffKnALL&21)
zAn8zZkZTslK$8j2Lh26sYZAw=A>~Ry>s3*J8tO0>HEyAdEnufWc`hiSG8j`yg6bew
zhi~ug&mD6S-_M<)`XRU`@1HxvpF2)>e(t<~-|@Vkl*FnIff?5>$c#)TEY$rPQ;6A|
zNzGXPrG^phkgxjvzH8Z~84a1R{qMF-T;&G8Jw0>UrKei*coHuF%jhvfp{hpBD)JHN
ztN3&Tp+YC*NusQ2$u)%sS{~`|7X65cG$xButKzv#a|vAW5KMY3#3YaH`V1WAWX=?~
z+B1|y3dD?DX#rfw!LZ~Nx;_%ag6E~o$3xN!AZpZTwXrVD^Kj;&B1aOSEBU0F03{N-
z%|?d>^RYx`iWr=5P+6#y0KFw<-uu2{^M1@E%}BggSX>j%$0Qq*-`YwP7Fbd0*Zhs6
zw6i*EESRz$J0k14c%|?49<{L3YSy5=daqg)y9rmsrW!D6w9>)pn-ou!TVk<od+#7n
z0xtN+C0%^2zM2F@@8F=K%3P6*Asc=Nhg5_a!^_~*YJUf(CXoQV^WF{HW!tj%%@59t
zciua=uv2y6Zq6)wuaMzf88<Ww%!>sT=9>j)=k=lnuJPW2OU;L%3eMY)<C?~2he;Ic
zRJ+G<;IB&CqvFpve|EN9?43V5D`lM%*4PCS;;>_hkY<uiSV)wZFdEIlKJctuAMwOD
zs+3z;X+=uw)(O#*DfA3n^>+m-O@u;Lo4szIBOQT;OkNv&R4RomH8z*ddYDD<>hR=D
z6+_TGxuOZ~g0B>~Ax}b@O3^DEZ|arIcpTHLa<Z<sk@CoAk%B50TiWh-gr^h!4v$dL
z1Lr(eVfn~B-9o2FVuy}c=2A16S92g43tx!Xw~ij<E^6xcQX*$P$$M$Wu85?;C0(?C
zFY^q46wgsb6^#^Yeg(sE&Um3H>sAvh?^S!%;6EE18{jz5np7!gEQ^%oCl_$AFRW8p
zNe@TrakNyl6)L(W?mz+5rIo5K6m7fZ@VtXil5eJn?_~d6dvH%_!~~i_+P7e!;>c9+
z!?C-j8O5X68J(hnXSdP_TqgWFfrI@nIud23bOvp1(FQ0ZxbZ|5&6FB8&XdU6wDsaF
zLF2}uRYOY(e{D#kdXHm+zOE}qw2uMNpwR)%q|j4zq1g=f_@d?L-i5MVw1SE7m2sF=
ztnTWpX@k<8w5~Fp=zOfkoEJeM&lMGXAwUh113{0TBJqooo-ew<CaOQEx+-fI$81c&
z^v9@Rh*T2NE=<`KHM+baWhSg%XZxUSX31-l<6?ENkA=;gA$wH1(hqbI#++Ol%ILPv
zgmqsU8`aQqWghijr*QyX80K)Hms`Or{KR;Em#8f$-OV8Q7@%Ec4aE>vUSFCnl)U12
zV#i4lbD;wxYv6et>ES}%RCS{|!*`2w6S;F^GpO;eYQoNFOWZD}D0}tHBIWDhC9W(5
zGojkyc2WA3Oh1}yWN1Q|s#teCk7u4|7-6H*UP~3-A7e(_Yd*<DJJoSPt+M&u9fWpn
zUIKNQx|K_AJFD5cf%2;V3!XpP)4vB@=e@DG5}we?>pYv%WiB086Et&K*%)wl0dh5q
z+Ubb<Mi;gbjnah)WwUVf*Rr==ZR?Iv9P7-A$XQ~VOyvx|hJF>M?v8?LmM%{aw(8%z
zh+ij4mw1<__>W#zH2|vPsy_aq_?1D)dY-g9#`9h#Y~3v*HRZS6d(dts#Vl{!b}&WD
z>Ux$GQCHpk7UM=yclSv9$3)=~cfE~#p7I3UDMSb!GVQptmaR4zwOcu+TDF$EFMpss
c4iC@6^YA=8w|)M900030|0%BZiU1-30Q4D8c>n+a

literal 0
HcmV?d00001

diff --git a/helm/minio/.helmignore b/helm/minio/.helmignore
new file mode 100644
index 000000000..a9fe72788
--- /dev/null
+++ b/helm/minio/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# OWNERS file for Kubernetes
+OWNERS
\ No newline at end of file
diff --git a/helm/minio/Chart.yaml b/helm/minio/Chart.yaml
new file mode 100644
index 000000000..c0583f1cf
--- /dev/null
+++ b/helm/minio/Chart.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+description: High Performance, Kubernetes Native Object Storage
+name: minio
+version: 1.0.0
+appVersion: RELEASE.2021-08-17T20-53-08Z
+keywords:
+- storage
+- object-storage
+- S3
+home: https://min.io
+icon: https://min.io/resources/img/logo/MINIO_wordmark.png
+sources:
+- https://github.com/minio/minio
+maintainers:
+- name: MinIO, Inc
+  email: dev@minio.io
diff --git a/helm/minio/README.md b/helm/minio/README.md
new file mode 100644
index 000000000..ad049054a
--- /dev/null
+++ b/helm/minio/README.md
@@ -0,0 +1,212 @@
+# MinIO Helm Chart
+=====
+[![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io) [![license](https://img.shields.io/badge/license-AGPL%20V3-blue)](https://github.com/minio/minio/blob/master/LICENSE)
+
+MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure for machine learning, analytics and application data workloads.
+
+For more detailed documentation please visit [here](https://docs.minio.io/)
+
+Introduction
+------------
+
+This chart bootstraps MinIO Cluster on [Kubernetes](http://kubernetes.io) using the [Helm](https://helm.sh) package manager.
+
+Prerequisites
+-------------
+
+- Helm cli with Kubernetes cluster configured.
+- PV provisioner support in the underlying infrastructure.
+
+Configure MinIO Helm repo
+--------------------
+```bash
+helm repo add minio https://charts.min.io/
+```
+
+Installing the Chart
+--------------------
+
+Install this chart using:
+
+```bash
+helm install --namespace minio --set rootUser=rootuser,rootPassword=rootpass123 --generate-name minio/minio
+```
+
+The command deploys MinIO on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+Upgrading the Chart
+-------------------
+
+You can use Helm to update MinIO version in a live release. Assuming your release is named as `my-release`, get the values using the command:
+
+```bash
+helm get values my-release > old_values.yaml
+```
+
+Then change the field `image.tag` in `old_values.yaml` file with MinIO image tag you want to use. Now update the chart using
+
+```bash
+helm upgrade -f old_values.yaml my-release minio/minio
+```
+
+Default upgrade strategies are specified in the `values.yaml` file. Update these fields if you'd like to use a different strategy.
+
+Configuration
+-------------
+
+Refer the [Values file](./values.yaml) for all the possible config fields.
+
+You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```bash
+helm install --name my-release --set persistence.size=1Ti minio/minio
+```
+
+The above command deploys MinIO server with a 1Ti backing persistent volume.
+
+Alternately, you can provide a YAML file that specifies parameter values while installing the chart. For example,
+
+```bash
+helm install --name my-release -f values.yaml minio/minio
+```
+
+Persistence
+-----------
+
+This chart provisions a PersistentVolumeClaim and mounts corresponding persistent volume to default location `/export`. You'll need physical storage available in the Kubernetes cluster for this to work. If you'd rather use `emptyDir`, disable PersistentVolumeClaim by:
+
+```bash
+helm install --set persistence.enabled=false minio/minio
+```
+
+> *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."*
+
+Existing PersistentVolumeClaim
+------------------------------
+
+If a Persistent Volume Claim already exists, specify it during installation.
+
+1. Create the PersistentVolume
+2. Create the PersistentVolumeClaim
+3. Install the chart
+
+```bash
+helm install --set persistence.existingClaim=PVC_NAME minio/minio
+```
+
+NetworkPolicy
+-------------
+
+To enable network policy for MinIO,
+install [a networking plugin that implements the Kubernetes
+NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin),
+and set `networkPolicy.enabled` to `true`.
+
+For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting
+the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace:
+
+    kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"
+
+With NetworkPolicy enabled, traffic will be limited to just port 9000.
+
+For more precise policy, set `networkPolicy.allowExternal=true`. This will
+only allow pods with the generated client label to connect to MinIO.
+This label will be displayed in the output of a successful install.
+
+Existing secret
+---------------
+
+Instead of having this chart create the secret for you, you can supply a preexisting secret, much
+like an existing PersistentVolumeClaim.
+
+First, create the secret:
+```bash
+kubectl create secret generic my-minio-secret --from-literal=rootUser=foobarbaz --from-literal=rootPassword=foobarbazqux
+```
+
+Then install the chart, specifying that you want to use an existing secret:
+```bash
+helm install --set existingSecret=my-minio-secret minio/minio
+```
+
+The following fields are expected in the secret:
+
+| .data.<key> in Secret | Corresponding variable | Description    | Required |
+|:----------------------|:-----------------------|:---------------|:---------|
+| `rootUser`            | `rootUser`             | Root user.     | yes      |
+| `rootPassword`        | `rootPassword`         | Root password. | yes      |
+
+All corresponding variables will be ignored in values file.
+
+Configure TLS
+-------------
+
+To enable TLS for MinIO containers, acquire TLS certificates from a CA or create self-signed certificates. While creating / acquiring certificates ensure the corresponding domain names are set as per the standard [DNS naming conventions](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-identity) in a Kubernetes StatefulSet (for a distributed MinIO setup). Then create a secret using
+
+```bash
+kubectl create secret generic tls-ssl-minio --from-file=path/to/private.key --from-file=path/to/public.crt
+```
+
+Then install the chart, specifying that you want to use the TLS secret:
+
+```bash
+helm install --set tls.enabled=true,tls.certSecret=tls-ssl-minio minio/minio
+```
+
+### Installing certificates from third party CAs
+
+MinIO can connect to other servers, including MinIO nodes or other server types such as NATs and Redis. If these servers use certificates that were not registered with a known CA, add trust for these certificates to MinIO Server by bundling these certificates into a Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true` and you're installing certificates for third party CAs, remember to include Minio's own certificate with key `public.crt`, if it also needs to be trusted.
+
+For instance, given that TLS is enabled and you need to add trust for Minio's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`:
+
+```
+kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt
+```
+
+If TLS is not enabled, you would need only the third party CA:
+
+```
+kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt
+```
+
+The name of the generated secret can then be passed to Helm using a values file or the `--set` parameter:
+
+```
+trustedCertsSecret: "minio-trusted-certs"
+
+or
+
+--set trustedCertsSecret=minio-trusted-certs
+```
+
+Create buckets after install
+---------------------------
+
+Install the chart, specifying the buckets you want to create after install:
+
+```bash
+helm install --set buckets[0].name=bucket1,buckets[0].policy=none,buckets[0].purge=false minio/minio
+```
+
+Description of the configuration parameters used above -
+
+- `buckets[].name` - name of the bucket to create, must be a string with length > 0
+- `buckets[].policy` - can be one of none|download|upload|public
+- `buckets[].purge` - purge if bucket exists already
+
+Uninstalling the Chart
+----------------------
+
+Assuming your release is named as `my-release`, delete it using the command:
+
+```bash
+helm delete my-release
+```
+
+or
+
+```bash
+helm uninstall my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
diff --git a/helm/minio/templates/NOTES.txt b/helm/minio/templates/NOTES.txt
new file mode 100644
index 000000000..9e628156a
--- /dev/null
+++ b/helm/minio/templates/NOTES.txt
@@ -0,0 +1,52 @@
+{{- if eq .Values.service.type "ClusterIP" "NodePort" }}
+Minio can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster:
+{{ template "minio.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
+
+To access Minio from localhost, run the below commands:
+
+  1. export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+
+  2. kubectl port-forward $POD_NAME 9000 --namespace {{ .Release.Namespace }}
+
+Read more about port forwarding here: http://kubernetes.io/docs/user-guide/kubectl/kubectl_port-forward/
+
+You can now access Minio server on http://localhost:9000. Follow the below steps to connect to Minio server with mc client:
+
+  1. Download the Minio mc client - https://docs.minio.io/docs/minio-client-quickstart-guide
+
+  2. export ACCESS_KEY=$(kubectl get secret {{ template "minio.secretName" . }} -o jsonpath="{.data.rootUser}" | base64 --decode) 
+  
+  3. export SECRET_KEY=$(kubectl get secret {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)
+
+  4. mc alias set {{ template "minio.fullname" . }}-local http://localhost:{{ .Values.service.port }} "$ACCESS_KEY" "$SECRET_KEY" --api s3v4
+
+  5. mc ls {{ template "minio.fullname" . }}-local
+
+Alternately, you can use your browser or the Minio SDK to access the server - https://docs.minio.io/categories/17
+{{- end }}
+{{- if eq .Values.service.type "LoadBalancer" }}
+Minio can be accessed via port {{ .Values.service.port }} on an external IP address. Get the service external IP address by:
+kubectl get svc --namespace {{ .Release.Namespace }} -l app={{ template "minio.fullname" . }}
+
+Note that the public IP may take a couple of minutes to be available.
+
+You can now access Minio server on http://<External-IP>:9000. Follow the below steps to connect to Minio server with mc client:
+
+  1. Download the Minio mc client - https://docs.minio.io/docs/minio-client-quickstart-guide
+
+  2. export ACCESS_KEY=$(kubectl get secret {{ template "minio.secretName" . }} --namespace {{ .Release.Namespace }} -o jsonpath="{.data.rootUser}" | base64 --decode) 
+  
+  3. export SECRET_KEY=$(kubectl get secret {{ template "minio.secretName" . }} --namespace {{ .Release.Namespace }} -o jsonpath="{.data.rootPassword}" | base64 --decode)
+  
+  4. mc alias set {{ template "minio.fullname" . }} http://<External-IP>:{{ .Values.service.port }} "$ACCESS_KEY" "$SECRET_KEY" --api s3v4
+
+  5. mc ls {{ template "minio.fullname" . }}
+
+Alternately, you can use your browser or the Minio SDK to access the server - https://docs.minio.io/categories/17
+{{- end }}
+
+{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
+Note: Since NetworkPolicy is enabled, only pods with label
+{{ template "minio.fullname" . }}-client=true"
+will be able to connect to this minio cluster.
+{{- end }}
diff --git a/helm/minio/templates/_helper_create_bucket.txt b/helm/minio/templates/_helper_create_bucket.txt
new file mode 100644
index 000000000..80a3e3213
--- /dev/null
+++ b/helm/minio/templates/_helper_create_bucket.txt
@@ -0,0 +1,108 @@
+#!/bin/sh
+set -e ; # Have script exit in the event of a failed command.
+
+{{- if .Values.configPathmc }}
+MC_CONFIG_DIR="{{ .Values.configPathmc }}"
+MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
+{{- else }}
+MC="/usr/bin/mc --insecure"
+{{- end }}
+
+# connectToMinio
+# Use a check-sleep-check loop to wait for Minio service to be available
+connectToMinio() {
+  SCHEME=$1
+  ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
+  set -e ; # fail if we can't read the keys.
+  ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
+  set +e ; # The connections to minio are allowed to fail.
+  echo "Connecting to Minio server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
+  MC_COMMAND="${MC} config host add myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
+  $MC_COMMAND ;
+  STATUS=$? ;
+  until [ $STATUS = 0 ]
+  do
+    ATTEMPTS=`expr $ATTEMPTS + 1` ;
+    echo \"Failed attempts: $ATTEMPTS\" ;
+    if [ $ATTEMPTS -gt $LIMIT ]; then
+      exit 1 ;
+    fi ;
+    sleep 2 ; # 1 second intervals between attempts
+    $MC_COMMAND ;
+    STATUS=$? ;
+  done ;
+  set -e ; # reset `e` as active
+  return 0
+}
+
+# checkBucketExists ($bucket)
+# Check if the bucket exists, by using the exit code of `mc ls`
+checkBucketExists() {
+  BUCKET=$1
+  CMD=$(${MC} ls myminio/$BUCKET > /dev/null 2>&1)
+  return $?
+}
+
+# createBucket ($bucket, $policy, $purge)
+# Ensure bucket exists, purging if asked to
+createBucket() {
+  BUCKET=$1
+  POLICY=$2
+  PURGE=$3
+  VERSIONING=$4
+
+  # Purge the bucket, if set & exists
+  # Since PURGE is user input, check explicitly for `true`
+  if [ $PURGE = true ]; then
+    if checkBucketExists $BUCKET ; then
+      echo "Purging bucket '$BUCKET'."
+      set +e ; # don't exit if this fails
+      ${MC} rm -r --force myminio/$BUCKET
+      set -e ; # reset `e` as active
+    else
+      echo "Bucket '$BUCKET' does not exist, skipping purge."
+    fi
+  fi
+
+  # Create the bucket if it does not exist
+  if ! checkBucketExists $BUCKET ; then
+    echo "Creating bucket '$BUCKET'"
+    ${MC} mb myminio/$BUCKET
+  else
+    echo "Bucket '$BUCKET' already exists."
+  fi
+
+
+  # set versioning for bucket
+  if [ ! -z $VERSIONING ] ; then
+    if [ $VERSIONING = true ] ; then
+        echo "Enabling versioning for '$BUCKET'"
+        ${MC} version enable myminio/$BUCKET
+    elif [ $VERSIONING = false ] ; then
+        echo "Suspending versioning for '$BUCKET'"
+        ${MC} version suspend myminio/$BUCKET
+    fi
+  else
+      echo "Bucket '$BUCKET' versioning unchanged."
+  fi
+
+  # At this point, the bucket should exist, skip checking for existence
+  # Set policy on the bucket
+  echo "Setting policy of bucket '$BUCKET' to '$POLICY'."
+  ${MC} policy set $POLICY myminio/$BUCKET
+}
+
+# Try connecting to Minio instance
+{{- if .Values.tls.enabled }}
+scheme=https
+{{- else }}
+scheme=http
+{{- end }}
+connectToMinio $scheme
+
+{{ if .Values.buckets }}
+# Create the buckets
+{{- range .Values.buckets }}
+createBucket {{ .name }} {{ .policy }} {{ .purge }} {{ .versioning }}
+{{- end }}
+{{- end }}
diff --git a/helm/minio/templates/_helper_create_user.txt b/helm/minio/templates/_helper_create_user.txt
new file mode 100644
index 000000000..82253516f
--- /dev/null
+++ b/helm/minio/templates/_helper_create_user.txt
@@ -0,0 +1,83 @@
+#!/bin/sh
+set -e ; # Have script exit in the event of a failed command.
+
+{{- if .Values.configPathmc }}
+MC_CONFIG_DIR="{{ .Values.configPathmc }}"
+MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
+{{- else }}
+MC="/usr/bin/mc --insecure"
+{{- end }}
+
+# connectToMinio
+# Use a check-sleep-check loop to wait for Minio service to be available
+connectToMinio() {
+  SCHEME=$1
+  ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
+  set -e ; # fail if we can't read the keys.
+  ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
+  set +e ; # The connections to minio are allowed to fail.
+  echo "Connecting to Minio server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
+  MC_COMMAND="${MC} config host add myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
+  $MC_COMMAND ;
+  STATUS=$? ;
+  until [ $STATUS = 0 ]
+  do
+    ATTEMPTS=`expr $ATTEMPTS + 1` ;
+    echo \"Failed attempts: $ATTEMPTS\" ;
+    if [ $ATTEMPTS -gt $LIMIT ]; then
+      exit 1 ;
+    fi ;
+    sleep 2 ; # 1 second intervals between attempts
+    $MC_COMMAND ;
+    STATUS=$? ;
+  done ;
+  set -e ; # reset `e` as active
+  return 0
+}
+
+# checkUserExists ($username)
+# Check if the user exists, by using the exit code of `mc admin user info`
+checkUserExists() {
+  USER=$1
+  CMD=$(${MC} admin user info myminio $USER > /dev/null 2>&1)
+  return $?
+}
+
+# createUser ($username, $password, $policy)
+createUser() {
+  USER=$1
+  PASS=$2
+  POLICY=$3
+
+  # Create the user if it does not exist
+  if ! checkUserExists $USER ; then
+    echo "Creating user '$USER'"
+    ${MC} admin user add myminio $USER $PASS
+  else
+    echo "User '$USER' already exists."
+  fi
+
+
+  # set policy for user
+  if [ ! -z $POLICY -a $POLICY != " " ] ; then
+      echo "Adding policy '$POLICY' for '$USER'"
+      ${MC} admin policy set myminio $POLICY user=$USER
+  else
+      echo "User '$USER' has no policy attached."
+  fi
+}
+
+# Try connecting to Minio instance
+{{- if .Values.tls.enabled }}
+scheme=https
+{{- else }}
+scheme=http
+{{- end }}
+connectToMinio $scheme
+
+{{ if .Values.users }}
+# Create the users
+{{- range .Values.users }}
+createUser {{ .accessKey }} {{ .secretKey }} {{ .policy }}
+{{- end }}
+{{- end }}
diff --git a/helm/minio/templates/_helpers.tpl b/helm/minio/templates/_helpers.tpl
new file mode 100644
index 000000000..dfe485f65
--- /dev/null
+++ b/helm/minio/templates/_helpers.tpl
@@ -0,0 +1,171 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "minio.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "minio.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "minio.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for networkpolicy.
+*/}}
+{{- define "minio.networkPolicy.apiVersion" -}}
+{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.Version -}}
+{{- print "extensions/v1beta1" -}}
+{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.Version -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for deployment.
+*/}}
+{{- define "minio.deployment.apiVersion" -}}
+{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.Version -}}
+{{- print "apps/v1beta2" -}}
+{{- else -}}
+{{- print "apps/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for statefulset.
+*/}}
+{{- define "minio.statefulset.apiVersion" -}}
+{{- if semverCompare "<1.16-0" .Capabilities.KubeVersion.Version -}}
+{{- print "apps/v1beta2" -}}
+{{- else -}}
+{{- print "apps/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for ingress.
+*/}}
+{{- define "minio.ingress.apiVersion" -}}
+{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "extensions/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Determine secret name.
+*/}}
+{{- define "minio.secretName" -}}
+{{- if .Values.existingSecret -}}
+{{- .Values.existingSecret }}
+{{- else -}}
+{{- include "minio.fullname" . -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Determine name for scc role and rolebinding
+*/}}
+{{- define "minio.sccRoleName" -}}
+{{- printf "%s-%s" "scc" (include "minio.fullname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Properly format optional additional arguments to Minio binary
+*/}}
+{{- define "minio.extraArgs" -}}
+{{- range .Values.extraArgs -}}
+{{ " " }}{{ . }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "minio.imagePullSecrets" -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
+Also, we can not use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+{{- if .Values.global.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.global.imagePullSecrets }}
+  - name: {{ . }}
+{{- end }}
+{{- else if .Values.imagePullSecrets }}
+imagePullSecrets:
+    {{ toYaml .Values.imagePullSecrets }}
+{{- end -}}
+{{- else if .Values.imagePullSecrets }}
+imagePullSecrets:
+    {{ toYaml .Values.imagePullSecrets }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Formats volumeMount for Minio tls keys and trusted certs
+*/}}
+{{- define "minio.tlsKeysVolumeMount" -}}
+{{- if .Values.tls.enabled }}
+- name: cert-secret-volume
+  mountPath: {{ .Values.certsPath }}
+{{- end }}
+{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }}
+{{- $casPath := printf "%s/CAs" .Values.certsPath | clean }}
+- name: trusted-cert-secret-volume
+  mountPath: {{ $casPath }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Formats volume for Minio tls keys and trusted certs
+*/}}
+{{- define "minio.tlsKeysVolume" -}}
+{{- if .Values.tls.enabled }}
+- name: cert-secret-volume
+  secret:
+    secretName: {{ .Values.tls.certSecret }}
+    items:
+    - key: {{ .Values.tls.publicCrt }}
+      path: public.crt
+    - key: {{ .Values.tls.privateKey }}
+      path: private.key
+{{- end }}
+{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }}
+{{- $certSecret := eq .Values.trustedCertsSecret "" | ternary .Values.tls.certSecret .Values.trustedCertsSecret }}
+{{- $publicCrt := eq .Values.trustedCertsSecret "" | ternary .Values.tls.publicCrt "" }}
+- name: trusted-cert-secret-volume
+  secret:
+    secretName: {{ $certSecret }}
+    {{- if ne $publicCrt "" }}
+    items:
+    - key: {{ $publicCrt }}
+      path: public.crt
+    {{- end }}
+{{- end }}
+{{- end -}}
diff --git a/helm/minio/templates/configmap.yaml b/helm/minio/templates/configmap.yaml
new file mode 100644
index 000000000..48e1c1807
--- /dev/null
+++ b/helm/minio/templates/configmap.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "minio.fullname" . }}
+  labels:
+    app: {{ template "minio.name" . }}
+    chart: {{ template "minio.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  initialize: |-
+{{ include (print $.Template.BasePath "/_helper_create_bucket.txt") . | indent 4 }}
+  add-user: |-
+{{ include (print $.Template.BasePath "/_helper_create_user.txt") . | indent 4 }}
diff --git a/helm/minio/templates/console-ingress.yaml b/helm/minio/templates/console-ingress.yaml
new file mode 100644
index 000000000..cb486e68f
--- /dev/null
+++ b/helm/minio/templates/console-ingress.yaml
@@ -0,0 +1,45 @@
+{{- if .Values.consoleIngress.enabled -}}
+{{- $fullName := include "minio.fullname" . -}}
+{{- $servicePort := .Values.consoleService.port -}}
+{{- $ingressPath := .Values.consoleIngress.path -}}
+apiVersion: {{ template "minio.consoleIngress.apiVersion" . }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    app: {{ template "minio.name" . }}
+    chart: {{ template "minio.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.consoleIngress.labels }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+
+{{- with .Values.consoleIngress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.consoleIngress.tls }}
+  tls:
+  {{- range .Values.consoleIngress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.consoleIngress.hosts }}
+    - http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $servicePort }}
+      {{- if . }}
+      host: {{ . | quote }}
+      {{- end }}
+  {{- end }}
+{{- end }}
diff --git a/helm/minio/templates/console-service.yaml b/helm/minio/templates/console-service.yaml
new file mode 100644
index 000000000..8beba955d
--- /dev/null
+++ b/helm/minio/templates/console-service.yaml
@@ -0,0 +1,47 @@
+{{ $scheme := "http" }}
+{{- if .Values.tls.enabled }}
+{{ $scheme = "https" }}
+{{ end }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "minio.fullname" . }}-console
+  labels:
+    app: {{ template "minio.name" . }}
+    chart: {{ template "minio.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- if .Values.consoleService.annotations }}
+  annotations:
+{{ toYaml .Values.consoleService.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if (or (eq .Values.consoleService.type "ClusterIP" "") (empty .Values.consoleService.type)) }}
+  type: ClusterIP
+  {{- if not (empty .Values.consoleService.clusterIP) }}
+  clusterIP: {{ .Values.consoleService.clusterIP }}
+  {{end}}
+{{- else if eq .Values.consoleService.type "LoadBalancer" }}
+  type: {{ .Values.consoleService.type }}
+  loadBalancerIP: {{ default "" .Values.consoleService.loadBalancerIP }}
+{{- else }}
+  type: {{ .Values.consoleService.type }}
+{{- end }}
+  ports:
+    - name: {{ $scheme }}
+      port: {{ .Values.consoleService.port }}
+      protocol: TCP
+{{- if (and (eq .Values.consoleService.type "NodePort") ( .Values.consoleService.nodePort)) }}
+      nodePort: {{ .Values.consoleService.nodePort }}
+{{- else }}
+      targetPort: {{ .Values.consoleService.port }}
+{{- end}}
+{{- if .Values.consoleService.externalIPs }}
+  externalIPs:
+{{- range $i , $ip := .Values.consoleService.externalIPs }}
+  - {{ $ip }}
+{{- end }}
+{{- end }}
+  selector:
+    app: {{ template "minio.name" . }}
+    release: {{ .Release.Name }}
diff --git a/helm/minio/templates/deployment.yaml b/helm/minio/templates/deployment.yaml
new file mode 100644
index 000000000..9a94f50eb
--- /dev/null
+++ b/helm/minio/templates/deployment.yaml
@@ -0,0 +1,125 @@
+{{- if eq .Values.mode "standalone" }}
+{{ $scheme := "http" }}
+{{- if .Values.tls.enabled }}
+{{ $scheme = "https" }}
+{{ end }}
+{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }}
+apiVersion: {{ template "minio.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  name: {{ template "minio.fullname" . }}
+  labels:
+    app: {{ template "minio.name" . }}
+    chart: {{ template "minio.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- if .Values.additionalLabels }}
+{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }}
+{{- end }}
+{{- if .Values.additionalAnnotations }}
+  annotations:
+{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }}
+{{- end }}
+spec:
+  strategy:
+    type: {{ .Values.DeploymentUpdate.type }}
+    {{- if eq .Values.DeploymentUpdate.type "RollingUpdate" }}
+    rollingUpdate:
+      maxSurge: {{ .Values.DeploymentUpdate.maxSurge }}
+      maxUnavailable: {{ .Values.DeploymentUpdate.maxUnavailable }}
+    {{- end}}
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ template "minio.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      name: {{ template "minio.fullname" . }}
+      labels:
+        app: {{ template "minio.name" . }}
+        release: {{ .Release.Name }}
+{{- if .Values.podLabels }}
+{{ toYaml .Values.podLabels | indent 8 }}
+{{- end }}
+      annotations:
+        checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+{{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }}
+{{- end }}
+    spec:
+  {{- if .Values.priorityClassName }}
+      priorityClassName: "{{ .Values.priorityClassName }}"
+  {{- end }}
+{{- if and .Values.securityContext.enabled .Values.persistence.enabled }}
+      securityContext:
+        runAsUser: {{ .Values.securityContext.runAsUser }}
+        runAsGroup: {{ .Values.securityContext.runAsGroup }}
+        fsGroup: {{ .Values.securityContext.fsGroup }}
+{{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command:
+            - "/bin/sh"
+            - "-ce"
+            - "/usr/bin/docker-entrypoint.sh minio -S {{ .Values.certsPath }} server --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{ $bucketRoot }} {{- template "minio.extraArgs" . }}"
+          volumeMounts:
+            {{- if .Values.persistence.enabled }}
+            - name: export
+              mountPath: {{ .Values.mountPath }}
+              {{- if .Values.persistence.subPath }}
+              subPath: "{{ .Values.persistence.subPath }}"
+              {{- end }}
+            {{- end }}
+            {{- include "minio.tlsKeysVolumeMount" . | indent 12 }}
+          ports:
+            - name: {{ $scheme }}
+              containerPort: {{ .Values.minioAPIPort }}
+            - name: {{ $scheme }}-console
+              containerPort: {{ .Values.minioConsolePort }}
+          env:
+            - name: MINIO_ROOT_USER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "minio.secretName" . }}
+                  key: rootUser
+            - name: MINIO_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "minio.secretName" . }}
+                  key: rootPassword
+            {{- range $key, $val := .Values.environment }}
+            - name: {{ $key }}
+              value: {{ $val | quote }}
+            {{- end}}
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+{{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- include "minio.imagePullSecrets" . | indent 6 }}
+{{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      volumes:
+        - name: export
+        {{- if .Values.persistence.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }}
+        {{- else }}
+          emptyDir: {}
+        {{- end }}
+        - name: minio-user
+          secret:
+            secretName: {{ template "minio.secretName" . }}
+        {{- include "minio.tlsKeysVolume" . | indent 8 }}
+{{- end }}
diff --git a/helm/minio/templates/ingress.yaml b/helm/minio/templates/ingress.yaml
new file mode 100644
index 000000000..2d9bbda05
--- /dev/null
+++ b/helm/minio/templates/ingress.yaml
@@ -0,0 +1,45 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "minio.fullname" . -}}
+{{- $servicePort := .Values.service.port -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: {{ template "minio.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    app: {{ template "minio.name" . }}
+    chart: {{ template "minio.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.ingress.labels }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $servicePort }}
+      {{- if . }}
+      host: {{ . | quote }}
+      {{- end }}
+  {{- end }}
+{{- end }}
diff --git a/helm/minio/templates/networkpolicy.yaml b/helm/minio/templates/networkpolicy.yaml
new file mode 100644
index 000000000..de57f485f
--- /dev/null
+++ b/helm/minio/templates/networkpolicy.yaml
@@ -0,0 +1,25 @@
+{{- if .Values.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ template "minio.networkPolicy.apiVersion" . }}
+metadata:
+  name: {{ template "minio.fullname" . }}
+  labels:
+    app: {{ template "minio.name" . }}
+    chart: {{ template "minio.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  podSelector:
+    matchLabels:
+      app: {{ template "minio.name" . }}
+      release: {{ .Release.Name }}
+  ingress:
+    - ports:
+        - port: {{ .Values.service.port }}
+      {{- if not .Values.networkPolicy.allowExternal }}
+      from:
+        - podSelector:
+            matchLabels:
+              {{ template "minio.name" . }}-client: "true"
+      {{- end }}
+{{- end }}
diff --git a/helm/minio/templates/poddisruptionbudget.yaml b/helm/minio/templates/poddisruptionbudget.yaml
new file mode 100644
index 000000000..1de813b8b
--- /dev/null
+++ b/helm/minio/templates/poddisruptionbudget.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.podDisruptionBudget.enabled }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  name: minio
+  labels:
+    app: {{ template "minio.name" . }}
+spec:
+  maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
+  selector:
+    matchLabels:
+      app: {{ template "minio.name" . }}
+{{- end }}
\ No newline at end of file
diff --git a/helm/minio/templates/post-install-create-bucket-job.yaml b/helm/minio/templates/post-install-create-bucket-job.yaml
new file mode 100644
index 000000000..88dc2cd22
--- /dev/null
+++ b/helm/minio/templates/post-install-create-bucket-job.yaml
@@ -0,0 +1,86 @@
+{{- if .Values.buckets }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "minio.fullname" . }}-make-bucket-job
+  labels:
+    app: {{ template "minio.name" . }}-make-bucket-job
+    chart: {{ template "minio.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+{{- with .Values.makeBucketJob.annotations }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+  template:
+    metadata:
+      labels:
+        app: {{ template "minio.name" . }}-job
+        release: {{ .Release.Name }}
+{{- if .Values.podLabels }}
+{{ toYaml .Values.podLabels | indent 8 }}
+{{- end }}
+{{- if .Values.makeBucketJob.podAnnotations }}
+      annotations:
+{{ toYaml .Values.makeBucketJob.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+      restartPolicy: OnFailure
+{{- include "minio.imagePullSecrets" . | indent 6 }}
+{{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+{{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- if .Values.makeBucketJob.securityContext.enabled }}
+      securityContext:
+        runAsUser: {{ .Values.makeBucketJob.securityContext.runAsUser }}
+        runAsGroup: {{ .Values.makeBucketJob.securityContext.runAsGroup }}
+        fsGroup: {{ .Values.makeBucketJob.securityContext.fsGroup }}
+{{- end }}
+      volumes:
+        - name: minio-configuration
+          projected:
+            sources:
+            - configMap:
+                name: {{ template "minio.fullname" . }}
+            - secret:
+                name: {{ template "minio.secretName" . }}
+        {{- if .Values.tls.enabled }}
+        - name: cert-secret-volume-mc
+          secret:
+            secretName: {{ .Values.tls.certSecret }}
+            items:
+            - key: {{ .Values.tls.publicCrt }}
+              path: CAs/public.crt
+        {{ end }}
+      containers:
+      - name: minio-mc
+        image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}"
+        imagePullPolicy: {{ .Values.mcImage.pullPolicy }}
+        command: ["/bin/sh", "/config/initialize"]
+        env:
+          - name: MINIO_ENDPOINT
+            value: {{ template "minio.fullname" . }}
+          - name: MINIO_PORT
+            value: {{ .Values.service.port | quote }}
+        volumeMounts:
+          - name: minio-configuration
+            mountPath: /config
+          {{- if .Values.tls.enabled }}
+          - name: cert-secret-volume-mc
+            mountPath: {{ .Values.configPathmc }}certs
+          {{ end }}
+        resources:
+{{ toYaml .Values.makeBucketJob.resources | indent 10 }}
+{{- end }}
diff --git a/helm/minio/templates/post-install-create-user-job.yaml b/helm/minio/templates/post-install-create-user-job.yaml
new file mode 100644
index 000000000..c55febca2
--- /dev/null
+++ b/helm/minio/templates/post-install-create-user-job.yaml
@@ -0,0 +1,86 @@
+{{- if .Values.users }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "minio.fullname" . }}-make-user-job
+  labels:
+    app: {{ template "minio.name" . }}-make-user-job
+    chart: {{ template "minio.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+{{- with .Values.makeUserJob.annotations }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+  template:
+    metadata:
+      labels:
+        app: {{ template "minio.name" . }}-job
+        release: {{ .Release.Name }}
+{{- if .Values.podLabels }}
+{{ toYaml .Values.podLabels | indent 8 }}
+{{- end }}
+{{- if .Values.makeUserJob.podAnnotations }}
+      annotations:
+{{ toYaml .Values.makeUserJob.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+      restartPolicy: OnFailure
+{{- include "minio.imagePullSecrets" . | indent 6 }}
+{{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+{{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- if .Values.makeUserJob.securityContext.enabled }}
+      securityContext:
+        runAsUser: {{ .Values.makeUserJob.securityContext.runAsUser }}
+        runAsGroup: {{ .Values.makeUserJob.securityContext.runAsGroup }}
+        fsGroup: {{ .Values.makeUserJob.securityContext.fsGroup }}
+{{- end }}
+      volumes:
+        - name: minio-configuration
+          projected:
+            sources:
+            - configMap:
+                name: {{ template "minio.fullname" . }}
+            - secret:
+                name: {{ template "minio.secretName" . }}
+        {{- if .Values.tls.enabled }}
+        - name: cert-secret-volume-mc
+          secret:
+            secretName: {{ .Values.tls.certSecret }}
+            items:
+            - key: {{ .Values.tls.publicCrt }}
+              path: CAs/public.crt
+        {{ end }}
+      containers:
+      - name: minio-mc
+        image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}"
+        imagePullPolicy: {{ .Values.mcImage.pullPolicy }}
+        command: ["/bin/sh", "/config/add-user"]
+        env:
+          - name: MINIO_ENDPOINT
+            value: {{ template "minio.fullname" . }}
+          - name: MINIO_PORT
+            value: {{ .Values.service.port | quote }}
+        volumeMounts:
+          - name: minio-configuration
+            mountPath: /config
+          {{- if .Values.tls.enabled }}
+          - name: cert-secret-volume-mc
+            mountPath: {{ .Values.configPathmc }}certs
+          {{ end }}
+        resources:
+{{ toYaml .Values.makeUserJob.resources | indent 10 }}
+{{- end }}
diff --git a/helm/minio/templates/pvc.yaml b/helm/minio/templates/pvc.yaml
new file mode 100644
index 000000000..99f5ca694
--- /dev/null
+++ b/helm/minio/templates/pvc.yaml
@@ -0,0 +1,30 @@
+{{- if eq .Values.mode "standalone" }}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ template "minio.fullname" . }}
+  labels:
+    app: {{ template "minio.name" . }}
+    chart: {{ template "minio.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+  storageClassName: ""
+{{- else }}
+  storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- if .Values.persistence.VolumeName }}
+  volumeName: "{{ .Values.persistence.VolumeName }}"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/helm/minio/templates/secrets.yaml b/helm/minio/templates/secrets.yaml
new file mode 100644
index 000000000..178258b05
--- /dev/null
+++ b/helm/minio/templates/secrets.yaml
@@ -0,0 +1,15 @@
+{{- if not .Values.existingSecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "minio.secretName" . }}
+  labels:
+    app: {{ template "minio.name" . }}
+    chart: {{ template "minio.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+  rootUser: {{ if .Values.rootUser }}{{ .Values.rootUser | toString | b64enc | quote }}{{ else }}{{ randAlphaNum 20 | b64enc | quote }}{{ end }}
+  rootPassword: {{ if .Values.rootPassword }}{{ .Values.rootPassword | toString | b64enc | quote }}{{ else }}{{ randAlphaNum 40 | b64enc | quote }}{{ end }}
+{{- end }}
diff --git a/helm/minio/templates/securitycontextconstraints.yaml b/helm/minio/templates/securitycontextconstraints.yaml
new file mode 100644
index 000000000..4bac7e372
--- /dev/null
+++ b/helm/minio/templates/securitycontextconstraints.yaml
@@ -0,0 +1,45 @@
+{{- if and .Values.securityContext.enabled .Values.persistence.enabled (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  name: {{ template "minio.fullname" . }}
+  labels:
+    app: {{ template "minio.name" . }}
+    chart: {{ template "minio.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+allowHostDirVolumePlugin: false
+allowHostIPC: false
+allowHostNetwork: false
+allowHostPID: false
+allowHostPorts: false
+allowPrivilegeEscalation: true
+allowPrivilegedContainer: false
+allowedCapabilities: []
+readOnlyRootFilesystem: false
+defaultAddCapabilities: []
+requiredDropCapabilities:
+- KILL
+- MKNOD
+- SETUID
+- SETGID
+fsGroup:
+  type: MustRunAs
+  ranges:
+  - max: {{ .Values.securityContext.fsGroup }}
+    min: {{ .Values.securityContext.fsGroup }}
+runAsUser:
+  type: MustRunAs
+  uid: {{ .Values.securityContext.runAsUser }}
+seLinuxContext:
+  type: MustRunAs
+supplementalGroups:
+  type: RunAsAny
+volumes:
+- configMap
+- downwardAPI
+- emptyDir
+- persistentVolumeClaim
+- projected
+- secret
+{{- end }}
diff --git a/helm/minio/templates/service.yaml b/helm/minio/templates/service.yaml
new file mode 100644
index 000000000..ea681e220
--- /dev/null
+++ b/helm/minio/templates/service.yaml
@@ -0,0 +1,47 @@
+{{ $scheme := "http" }}
+{{- if .Values.tls.enabled }}
+{{ $scheme = "https" }}
+{{ end }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "minio.fullname" . }}
+  labels:
+    app: {{ template "minio.name" . }}
+    chart: {{ template "minio.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- if .Values.service.annotations }}
+  annotations:
+{{ toYaml .Values.service.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if (or (eq .Values.service.type "ClusterIP" "") (empty .Values.service.type)) }}
+  type: ClusterIP
+  {{- if not (empty .Values.service.clusterIP) }}
+  clusterIP: {{ .Values.service.clusterIP }}
+  {{end}}
+{{- else if eq .Values.service.type "LoadBalancer" }}
+  type: {{ .Values.service.type }}
+  loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }}
+{{- else }}
+  type: {{ .Values.service.type }}
+{{- end }}
+  ports:
+    - name: {{ $scheme }}
+      port: {{ .Values.service.port }}
+      protocol: TCP
+{{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }}
+      nodePort: {{ .Values.service.nodePort }}
+{{- else }}
+      targetPort: 9000
+{{- end}}
+{{- if .Values.service.externalIPs }}
+  externalIPs:
+{{- range $i , $ip := .Values.service.externalIPs }}
+  - {{ $ip }}
+{{- end }}
+{{- end }}
+  selector:
+    app: {{ template "minio.name" . }}
+    release: {{ .Release.Name }}
diff --git a/helm/minio/templates/statefulset.yaml b/helm/minio/templates/statefulset.yaml
new file mode 100644
index 000000000..bc1d896cb
--- /dev/null
+++ b/helm/minio/templates/statefulset.yaml
@@ -0,0 +1,182 @@
+{{- if eq .Values.mode "distributed" }}
+{{ $zoneCount := .Values.zones | int }}
+{{ $nodeCount := .Values.replicas | int }}
+{{ $drivesPerNode := .Values.drivesPerNode | int }}
+{{ $scheme := "http" }}
+{{- if .Values.tls.enabled }}
+{{ $scheme = "https" }}
+{{ end }}
+{{ $mountPath := .Values.mountPath }}
+{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }}
+{{ $subPath := .Values.persistence.subPath }}
+{{ $penabled := .Values.persistence.enabled }}
+{{ $accessMode := .Values.persistence.accessMode }}
+{{ $storageClass := .Values.persistence.storageClass }}
+{{ $psize := .Values.persistence.size }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "minio.fullname" . }}-svc
+  labels:
+    app: {{ template "minio.name" . }}
+    chart: {{ template "minio.chart" . }}
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+spec:
+  publishNotReadyAddresses: true
+  clusterIP: None
+  ports:
+    - name: {{ $scheme }}
+      port: {{ .Values.service.port }}
+      protocol: TCP
+  selector:
+    app: {{ template "minio.name" . }}
+    release: {{ .Release.Name }}
+---
+apiVersion: {{ template "minio.statefulset.apiVersion" . }}
+kind: StatefulSet
+metadata:
+  name: {{ template "minio.fullname" . }}
+  labels:
+    app: {{ template "minio.name" . }}
+    chart: {{ template "minio.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- if .Values.additionalLabels }}
+{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }}
+{{- end }}
+{{- if .Values.additionalAnnotations }}
+  annotations:
+{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }}
+{{- end }}
+spec:
+  updateStrategy:
+    type: {{ .Values.StatefulSetUpdate.updateStrategy }}
+  podManagementPolicy: "Parallel"
+  serviceName: {{ template "minio.fullname" . }}-svc
+  replicas: {{ mul $zoneCount $nodeCount }}
+  selector:
+    matchLabels:
+      app: {{ template "minio.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      name: {{ template "minio.fullname" . }}
+      labels:
+        app: {{ template "minio.name" . }}
+        release: {{ .Release.Name }}
+{{- if .Values.podLabels }}
+{{ toYaml .Values.podLabels | indent 8 }}
+{{- end }}
+      annotations:
+        checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+{{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }}
+{{- end }}
+    spec:
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{ .Values.priorityClassName }}"
+      {{- end }}
+{{- if and .Values.securityContext.enabled .Values.persistence.enabled }}
+      securityContext:
+        runAsUser: {{ .Values.securityContext.runAsUser }}
+        runAsGroup: {{ .Values.securityContext.runAsGroup }}
+        fsGroup: {{ .Values.securityContext.fsGroup }}
+{{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+
+          command: [ "/bin/sh",
+            "-ce",
+            "/usr/bin/docker-entrypoint.sh minio -S {{ .Values.certsPath }} server --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- range $i := until $zoneCount }}{{ $factor := mul $i $nodeCount }}{{ $endIndex := add $factor $nodeCount }}{{ $beginIndex := mul $i $nodeCount }}  {{ $scheme }}://{{ template `minio.fullname` $ }}-{{ `{` }}{{ $beginIndex }}...{{ sub $endIndex 1 }}{{ `}`}}.{{ template `minio.fullname` $ }}-svc.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}{{if (gt $drivesPerNode 1)}}{{ $bucketRoot }}-{{ `{` }}0...{{ sub $drivesPerNode 1 }}{{ `}` }}{{else}}{{ $bucketRoot }}{{end}}{{- end}}{{- template `minio.extraArgs` . }}" ]
+          volumeMounts:
+            {{- if $penabled }}
+            {{- if (gt $drivesPerNode 1) }}
+            {{- range $i := until $drivesPerNode }}
+            - name: export-{{ $i }}
+              mountPath: {{ $mountPath }}-{{ $i }}
+              {{- if and $penabled $subPath }}
+              subPath: {{ $subPath }}
+              {{- end }}
+            {{- end }}
+            {{- else }}
+            - name: export
+              mountPath: {{ $mountPath }}
+              {{- if and $penabled $subPath }}
+              subPath: {{ $subPath }}
+              {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- include "minio.tlsKeysVolumeMount" . | indent 12 }}
+          ports:
+            - name: {{ $scheme }}
+              containerPort: {{ .Values.minioAPIPort }}
+            - name: {{ $scheme }}-console
+              containerPort: {{ .Values.minioConsolePort }}
+          env:
+            - name: MINIO_ROOT_USER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "minio.secretName" . }}
+                  key: rootUser
+            - name: MINIO_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "minio.secretName" . }}
+                  key: rootPassword
+            {{- range $key, $val := .Values.environment }}
+            - name: {{ $key }}
+              value: {{ $val | quote }}
+            {{- end}}
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+{{- include "minio.imagePullSecrets" . | indent 6 }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+      volumes:
+        - name: minio-user
+          secret:
+            secretName: {{ template "minio.secretName" . }}
+        {{- include "minio.tlsKeysVolume" . | indent 8 }}
+{{- if .Values.persistence.enabled }}
+  volumeClaimTemplates:
+  {{- if gt $drivesPerNode 1 }}
+    {{- range $diskId := until $drivesPerNode}}
+    - metadata:
+        name: export-{{ $diskId }}
+      spec:
+        accessModes: [ {{ $accessMode | quote }} ]
+        {{- if $storageClass }}
+        storageClassName: {{ $storageClass }}
+        {{- end }}
+        resources:
+          requests:
+            storage: {{ $psize }}
+    {{- end }}
+  {{- else }}
+    - metadata:
+        name: export
+      spec:
+        accessModes: [ {{ $accessMode | quote }} ]
+        {{- if $storageClass }}
+        storageClassName: {{ $storageClass }}
+        {{- end }}
+        resources:
+          requests:
+            storage: {{ $psize }}
+  {{- end }}
+{{- end }}
+{{- end }}
diff --git a/helm/minio/values.yaml b/helm/minio/values.yaml
new file mode 100644
index 000000000..fedd1d2e0
--- /dev/null
+++ b/helm/minio/values.yaml
@@ -0,0 +1,312 @@
+## Provide a name in place of minio for `app:` labels
+##
+nameOverride: ""
+
+## Provide a name to substitute for the full names of resources
+##
+fullnameOverride: ""
+
+## set kubernetes cluster domain where minio is running
+##
+clusterDomain: cluster.local
+
+## Set default image, imageTag, and imagePullPolicy. mode is used to indicate the
+##
+image:
+  repository: minio/minio
+  tag: RELEASE.2021-08-17T20-53-08Z
+  pullPolicy: IfNotPresent
+
+imagePullSecrets: []
+# - name: "image-pull-secret"
+
+## Set default image, imageTag, and imagePullPolicy for the `mc` (the minio
+## client used to create a default bucket).
+##
+mcImage:
+  repository: minio/mc
+  tag: RELEASE.2021-07-27T06-46-19Z
+  pullPolicy: IfNotPresent
+
+## minio server mode, i.e. standalone or distributed.
+## Distributed MinIO ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide
+##
+mode: distributed
+
+## Additional labels to include with deployment or statefulset
+additionalLabels: []
+
+## Additional annotations to include with deployment or statefulset
+additionalAnnotations: []
+
+## Additional arguments to pass to minio binary
+extraArgs: []
+
+## Port number for MinIO S3 API Access
+minioAPIPort: "9000"
+
+## Port number for MinIO Browser COnsole Access
+minioConsolePort: "9001"
+
+## Update strategy for Deployments
+DeploymentUpdate:
+  type: RollingUpdate
+  maxUnavailable: 0
+  maxSurge: 100%
+
+## Update strategy for StatefulSets
+StatefulSetUpdate:
+  updateStrategy: RollingUpdate
+
+## Pod priority settings
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+##
+priorityClassName: ""
+
+## Set default rootUser, rootPassword
+## AccessKey and secretKey is generated when not set
+## Distributed MinIO ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide
+##
+rootUser: ""
+rootPassword: ""
+
+## Use existing Secret that store following variables:
+##
+## | Chart var             | .data.<key> in Secret    |
+## |:----------------------|:-------------------------|
+## | rootUser              | rootUser                 |
+## | rootPassword          | rootPassword             |
+##
+## All mentioned variables will be ignored in values file.
+## .data.rootUser and .data.rootPassword are mandatory,
+## others depend on enabled status of corresponding sections.
+existingSecret: ""
+
+## Directory on the MinIO pof
+certsPath: "/etc/minio/certs/"
+configPathmc: "/etc/minio/mc/"
+
+## Path where PV would be mounted on the MinIO Pod
+mountPath: "/export"
+## Override the root directory which the minio server should serve from.
+## If left empty, it defaults to the value of {{ .Values.mountPath }}
+## If defined, it must be a sub-directory of the path specified in {{ .Values.mountPath }}
+##
+bucketRoot: ""
+
+# Number of drives attached to a node
+drivesPerNode: 1
+# Number of MinIO containers running
+replicas: 4
+# Number of expanded MinIO clusters
+zones: 1
+
+## TLS Settings for MinIO
+tls:
+  enabled: false
+  ## Create a secret with private.key and public.crt files and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
+  certSecret: ""
+  publicCrt: public.crt
+  privateKey: private.key
+
+## Trusted Certificates Settings for MinIO. Ref: https://docs.minio.io/docs/how-to-secure-access-to-minio-server-with-tls#install-certificates-from-third-party-cas
+## Bundle multiple trusted certificates into one secret and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
+## When using self-signed certificates, remember to include MinIO's own certificate in the bundle with key public.crt.
+## If certSecret is left empty and tls is enabled, this chart installs the public certificate from .Values.tls.certSecret.
+trustedCertsSecret: ""
+
+## Enable persistence using Persistent Volume Claims
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+##
+persistence:
+  enabled: true
+  annotations: {}
+
+  ## A manually managed Persistent Volume and Claim
+  ## Requires persistence.enabled: true
+  ## If defined, PVC must be created manually before volume will be bound
+  existingClaim: ""
+
+  ## minio data Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  ## Storage class of PV to bind. By default it looks for standard storage class.
+  ## If the PV uses a different storage class, specify that here.
+  storageClass: ""
+  VolumeName: ""
+  accessMode: ReadWriteOnce
+  size: 500Gi
+
+  ## If subPath is set mount a sub folder of a volume instead of the root of the volume.
+  ## This is especially handy for volume plugins that don't natively support sub mounting (like glusterfs).
+  ##
+  subPath: ""
+
+## Expose the MinIO service to be accessed from outside the cluster (LoadBalancer service).
+## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
+## ref: http://kubernetes.io/docs/user-guide/services/
+##
+service:
+  type: ClusterIP
+  clusterIP: ~
+  ## Make sure to match it to minioAPIPort
+  port: "9000"
+  nodePort: 32000
+
+## Configure Ingress based on the documentation here: https://kubernetes.io/docs/concepts/services-networking/ingress/
+##
+
+ingress:
+  enabled: false
+  labels: {}
+    # node-role.kubernetes.io/ingress: platform
+
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    # kubernetes.io/ingress.allow-http: "false"
+    # kubernetes.io/ingress.global-static-ip-name: ""
+    # nginx.ingress.kubernetes.io/secure-backends: "true"
+    # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0
+  path: /
+  hosts:
+    - chart-example.local
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+consoleService:
+  type: ClusterIP
+  clusterIP: ~
+  ## Make sure to match it to minioConsolePort
+  port: "9001"
+  nodePort: 32001
+
+consoleIngress:
+  enabled: false
+  labels: {}
+    # node-role.kubernetes.io/ingress: platform
+
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    # kubernetes.io/ingress.allow-http: "false"
+    # kubernetes.io/ingress.global-static-ip-name: ""
+    # nginx.ingress.kubernetes.io/secure-backends: "true"
+    # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0
+  path: /
+  hosts:
+    - chart-example.local
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+tolerations: []
+affinity: {}
+
+## Add stateful containers to have security context, if enabled MinIO will run as this
+## user and group NOTE: securityContext is only enabled if persistence.enabled=true
+securityContext:
+  enabled: true
+  runAsUser: 1000
+  runAsGroup: 1000
+  fsGroup: 1000
+
+# Additational pod annotations
+podAnnotations: {}
+
+# Additional pod labels
+podLabels: {}
+
+## Configure resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+  requests:
+    memory: 16Gi
+
+## List of users to be created after minio install
+##
+users:
+  ## Username, password and policy to be assigned to the user
+  ## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics]
+  ## Add new policies as explained here https://docs.min.io/docs/minio-multi-user-quickstart-guide.html
+  ## NOTE: this will fail if LDAP is enabled in your MinIO deployment
+  ## make sure to disable this if you are using LDAP.
+  - accessKey: console
+    secretKey: console123
+    policy: consoleAdmin
+
+## Additional Annotations for the Kubernetes Job makeUserJob
+makeUserJob:
+  podAnnotations:
+  annotations:
+  securityContext:
+    enabled: false
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 1000
+  resources:
+    requests:
+      memory: 128Mi
+
+## List of buckets to be created after minio install
+##
+buckets:
+  #   # Name of the bucket
+  # - name: bucket1
+  #   # Policy to be set on the
+  #   # bucket [none|download|upload|public]
+  #   policy: none
+  #   # Purge if bucket exists already
+  #   purge: false
+  #   # set versioning for
+  #   # bucket [true|false]
+  #   versioning: false
+  # - name: bucket2
+  #   policy: none
+  #   purge: false
+  #   versioning: true
+
+## Additional Annotations for the Kubernetes Job makeBucketJob
+makeBucketJob:
+  podAnnotations:
+  annotations:
+  securityContext:
+    enabled: false
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 1000
+  resources:
+    requests:
+      memory: 128Mi
+
+## Use this field to add environment variables relevant to MinIO server. These fields will be passed on to MinIO container(s)
+## when Chart is deployed
+environment:
+  ## Please refer for comprehensive list https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html
+  ## MINIO_SUBNET_LICENSE: "License key obtained from https://subnet.min.io"
+  ## MINIO_BROWSER: "off"
+
+networkPolicy:
+  enabled: false
+  allowExternal: true
+
+## PodDisruptionBudget settings
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
+##
+podDisruptionBudget:
+  enabled: false
+  maxUnavailable: 1