Add bootstrap to oidc

argocd-apps/oidc-bootstraps.yaml

@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: oidc-bootstrap
+  namespace: argocd
+spec:
+  project: infra
+  source:
+    repoURL: https://git.dvirlabs.com/infra.git
+    targetRevision: HEAD
+    path: manifests/oidc-bootstrap/minio
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: infra
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true

manifests/oidc-bootstrap/minio/minio-bootstrap-job.yaml

@@ -0,0 +1,37 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: minio-oidc-bootstrap
+  namespace: infra
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: mc
+          image: quay.io/minio/mc
+          command:
+            - /bin/sh
+            - -c
+            - |
+              set -e
+
+              echo "🔐 Setting up mc alias..."
+              mc alias set myminio https://minio.dvirlabs.com minioadmin minioadmin
+
+              echo "📜 Uploading policies..."
+              mc admin policy add myminio admin-policy /config/admin-policy.json || true
+              mc admin policy add myminio user-policy /config/user-policy.json || true
+
+              echo "👥 Mapping groups..."
+              mc admin group add myminio minio-admins --policy admin-policy || true
+              mc admin group add myminio minio-users --policy user-policy || true
+
+              echo "✅ MinIO OIDC bootstrap complete."
+          volumeMounts:
+            - name: policy-config
+              mountPath: /config
+      volumes:
+        - name: policy-config
+          configMap:
+            name: minio-policies

manifests/oidc-bootstrap/minio/minio-policies-configmap.yaml

@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: minio-policies
+  namespace: infra
+data:
+  admin-policy.json: |
+    {
+      "Version": "2012-10-17",
+      "Statement": [{
+        "Effect": "Allow",
+        "Action": ["*"],
+        "Resource": ["*"]
+      }]
+    }
+  user-policy.json: |
+    {
+      "Version": "2012-10-17",
+      "Statement": [{
+        "Effect": "Allow",
+        "Action": [
+          "s3:GetBucketLocation",
+          "s3:ListBucket",
+          "s3:GetObject",
+          "s3:PutObject",
+          "s3:DeleteObject"
+        ],
+        "Resource": [
+          "arn:aws:s3:::mybucket",
+          "arn:aws:s3:::mybucket/*"
+        ]
+      }]
+    }