diff --git a/argocd-apps/extra-resources.yaml b/argocd-apps/extra-resources.yaml
new file mode 100644
index 0000000..4c09b5b
--- /dev/null
+++ b/argocd-apps/extra-resources.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: extra-resources
+  namespace: argocd
+spec:
+  project: infra
+  source:
+    repoURL: https://git.dvirlabs.com/dvirlabs/infra.git
+    targetRevision: HEAD
+    path: manifests/extra-resources
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: infra
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
diff --git a/manifests/extra-resources/minio/ingress-api.yaml b/manifests/extra-resources/minio/ingress-api.yaml
new file mode 100644
index 0000000..65b06f7
--- /dev/null
+++ b/manifests/extra-resources/minio/ingress-api.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: minio-api
+  namespace: infra
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  ingressClassName: traefik
+  rules:
+    - host: s3.dvirlabs.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: minio
+                port:
+                  number: 9000
+  tls:
+    - hosts:
+        - s3.dvirlabs.com
diff --git a/manifests/oidc-bootstrap/minio/minio-bootstrap-job.yaml b/manifests/oidc-bootstrap/minio/minio-bootstrap-job.yaml
index 8fcc655..8c79dc9 100644
--- a/manifests/oidc-bootstrap/minio/minio-bootstrap-job.yaml
+++ b/manifests/oidc-bootstrap/minio/minio-bootstrap-job.yaml
@@ -16,16 +16,19 @@ spec:
             - |
               set -e
 
-              echo "🔐 Setting up mc alias..."
-              mc alias set myminio http://minio-bitnami.infra.svc.cluster.local:9000 minioadmin minioadmin
+              echo "🔐 Waiting for MinIO readiness..."
+              until mc alias set myminio http://minio-bitnami.infra.svc.cluster.local:9000 minioadmin minioadmin; do
+                echo "⏳ Retrying..."
+                sleep 5
+              done
 
               echo "📜 Creating policies..."
               mc admin policy create myminio admin-policy /config/admin-policy.json || true
               mc admin policy create myminio user-policy /config/user-policy.json || true
 
               echo "🔗 Attaching policies to OIDC groups..."
-              mc admin policy set myminio admin-policy group=minio-admins || true
-              mc admin policy set myminio user-policy group=minio-users || true
+              mc admin policy attach myminio admin-policy --group minio-admins || true
+              mc admin policy attach myminio user-policy --group minio-users || true
 
               echo "✅ MinIO OIDC bootstrap complete."
           volumeMounts: