Merge branch 'master' of https://git.dvirlabs.com/dvirlabs/infra

2025-06-06 18:55:36 +03:00 · 2025-06-06 18:55:36 +03:00 · feb89d4a74
commit feb89d4a74
parent dc0ddec51b be4739447a
3 changed files with 51 additions and 4 deletions
--- a/argocd-apps/extra-resources.yaml
+++ b/argocd-apps/extra-resources.yaml
@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: extra-resources
+  namespace: argocd
+spec:
+  project: infra
+  source:
+    repoURL: https://git.dvirlabs.com/dvirlabs/infra.git
+    targetRevision: HEAD
+    path: manifests/extra-resources
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: infra
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
--- a/manifests/extra-resources/minio/ingress-api.yaml
+++ b/manifests/extra-resources/minio/ingress-api.yaml
@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: minio-api
+  namespace: infra
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  ingressClassName: traefik
+  rules:
+    - host: s3.dvirlabs.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: minio
+                port:
+                  number: 9000
+  tls:
+    - hosts:
+        - s3.dvirlabs.com
--- a/manifests/oidc-bootstrap/minio/minio-bootstrap-job.yaml
+++ b/manifests/oidc-bootstrap/minio/minio-bootstrap-job.yaml
@ -16,16 +16,19 @@ spec:
            - |
              set -e

-              echo "🔐 Setting up mc alias..."
-              mc alias set myminio http://minio-bitnami.infra.svc.cluster.local:9000 minioadmin minioadmin
+              echo "🔐 Waiting for MinIO readiness..."
+              until mc alias set myminio http://minio-bitnami.infra.svc.cluster.local:9000 minioadmin minioadmin; do
+                echo "⏳ Retrying..."
+                sleep 5
+              done

              echo "📜 Creating policies..."
              mc admin policy create myminio admin-policy /config/admin-policy.json || true
              mc admin policy create myminio user-policy /config/user-policy.json || true

              echo "🔗 Attaching policies to OIDC groups..."
-              mc admin policy set myminio admin-policy group=minio-admins || true
-              mc admin policy set myminio user-policy group=minio-users || true
+              mc admin policy attach myminio admin-policy --group minio-admins || true
+              mc admin policy attach myminio user-policy --group minio-users || true

              echo "✅ MinIO OIDC bootstrap complete."
          volumeMounts: