42 lines
1.3 KiB
YAML
42 lines
1.3 KiB
YAML
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: minio-oidc-bootstrap
|
|
namespace: infra
|
|
spec:
|
|
template:
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
containers:
|
|
- name: mc
|
|
image: quay.io/minio/mc
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
set -e
|
|
|
|
echo "🔐 Setting up mc alias..."
|
|
mc alias set myminio http://minio-bitnami.infra.svc.cluster.local:9000 minioadmin minioadmin
|
|
|
|
echo "📜 Creating policies..."
|
|
mc admin policy create myminio admin-policy /config/admin-policy.json || true
|
|
mc admin policy create myminio user-policy /config/user-policy.json || true
|
|
|
|
echo "👥 Creating groups (via group add)..."
|
|
mc admin group add myminio minio-admins || true
|
|
mc admin group add myminio minio-users || true
|
|
|
|
echo "🔗 Attaching policies to groups..."
|
|
mc admin policy set myminio admin-policy --group minio-admins || true
|
|
mc admin policy set myminio user-policy --group minio-users || true
|
|
|
|
echo "✅ MinIO OIDC bootstrap complete."
|
|
volumeMounts:
|
|
- name: policy-config
|
|
mountPath: /config
|
|
volumes:
|
|
- name: policy-config
|
|
configMap:
|
|
name: minio-policies
|