38 lines
1.2 KiB
YAML
38 lines
1.2 KiB
YAML
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: minio-oidc-bootstrap
|
|
namespace: infra
|
|
spec:
|
|
template:
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
containers:
|
|
- name: mc
|
|
image: quay.io/minio/mc
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
set -e
|
|
|
|
echo "🔐 Setting up mc alias..."
|
|
mc alias set myminio http://minio-bitnami.infra.svc.cluster.local:9000 minioadmin minioadmin
|
|
|
|
echo "📜 Creating policies..."
|
|
mc admin policy create myminio admin-policy /config/admin-policy.json || true
|
|
mc admin policy create myminio user-policy /config/user-policy.json || true
|
|
|
|
echo "🔗 Attaching policies to OIDC groups..."
|
|
mc admin policy attach myminio admin-policy group=minio-admins || true
|
|
mc admin policy attach myminio user-policy group=minio-users || true
|
|
|
|
echo "✅ MinIO OIDC bootstrap complete."
|
|
volumeMounts:
|
|
- name: policy-config
|
|
mountPath: /config
|
|
volumes:
|
|
- name: policy-config
|
|
configMap:
|
|
name: minio-policies
|