41 lines
1.3 KiB
YAML
41 lines
1.3 KiB
YAML
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: minio-oidc-bootstrap
|
|
namespace: infra
|
|
spec:
|
|
template:
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
containers:
|
|
- name: mc
|
|
image: quay.io/minio/mc
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
set -e
|
|
|
|
echo "🔐 Waiting for MinIO readiness..."
|
|
until mc alias set myminio http://minio-bitnami.infra.svc.cluster.local:9000 minioadmin minioadmin; do
|
|
echo "⏳ Retrying..."
|
|
sleep 5
|
|
done
|
|
|
|
echo "📜 Creating policies..."
|
|
mc admin policy create myminio admin-policy /config/admin-policy.json || true
|
|
mc admin policy create myminio user-policy /config/user-policy.json || true
|
|
|
|
echo "🔗 Attaching policies to OIDC groups..."
|
|
mc admin policy attach myminio admin-policy --group minio-admins || true
|
|
mc admin policy attach myminio user-policy --group minio-users || true
|
|
|
|
echo "✅ MinIO OIDC bootstrap complete."
|
|
volumeMounts:
|
|
- name: policy-config
|
|
mountPath: /config
|
|
volumes:
|
|
- name: policy-config
|
|
configMap:
|
|
name: minio-policies
|