Update for minio

yonote-chart-service/templates/mcJob.yaml

@@ -21,11 +21,92 @@ spec:
                 echo "Waiting for MinIO to be ready..."
                 sleep 5
               done
+              echo "MinIO is ready and alias is set."
+
+              # Создание пользователя
+              if ! mc admin user add myminio {{ .Values.minio.customUser }} {{ .Values.minio.customAccessKey }}; then
+                echo "User {{ .Values.minio.customUser }} already exists or failed to create."
+              else
+                echo "User {{ .Values.minio.customUser }} created successfully."
+              fi
+
+              # Назначение политики для нового пользователя
+              cat <<EOF > /tmp/minio-user-policy.json
+              {
+                "Version": "2012-10-17",
+                "Statement": [
+                  {
+                    "Sid": "VisualEditor",
+                    "Effect": "Allow",
+                    "Action": [
+                      "s3:DeleteObject",
+                      "s3:GetObject",
+                      "s3:PutObject"
+                    ],
+                    "Resource": [
+                      "arn:aws:s3:::yonote-bucket/*"
+                    ]
+                  }
+                ]
+              }
+              EOF
+              echo "User policy JSON file created."
+
+              mc admin policy create myminio yonote-policy /tmp/minio-user-policy.json
+              echo "User policy created and applied."
+
+              # Создание бакета
               if ! mc ls myminio/yonote-bucket; then
                 mc mb myminio/yonote-bucket
+                echo "Bucket yonote-bucket created successfully."
               else
                 echo "Bucket yonote-bucket already exists."
               fi
+
+              # Установка политик для бакета
+              cat <<EOF > /tmp/minio-bucket-policy.json
+              {
+                "Version": "2012-10-17",
+                "Statement": [
+                  {
+                    "Effect": "Allow",
+                    "Principal": {
+                      "AWS": [
+                        "*"
+                      ]
+                    },
+                    "Action": [
+                      "s3:GetBucketLocation"
+                    ],
+                    "Resource": [
+                      "arn:aws:s3:::yonote-bucket"
+                    ]
+                  },
+                  {
+                    "Effect": "Allow",
+                    "Principal": {
+                      "AWS": [
+                        "*"
+                      ]
+                    },
+                    "Action": [
+                      "s3:GetObject"
+                    ],
+                    "Resource": [
+                      "arn:aws:s3:::yonote-bucket/*"
+                    ]
+                  }
+                ]
+              }
+              EOF
+              echo "Bucket policy JSON file created."
+
+              mc anonymous set-json /tmp/minio-bucket-policy.json myminio/yonote-bucket
+              echo "Bucket policy applied."
+
+              mc admin policy attach myminio yonote-policy --user={{ .Values.minio.customUser }}
+              echo "Policy attached to user {{ .Values.minio.customUser }}."
+
           resources:
             requests:
               memory: "128Mi"
@@ -35,5 +116,5 @@ spec:
               cpu: "200m"
       restartPolicy: OnFailure
   backoffLimit: 5
-  ttlSecondsAfterFinished: 100
+  ttlSecondsAfterFinished: 180
 {{- end }}