From 3acbed5822e26bf8d4ac16a85e58ca686e179c7d Mon Sep 17 00:00:00 2001
From: pjuarezd <pjuarezd@users.noreply.github.com>
Date: Sun, 5 Nov 2023 14:06:32 -0800
Subject: [PATCH] MC job to setup buckets using STS

Signed-off-by: pjuarezd <pjuarezd@users.noreply.github.com>
---
 .../sts-example/sample-data/kustomization.yaml  |  4 +++-
 .../sample-data/mc-job-policy-binding.yaml      | 11 +++++++++++
 .../sts-example/sample-data/mc-job-sa.yaml      |  5 +++++
 ...tup-bucket.yaml => mc-job-setup-bucket.yaml} | 17 ++++++-----------
 4 files changed, 25 insertions(+), 12 deletions(-)
 create mode 100644 examples/kustomization/sts-example/sample-data/mc-job-policy-binding.yaml
 create mode 100644 examples/kustomization/sts-example/sample-data/mc-job-sa.yaml
 rename examples/kustomization/sts-example/sample-data/{iam-setup-bucket.yaml => mc-job-setup-bucket.yaml} (77%)

diff --git a/examples/kustomization/sts-example/sample-data/kustomization.yaml b/examples/kustomization/sts-example/sample-data/kustomization.yaml
index c0c07c4cdaf..a2d8330901c 100644
--- a/examples/kustomization/sts-example/sample-data/kustomization.yaml
+++ b/examples/kustomization/sts-example/sample-data/kustomization.yaml
@@ -1,4 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - iam-setup-bucket.yaml
\ No newline at end of file
+  - mc-job-sa.yaml
+  - mc-job-policy-binding.yaml
+  - mc-job-setup-bucket.yaml
\ No newline at end of file
diff --git a/examples/kustomization/sts-example/sample-data/mc-job-policy-binding.yaml b/examples/kustomization/sts-example/sample-data/mc-job-policy-binding.yaml
new file mode 100644
index 00000000000..e676e9996e4
--- /dev/null
+++ b/examples/kustomization/sts-example/sample-data/mc-job-policy-binding.yaml
@@ -0,0 +1,11 @@
+apiVersion: sts.min.io/v1alpha1
+kind: PolicyBinding
+metadata:
+  name: mc-job-binding
+  namespace: minio-tenant-1
+spec:
+  application:
+    namespace: minio-tenant-1
+    serviceaccount: mc-job-sa
+  policies:
+    - consoleAdmin
\ No newline at end of file
diff --git a/examples/kustomization/sts-example/sample-data/mc-job-sa.yaml b/examples/kustomization/sts-example/sample-data/mc-job-sa.yaml
new file mode 100644
index 00000000000..88c5ba8da0d
--- /dev/null
+++ b/examples/kustomization/sts-example/sample-data/mc-job-sa.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: minio-tenant-1
+  name: mc-job-sa
\ No newline at end of file
diff --git a/examples/kustomization/sts-example/sample-data/iam-setup-bucket.yaml b/examples/kustomization/sts-example/sample-data/mc-job-setup-bucket.yaml
similarity index 77%
rename from examples/kustomization/sts-example/sample-data/iam-setup-bucket.yaml
rename to examples/kustomization/sts-example/sample-data/mc-job-setup-bucket.yaml
index f36016a7aa7..7635168c701 100644
--- a/examples/kustomization/sts-example/sample-data/iam-setup-bucket.yaml
+++ b/examples/kustomization/sts-example/sample-data/mc-job-setup-bucket.yaml
@@ -35,7 +35,8 @@ spec:
   backoffLimit: 5
   template:
     spec:
-      restartPolicy: OnFailure
+      serviceAccountName: mc-job-sa
+      restartPolicy: Never
       volumes:
         - name: start-config
           configMap:
@@ -49,15 +50,9 @@ spec:
             - name: start-config
               mountPath: /start-config/
           env:
-            - name: ACCESS_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: storage-user
-                  key: CONSOLE_ACCESS_KEY
-            - name: SECRET_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: storage-user
-                  key: CONSOLE_SECRET_KEY
             - name: MC_HOST_local
               value: https://$(ACCESS_KEY):$(SECRET_KEY)@minio.minio-tenant-1.svc.cluster.local
+            - name: MC_STS_ENDPOINT
+              value: https://sts.minio-operator.svc.cluster.local:4223/sts/minio-tenant-1
+            - name: MC_WEB_IDENTITY_TOKEN_FILE
+              value: /var/run/secrets/kubernetes.io/serviceaccount/token