apiVersion: batch/v1
kind: Job
metadata:
  name: minio-a-init
  namespace: minio-velero
spec:
  backoffLimit: 3
  template:
    spec:
      restartPolicy: OnFailure
      containers:
      - name: init
        image: bitnami/minio-client:latest
        command: ["/bin/sh","-lc"]
        env:
        - name: MINIO_ENDPOINT
          value: "http://minio-a.minio-velero.svc.cluster.local:9000"
        - name: MINIO_ROOT_USER
          valueFrom:
            secretKeyRef:
              name: minio-root
              key: MINIO_ROOT_USER
        - name: MINIO_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: minio-root
              key: MINIO_ROOT_PASSWORD
        args:
        - |
          set -euo pipefail
          echo "[init-a] waiting for $MINIO_ENDPOINT ..."
          until curl -sf "$MINIO_ENDPOINT/minio/health/ready" >/dev/null; do sleep 2; done
          echo "[init-a] configuring bucket/user/policy"
          mc alias set minioA "$MINIO_ENDPOINT" "$MINIO_ROOT_USER" "$MINIO_ROOT_PASSWORD"
          mc mb minioA/velero-backups || true
          mc version enable minioA/velero-backups || true
          mc admin user add minioA velero Velero12345 || true
          cat > /tmp/policy.json <<'EOF'
          { "Version":"2012-10-17",
            "Statement":[
              {"Effect":"Allow","Action":["s3:*"],
               "Resource":["arn:aws:s3:::velero-backups","arn:aws:s3:::velero-backups/*"]}
            ]}
          EOF
          mc admin policy create minioA velero-rw /tmp/policy.json || true
          mc admin policy attach minioA velero-rw --user velero || true
          echo "[init-a] verifying with velero creds"
          mc alias set a-vel "$MINIO_ENDPOINT" velero Velero12345
          mc ls a-vel/velero-backups >/dev/null
          echo "[init-a] done"