# One-shot job to create the default bucket in MinIO. # Applied by 03-deploy.sh after MinIO is running. # Re-running is safe — mc mb --ignore-existing is idempotent. apiVersion: batch/v1 kind: Job metadata: name: minio-create-bucket namespace: honeydue labels: app.kubernetes.io/name: minio app.kubernetes.io/part-of: honeydue spec: ttlSecondsAfterFinished: 300 backoffLimit: 5 template: metadata: labels: app.kubernetes.io/name: minio-init app.kubernetes.io/part-of: honeydue spec: securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 seccompProfile: type: RuntimeDefault containers: - name: mc image: minio/mc:latest command: - sh - -c - | echo "Waiting for MinIO to be ready..." until mc alias set honeydue http://minio.honeydue.svc.cluster.local:9000 "$MINIO_ROOT_USER" "$MINIO_ROOT_PASSWORD" 2>/dev/null; do sleep 2 done echo "Creating bucket: $BUCKET_NAME" mc mb --ignore-existing "honeydue/$BUCKET_NAME" echo "Bucket ready." securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: ["ALL"] env: - name: MINIO_ROOT_USER valueFrom: configMapKeyRef: name: honeydue-config key: MINIO_ROOT_USER - name: MINIO_ROOT_PASSWORD valueFrom: secretKeyRef: name: honeydue-secrets key: MINIO_ROOT_PASSWORD - name: BUCKET_NAME valueFrom: configMapKeyRef: name: honeydue-config key: B2_BUCKET_NAME volumeMounts: - name: tmp mountPath: /tmp - name: mc-config mountPath: /.mc resources: requests: cpu: 50m memory: 32Mi limits: cpu: 200m memory: 64Mi volumes: - name: tmp emptyDir: sizeLimit: 16Mi - name: mc-config emptyDir: sizeLimit: 16Mi restartPolicy: OnFailure