From d6fa969a7fa8fb3c189f6e7df76f9f9c29de3b29 Mon Sep 17 00:00:00 2001
From: titver968 <vermesan@hotmail.com>
Date: Tue, 9 Dec 2025 08:17:03 +0100
Subject: [PATCH] debug

---
 argocd/apps/minio/.minio.yaml.swp          | Bin 12288 -> 0 bytes
 config/minio/minio-policies-configmap.yaml |  61 ++++++++++++++++
 config/minio/minio-setup-job.yaml          |  77 +++++++++++++++++++++
 config/minio/minio-users-secret.yaml       |  13 ++++
 4 files changed, 151 insertions(+)
 delete mode 100644 argocd/apps/minio/.minio.yaml.swp
 create mode 100644 config/minio/minio-policies-configmap.yaml
 create mode 100644 config/minio/minio-setup-job.yaml
 create mode 100644 config/minio/minio-users-secret.yaml

diff --git a/argocd/apps/minio/.minio.yaml.swp b/argocd/apps/minio/.minio.yaml.swp
deleted file mode 100644
index dbe958d027c6f8b3ad3ab5a66f627f98302b2bfa..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 12288
zcmeI2O^6&t6vt}?zY`TD9t5$oiwp+3XJ=P}84M&QhYYycW#i`JLQ>QHW~Q8;s-~)X
z*7cwsy^BW=diUVfi$Nq8!GqpB1i`x>Cp~!ZUp?Kkv!TZs0}6&}_)RliRqws}*Q<U5
zQ{DCJovq+p)MB`vV(jLZXT_;Oe`R!zF)M6t#-vANxODAvE<2`hi^s1iH4HBbJ*O9A
z?;bPQ><df0DWp_`yxSaZnkLtM6(>!eWu`e2QmDyibjU~PT&uppE8rDaPJxqbbECEH
z`mU{>4xV{>Z@FQ<msh|m;1%!+cm=!yUIDLwSHLT9UnpR+74{xx@<2J83*~*~u6y~_
z-@F1|0k42pz$@St@CtYZyaHYUuYgy;E8rFQA1c5T#(sQ|u|FO{@c94#LOF*!Pcrrm
zxCK53pMo(^;7zato(CtuuTL;`2Ye51fser$?15LobKs|wjNJyG0RgtbpC|Af+y?K1
z8{j4I^W%(t2oAtC&<3Z#505eS1^5J90xyC)k23Z(kYEqI0)Bafv2Vdg;0<sYJPR23
z?P12g17Cp;z}uh;w!wMu0&rUV?)31NSHLUa74Qn&cM7Zp#T5p-WHO3vr!SSJ%c9pK
zO)@5P-s+s#wA&?3+|pH!vv3)YX{Oa2%6L1oLP^uE`e!<q)DC7%7)pCrh^Mnpd2ZDR
zW|Qf_Ajnh_8j5o*>|r#_yQC#qG7%2Lk?biQ!|rOP#aN`&r)0Hqner~BrX5VakGSM$
zoyNOGmM7fu!jX%3N2MY@Ed9!ATJ4}Xb~mwMNaOHdJ7^57%}l%5oQWo(9?w%7nQ`23
zy%RE4NbXdanM)9id72~O2G2xjHY0b~Z(Q^Wapo_Sf)dh(#{)w$N+`6cX$0jI-1>xp
z3#}bsct`d%8541su!RX|GI_QiK`>3$R9d*9mFE=CL#(Ji%xn>=Yg}kKCT+ush<YE|
z?>FN#H<olLjLAvQdMXy>n$?JAc5x?usxVwCEbrcGPCYS%=W2#W+E2pKDn~T?5fqz^
zrF2)0KWbSZ<lWY%ZsU}jItPsd>K0l0uS|-h#d0Yj>z8z~mi4MEnT3D9Oao=COUff{
zk8*8sU?h1rrKD!?RM4ZgYSGHoIF|a$XUGCEm)w=hMK#Tvd*6_Cll`xDW1a8ig|1J!
zxm&T$*+1Whb5gD{ULR9q@uJskg39JS?0{<M{Pb^h@Ls=?cegrMJKHxl);C^0T@wNd
z<{;8a*&V!=4wRm5q>O9qNxTuO8a$wMR92#Rz_mSA*(?s4lij7UFs@()t+UaY=*%R=
zGj0dRI%~?*-tOxtVw(EG;LQ}aqC~|*(yl0Xg?k-{!igzDHY#^j+L_C=dJ8`;+Nh63
zy<}_d$41c<1}JAmPZRb~I#clu3{FnK7dJN+4xE{3`($>Lnpjq9%(|-VLm`uPa52kJ
c+KURw)=)UFLzH5c&UR_EId1VZ8}JtU3jkFlwg3PC

diff --git a/config/minio/minio-policies-configmap.yaml b/config/minio/minio-policies-configmap.yaml
new file mode 100644
index 0000000..8bb15df
--- /dev/null
+++ b/config/minio/minio-policies-configmap.yaml
@@ -0,0 +1,61 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: minio-policies
+  namespace: minio
+data:
+  # Policy: Vollzugriff auf tatort
+  policy-tatort.json: |
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "s3:GetBucketLocation",
+            "s3:ListBucket",
+            "s3:ListBucketMultipartUploads"
+          ],
+          "Resource": ["arn:aws:s3:::tatort"]
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "s3:GetObject",
+            "s3:PutObject",
+            "s3:DeleteObject",
+            "s3:ListMultipartUploadParts",
+            "s3:AbortMultipartUpload"
+          ],
+          "Resource": ["arn:aws:s3:::tatort/*"]
+        }
+      ]
+    }
+
+  # Policy: Vollzugriff auf tatort-dev
+  policy-tatort-dev.json: |
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "s3:GetBucketLocation",
+            "s3:ListBucket",
+            "s3:ListBucketMultipartUploads"
+          ],
+          "Resource": ["arn:aws:s3:::tatort-dev"]
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "s3:GetObject",
+            "s3:PutObject",
+            "s3:DeleteObject",
+            "s3:ListMultipartUploadParts",
+            "s3:AbortMultipartUpload"
+          ],
+          "Resource": ["arn:aws:s3:::tatort-dev/*"]
+        }
+      ]
+    }
diff --git a/config/minio/minio-setup-job.yaml b/config/minio/minio-setup-job.yaml
new file mode 100644
index 0000000..66ae7f1
--- /dev/null
+++ b/config/minio/minio-setup-job.yaml
@@ -0,0 +1,77 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: minio-setup-users
+  namespace: minio
+spec:
+  ttlSecondsAfterFinished: 600
+  backoffLimit: 5
+  template:
+    spec:
+      restartPolicy: OnFailure
+      volumes:
+        - name: policies
+          configMap:
+            name: minio-policies
+      containers:
+        - name: mc
+          image: minio/mc:latest
+          volumeMounts:
+            - name: policies
+              mountPath: /policies
+          env:
+            - name: MINIO_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: minio
+                  key: root-password
+            - name: TATORT_ACCESS
+              valueFrom:
+                secretKeyRef:
+                  name: minio-users
+                  key: tatort-access-key
+            - name: TATORT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: minio-users
+                  key: tatort-secret-key
+            - name: TATORT_DEV_ACCESS
+              valueFrom:
+                secretKeyRef:
+                  name: minio-users
+                  key: tatort-dev-access-key
+            - name: TATORT_DEV_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: minio-users
+                  key: tatort-dev-secret-key
+          command:
+            - /bin/sh
+            - -c
+            - |
+              set -e
+
+              echo "Warte auf MinIO..."
+              sleep 10
+
+              echo "Verbinde mit MinIO..."
+              mc alias set myminio http://minio:9000 admin $MINIO_ROOT_PASSWORD
+
+              echo "Erstelle Buckets (falls nicht vorhanden)..."
+              mc mb --ignore-existing myminio/tatort
+              mc mb --ignore-existing myminio/tatort-dev
+
+              echo "Erstelle Policies..."
+              mc admin policy create myminio policy-tatort /policies/policy-tatort.json || true
+              mc admin policy create myminio policy-tatort-dev /policies/policy-tatort-dev.json || true
+
+              echo "Erstelle Benutzer..."
+              mc admin user add myminio $TATORT_ACCESS $TATORT_SECRET || true
+              mc admin user add myminio $TATORT_DEV_ACCESS $TATORT_DEV_SECRET || true
+
+              echo "Weise Policies zu..."
+              mc admin policy attach myminio policy-tatort --user $TATORT_ACCESS
+              mc admin policy attach myminio policy-tatort-dev --user $TATORT_DEV_ACCESS
+
+              echo "Setup abgeschlossen!"
+              mc admin user list myminio
diff --git a/config/minio/minio-users-secret.yaml b/config/minio/minio-users-secret.yaml
new file mode 100644
index 0000000..d278709
--- /dev/null
+++ b/config/minio/minio-users-secret.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: minio-users
+  namespace: minio
+type: Opaque
+stringData:
+  # tatort: Zugriff nur auf tatort
+  tatort-access-key: "GxKhfnfkNvlDU7qzsz0D"
+  tatort-secret-key: "cqSM5rIRr4MPtqzu2sNKgmB9k2OghPbyxwAWogeM"
+  # tatort-dev: Zugriff nur auf tatort-dev
+  tatort-dev-access-key: "AbCdEfGhIjKlMnOpQrSt"
+  tatort-dev-secret-key: "UvWxYz1234567890AbCdEfGhIjKlMnOpQrStUvWx"