[minio] add post job to auto create default buckets (#9)

ixxeL2097 · Frederic Spiers · github-actions[bot] · Frederic Spiers · commit 493263eb10af · 2025-10-06T15:18:38.000+02:00
* [minio] add post job to auto create default buckets

* Update CHANGELOG.md

Signed-off-by: github-actions[bot] &lt;github-actions[bot]@users.noreply.github.com&gt;

* [minio] using better script for auto bucket

* Update CHANGELOG.md

Signed-off-by: github-actions[bot] &lt;github-actions[bot]@users.noreply.github.com&gt;

* [minio] using better script for auto bucket

* Update CHANGELOG.md

Signed-off-by: github-actions[bot] &lt;github-actions[bot]@users.noreply.github.com&gt;

---------

Signed-off-by: github-actions[bot] &lt;github-actions[bot]@users.noreply.github.com&gt;
Co-authored-by: Frederic Spiers &lt;frederic.spiers@gitguardian.com&gt;
Co-authored-by: github-actions[bot] &lt;github-actions[bot]@users.noreply.github.com&gt;
diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml
@@ -195,8 +195,8 @@ jobs:
             helm package . --app-version=${APP_VERSION} --version=${CHART_VERSION}
 
             # Push to GHCR
-            echo "Pushing Helm chart $CHART_NAME-$CHART_VERSION.tgz to oci://ttl.sh/${{ github.event.repository.name }}/helm"
-            if helm push ./$CHART_NAME-$CHART_VERSION.tgz oci://ttl.sh/${{ github.event.repository.name }}/helm; then
+            echo "Pushing Helm chart $CHART_NAME-$CHART_VERSION.tgz to oci://ttl.sh/${{ github.event.repository.name }}"
+            if helm push ./$CHART_NAME-$CHART_VERSION.tgz oci://ttl.sh/${{ github.event.repository.name }}; then
               echo "Successfully released $CHART_NAME-$CHART_VERSION to ttl.sh"
             else
               echo "Failed to push $CHART_NAME-$CHART_VERSION to ttl.sh"
diff --git a/charts/minio/CHANGELOG.md b/charts/minio/CHANGELOG.md
@@ -1,63 +1,63 @@
 # Changelog
 
-## 0.2.5 (2025-10-01)
+## 0.4.0 (2025-10-06)
 
-* test(trigger): ci test for ttl publish ([#2](https://github.com/GitGuardian/gitguardian-helm/pull/2))
+* [minio] add post job to auto create default buckets ([#9](https://github.com/GitGuardian/gitguardian-helm-charts/pull/9))
 
 ## <small>0.2.4 (2025-09-30)</small>
 
-* add more configuration options for the minio server (#189) ([8066d07](https://github.com/GitGuardian/gitguardian-helm/commit/8066d07)), closes [#189](https://github.com/GitGuardian/gitguardian-helm/issues/189)
-* add option to use cpu-v1 image ([91bfd29](https://github.com/GitGuardian/gitguardian-helm/commit/91bfd29))
-* bump verion to 0.2.3 ([af6beca](https://github.com/GitGuardian/gitguardian-helm/commit/af6beca))
-* bump version to 0.2.2 ([afaf2d1](https://github.com/GitGuardian/gitguardian-helm/commit/afaf2d1))
-* set strategy to recreate in deployment ([6e01f97](https://github.com/GitGuardian/gitguardian-helm/commit/6e01f97))
-* update minio README.md ([cbca20c](https://github.com/GitGuardian/gitguardian-helm/commit/cbca20c))
-* Update CHANGELOG.md ([55a987f](https://github.com/GitGuardian/gitguardian-helm/commit/55a987f))
-* Update CHANGELOG.md ([f31d5a5](https://github.com/GitGuardian/gitguardian-helm/commit/f31d5a5))
+* add more configuration options for the minio server (#189) ([8066d07](https://github.com/GitGuardian/gitguardian-helm-charts/commit/8066d07)), closes [#189](https://github.com/GitGuardian/gitguardian-helm-charts/issues/189)
+* add option to use cpu-v1 image ([91bfd29](https://github.com/GitGuardian/gitguardian-helm-charts/commit/91bfd29))
+* bump verion to 0.2.3 ([af6beca](https://github.com/GitGuardian/gitguardian-helm-charts/commit/af6beca))
+* bump version to 0.2.2 ([afaf2d1](https://github.com/GitGuardian/gitguardian-helm-charts/commit/afaf2d1))
+* set strategy to recreate in deployment ([6e01f97](https://github.com/GitGuardian/gitguardian-helm-charts/commit/6e01f97))
+* update minio README.md ([cbca20c](https://github.com/GitGuardian/gitguardian-helm-charts/commit/cbca20c))
+* Update CHANGELOG.md ([55a987f](https://github.com/GitGuardian/gitguardian-helm-charts/commit/55a987f))
+* Update CHANGELOG.md ([f31d5a5](https://github.com/GitGuardian/gitguardian-helm-charts/commit/f31d5a5))
 
 ## <small>0.2.1 (2025-09-08)</small>
 
-* Update appVersion ([5c23cb1](https://github.com/GitGuardian/gitguardian-helm/commit/5c23cb1))
-* revert ([ba71354](https://github.com/GitGuardian/gitguardian-helm/commit/ba71354))
-* revert 2 ([b64c81d](https://github.com/GitGuardian/gitguardian-helm/commit/b64c81d))
-* revert 3 ([d8ced5c](https://github.com/GitGuardian/gitguardian-helm/commit/d8ced5c))
-* Update CHANGELOG.md ([bb8e730](https://github.com/GitGuardian/gitguardian-helm/commit/bb8e730))
-* Update CHANGELOG.md ([82fe11f](https://github.com/GitGuardian/gitguardian-helm/commit/82fe11f))
-* Update CHANGELOG.md ([808cae0](https://github.com/GitGuardian/gitguardian-helm/commit/808cae0))
-* Upgrade minio to latest stable ([94ab830](https://github.com/GitGuardian/gitguardian-helm/commit/94ab830))
-* Upgrade minio to latest stable ([b199ea4](https://github.com/GitGuardian/gitguardian-helm/commit/b199ea4))
+* Update appVersion ([5c23cb1](https://github.com/GitGuardian/gitguardian-helm-charts/commit/5c23cb1))
+* revert ([ba71354](https://github.com/GitGuardian/gitguardian-helm-charts/commit/ba71354))
+* revert 2 ([b64c81d](https://github.com/GitGuardian/gitguardian-helm-charts/commit/b64c81d))
+* revert 3 ([d8ced5c](https://github.com/GitGuardian/gitguardian-helm-charts/commit/d8ced5c))
+* Update CHANGELOG.md ([bb8e730](https://github.com/GitGuardian/gitguardian-helm-charts/commit/bb8e730))
+* Update CHANGELOG.md ([82fe11f](https://github.com/GitGuardian/gitguardian-helm-charts/commit/82fe11f))
+* Update CHANGELOG.md ([808cae0](https://github.com/GitGuardian/gitguardian-helm-charts/commit/808cae0))
+* Upgrade minio to latest stable ([94ab830](https://github.com/GitGuardian/gitguardian-helm-charts/commit/94ab830))
+* Upgrade minio to latest stable ([b199ea4](https://github.com/GitGuardian/gitguardian-helm-charts/commit/b199ea4))
 
 ## 0.2.0 (2025-09-02)
 
-* [documentation] update readme files ([16944cd](https://github.com/GitGuardian/gitguardian-helm/commit/16944cd))
-* add persistence.mountPath, use dynamic mountPath for data-volume ([5c2b721](https://github.com/GitGuardian/gitguardian-helm/commit/5c2b721))
-* change securitycontext ids to 1001 ([9dc576e](https://github.com/GitGuardian/gitguardian-helm/commit/9dc576e))
-* Fix public CDN readme ([68416b1](https://github.com/GitGuardian/gitguardian-helm/commit/68416b1))
-* fix: remove debug-values ([385683d](https://github.com/GitGuardian/gitguardian-helm/commit/385683d))
-* Improve ingress configuration ([47b5ceb](https://github.com/GitGuardian/gitguardian-helm/commit/47b5ceb))
-* increase version to 0.1.4 ([3e6a8f3](https://github.com/GitGuardian/gitguardian-helm/commit/3e6a8f3))
-* pin image in test, fix podAnnotations, dynamic ports in server command ([c0fc3c4](https://github.com/GitGuardian/gitguardian-helm/commit/c0fc3c4))
-* Release ([c46ef4c](https://github.com/GitGuardian/gitguardian-helm/commit/c46ef4c))
-* update readme, remove default values, fix chart.yaml ([37bbb1e](https://github.com/GitGuardian/gitguardian-helm/commit/37bbb1e))
-* update version to 0.1.5 ([eedc099](https://github.com/GitGuardian/gitguardian-helm/commit/eedc099))
-* Add ArtifactHub Badges to all Charts ([08b855b](https://github.com/GitGuardian/gitguardian-helm/commit/08b855b))
-* Add ArtifactHub repo config ([15180a8](https://github.com/GitGuardian/gitguardian-helm/commit/15180a8))
-* Add cosign signature READMEs ([5f82e7f](https://github.com/GitGuardian/gitguardian-helm/commit/5f82e7f))
-* Add extensive chart testing ([a46efac](https://github.com/GitGuardian/gitguardian-helm/commit/a46efac))
-* add extraObject array to all charts ([34772b7](https://github.com/GitGuardian/gitguardian-helm/commit/34772b7))
-* Add generated values.schema.json files from values.yaml ([aa79ac3](https://github.com/GitGuardian/gitguardian-helm/commit/aa79ac3))
-* Add initial Changelogs to all Charts ([68f10ca](https://github.com/GitGuardian/gitguardian-helm/commit/68f10ca))
-* Add LICENSE ([fdbf1ab](https://github.com/GitGuardian/gitguardian-helm/commit/fdbf1ab))
-* add logos to helm-charts ([fc70cdc](https://github.com/GitGuardian/gitguardian-helm/commit/fc70cdc))
-* Add Minio helm-chart ([6a68b08](https://github.com/GitGuardian/gitguardian-helm/commit/6a68b08))
-* bump all chart versions for new extraObjects feature ([aaa57f9](https://github.com/GitGuardian/gitguardian-helm/commit/aaa57f9))
-* Fix image tag/digest handling ([a5c982b](https://github.com/GitGuardian/gitguardian-helm/commit/a5c982b))
-* Fix imagePullSecrets format and pull always ([ce0d301](https://github.com/GitGuardian/gitguardian-helm/commit/ce0d301))
-* fix readme.md install text, update chart.yaml home-website ([3511582](https://github.com/GitGuardian/gitguardian-helm/commit/3511582))
-* Fix values.yaml / Chart.yaml linting issues ([043c7e0](https://github.com/GitGuardian/gitguardian-helm/commit/043c7e0))
-* Format README files ([04aacab](https://github.com/GitGuardian/gitguardian-helm/commit/04aacab))
-* Release new chart versions / update sources ([dbb0e45](https://github.com/GitGuardian/gitguardian-helm/commit/dbb0e45))
-* Remove leading $ from code blocks ([836b2e3](https://github.com/GitGuardian/gitguardian-helm/commit/836b2e3))
-* remove serviceaccounts from all charts ([be8f43a](https://github.com/GitGuardian/gitguardian-helm/commit/be8f43a))
-* update readme, chart.yaml texts and descriptions ([0179046](https://github.com/GitGuardian/gitguardian-helm/commit/0179046))
-* Use lookup function for password where applicable ([dfb9a0e](https://github.com/GitGuardian/gitguardian-helm/commit/dfb9a0e))
+* [documentation] update readme files ([16944cd](https://github.com/GitGuardian/gitguardian-helm-charts/commit/16944cd))
+* add persistence.mountPath, use dynamic mountPath for data-volume ([5c2b721](https://github.com/GitGuardian/gitguardian-helm-charts/commit/5c2b721))
+* change securitycontext ids to 1001 ([9dc576e](https://github.com/GitGuardian/gitguardian-helm-charts/commit/9dc576e))
+* Fix public CDN readme ([68416b1](https://github.com/GitGuardian/gitguardian-helm-charts/commit/68416b1))
+* fix: remove debug-values ([385683d](https://github.com/GitGuardian/gitguardian-helm-charts/commit/385683d))
+* Improve ingress configuration ([47b5ceb](https://github.com/GitGuardian/gitguardian-helm-charts/commit/47b5ceb))
+* increase version to 0.1.4 ([3e6a8f3](https://github.com/GitGuardian/gitguardian-helm-charts/commit/3e6a8f3))
+* pin image in test, fix podAnnotations, dynamic ports in server command ([c0fc3c4](https://github.com/GitGuardian/gitguardian-helm-charts/commit/c0fc3c4))
+* Release ([c46ef4c](https://github.com/GitGuardian/gitguardian-helm-charts/commit/c46ef4c))
+* update readme, remove default values, fix chart.yaml ([37bbb1e](https://github.com/GitGuardian/gitguardian-helm-charts/commit/37bbb1e))
+* update version to 0.1.5 ([eedc099](https://github.com/GitGuardian/gitguardian-helm-charts/commit/eedc099))
+* Add ArtifactHub Badges to all Charts ([08b855b](https://github.com/GitGuardian/gitguardian-helm-charts/commit/08b855b))
+* Add ArtifactHub repo config ([15180a8](https://github.com/GitGuardian/gitguardian-helm-charts/commit/15180a8))
+* Add cosign signature READMEs ([5f82e7f](https://github.com/GitGuardian/gitguardian-helm-charts/commit/5f82e7f))
+* Add extensive chart testing ([a46efac](https://github.com/GitGuardian/gitguardian-helm-charts/commit/a46efac))
+* add extraObject array to all charts ([34772b7](https://github.com/GitGuardian/gitguardian-helm-charts/commit/34772b7))
+* Add generated values.schema.json files from values.yaml ([aa79ac3](https://github.com/GitGuardian/gitguardian-helm-charts/commit/aa79ac3))
+* Add initial Changelogs to all Charts ([68f10ca](https://github.com/GitGuardian/gitguardian-helm-charts/commit/68f10ca))
+* Add LICENSE ([fdbf1ab](https://github.com/GitGuardian/gitguardian-helm-charts/commit/fdbf1ab))
+* add logos to helm-charts ([fc70cdc](https://github.com/GitGuardian/gitguardian-helm-charts/commit/fc70cdc))
+* Add Minio helm-chart ([6a68b08](https://github.com/GitGuardian/gitguardian-helm-charts/commit/6a68b08))
+* bump all chart versions for new extraObjects feature ([aaa57f9](https://github.com/GitGuardian/gitguardian-helm-charts/commit/aaa57f9))
+* Fix image tag/digest handling ([a5c982b](https://github.com/GitGuardian/gitguardian-helm-charts/commit/a5c982b))
+* Fix imagePullSecrets format and pull always ([ce0d301](https://github.com/GitGuardian/gitguardian-helm-charts/commit/ce0d301))
+* fix readme.md install text, update chart.yaml home-website ([3511582](https://github.com/GitGuardian/gitguardian-helm-charts/commit/3511582))
+* Fix values.yaml / Chart.yaml linting issues ([043c7e0](https://github.com/GitGuardian/gitguardian-helm-charts/commit/043c7e0))
+* Format README files ([04aacab](https://github.com/GitGuardian/gitguardian-helm-charts/commit/04aacab))
+* Release new chart versions / update sources ([dbb0e45](https://github.com/GitGuardian/gitguardian-helm-charts/commit/dbb0e45))
+* Remove leading $ from code blocks ([836b2e3](https://github.com/GitGuardian/gitguardian-helm-charts/commit/836b2e3))
+* remove serviceaccounts from all charts ([be8f43a](https://github.com/GitGuardian/gitguardian-helm-charts/commit/be8f43a))
+* update readme, chart.yaml texts and descriptions ([0179046](https://github.com/GitGuardian/gitguardian-helm-charts/commit/0179046))
+* Use lookup function for password where applicable ([dfb9a0e](https://github.com/GitGuardian/gitguardian-helm-charts/commit/dfb9a0e))
diff --git a/charts/minio/Chart.yaml b/charts/minio/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: minio
 description: High Performance Object Storage compatible with Amazon S3 APIs
 type: application
-version: 0.3.0
+version: 0.4.0
 appVersion: "2025.09.07"
 keywords:
   - minio
diff --git a/charts/minio/templates/post-job-configmap.yaml b/charts/minio/templates/post-job-configmap.yaml
@@ -0,0 +1,119 @@
+{{- if .Values.defaultBuckets }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "minio.fullname" . }}-post-job
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "minio.labels" . | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations:
+    {{- include "minio.annotations" . | nindent 4 }}
+  {{- end }}
+data:
+  provision-buckets.sh: |
+    #!/bin/sh
+    set -e
+
+    MINIO_URL="http://{{ include "minio.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.port }}"
+    MINIO_STARTUP_TIMEOUT="${MINIO_STARTUP_TIMEOUT:-300}"
+
+    echo "=== MinIO Bucket Provisioning ==="
+    echo "Target: $MINIO_URL"
+
+    ########################
+    # Check if MinIO is live
+    ########################
+    is_minio_live() {
+        local status_code
+        status_code=$(curl --write-out '%{http_code}' --silent --output /dev/null "${MINIO_URL}/minio/health/live")
+        if [ "$status_code" = "200" ]; then
+            return 0
+        else
+            return 1
+        fi
+    }
+
+    ########################
+    # Wait for MinIO start
+    ########################
+    wait_for_minio() {
+        local waited_time
+        waited_time=0
+        echo "Waiting for MinIO to be ready..."
+        while ! is_minio_live && [ "$waited_time" -lt "$MINIO_STARTUP_TIMEOUT" ]; do
+            echo "MinIO not ready yet, waiting... (${waited_time}s/${MINIO_STARTUP_TIMEOUT}s)"
+            sleep 5
+            waited_time=$((waited_time + 5))
+        done
+        
+        if [ "$waited_time" -ge "$MINIO_STARTUP_TIMEOUT" ]; then
+            echo "Timeout: MinIO not ready after ${MINIO_STARTUP_TIMEOUT}s"
+            return 1
+        fi
+        echo "MinIO is ready!"
+    }
+
+    ########################
+    # MinIO client configuration
+    ########################
+    configure_minio_client() {
+        echo "Configuring MinIO client..."
+        mc alias set local "$MINIO_URL" "${MINIO_ROOT_USER}" "${MINIO_ROOT_PASSWORD}"
+        
+        echo "Testing MinIO client connection..."
+        mc ready local
+    }
+
+    ########################
+    # Create default buckets
+    ########################
+    minio_create_default_buckets() {
+        if [ -n "{{ .Values.defaultBuckets }}" ]; then
+            buckets=$(echo "{{ .Values.defaultBuckets }}" | tr ',;' ' ')
+            echo "Creating default buckets..."
+            
+            for b in $buckets; do
+                bucket_name=$(echo "$b" | cut -d':' -f1)
+                bucket_policy=$(echo "$b" | cut -s -d':' -f2)
+                
+                bucket_name=$(echo "$bucket_name" | xargs)
+                
+                if [ -z "$bucket_name" ]; then
+                    continue
+                fi
+                
+                echo "Processing bucket: $bucket_name"
+                
+                if mc ls "local/$bucket_name" >/dev/null 2>&1; then
+                    echo "Bucket local/$bucket_name already exists, skipping creation."
+                else
+                    echo "Creating bucket: local/$bucket_name"
+                    {{- if .Values.config.region }}
+                    mc mb --region "{{ .Values.config.region }}" "local/$bucket_name"
+                    {{- else }}
+                    mc mb "local/$bucket_name"
+                    {{- end }}
+                    echo "Bucket local/$bucket_name created successfully."
+                fi
+                
+                if [ -n "$bucket_policy" ]; then
+                    echo "Setting policy $bucket_policy for local bucket $bucket_name"
+                    mc anonymous set "$bucket_policy" "local/$bucket_name"
+                fi
+            done
+        fi
+    }
+
+    ########################
+    # Main execution
+    ########################
+    
+    wait_for_minio
+    
+    configure_minio_client
+    
+    minio_create_default_buckets
+    
+    echo "Bucket provisioning completed successfully."
+{{- end }}
diff --git a/charts/minio/templates/post-job.yaml b/charts/minio/templates/post-job.yaml
@@ -0,0 +1,62 @@
+{{- if .Values.defaultBuckets }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "minio.fullname" . }}-post-job
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "minio.labels" . | nindent 4 }}
+  annotations:
+    {{- if .Values.commonAnnotations }}
+    {{- include "minio.annotations" . | nindent 4 }}
+    {{- end }}
+spec:
+  ttlSecondsAfterFinished: 600
+  activeDeadlineSeconds: 300
+  completions: 1
+  parallelism: 1
+  backoffLimit: 3
+  template:
+    metadata:
+      labels:
+        {{- include "minio.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: post-job
+    spec:
+{{- with (include "minio.imagePullSecrets" .) }}
+{{ . | nindent 6 }}
+{{- end }}
+      restartPolicy: OnFailure
+      securityContext: {{ include "common.renderPodSecurityContext" . | nindent 8 }}
+      containers:
+        - name: post-job
+          image: {{ include "minio.image" . }}
+          imagePullPolicy: IfNotPresent
+          command: ["/bin/sh", "/scripts/provision-buckets.sh"]
+          env:
+            - name: MINIO_ROOT_USER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "minio.secretName" . }}
+                  key: {{ include "minio.rootUser" . }}
+            - name: MINIO_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "minio.secretName" . }}
+                  key: {{ include "minio.rootPasswordKey" . }}
+          volumeMounts:
+            - name: scripts
+              mountPath: /scripts
+            - name: tmp
+              mountPath: /tmp
+          securityContext:
+            {{- $securityContext := include "common.renderContainerSecurityContext" . | fromYaml }}
+            {{- $_ := set $securityContext "readOnlyRootFilesystem" false }}
+            {{- toYaml $securityContext | nindent 12 }}
+      volumes:
+        - name: scripts
+          configMap:
+            name: {{ include "minio.fullname" . }}-post-job
+            defaultMode: 0755
+        - name: tmp
+          emptyDir: {}
+{{- end }}
diff --git a/charts/minio/values.yaml b/charts/minio/values.yaml
@@ -73,6 +73,12 @@ config:
   ## @param config.extraEnvVars Extra environment variables to be set on MinIO containers
   extraEnvVars: []
 
+## @section Bucket provisioning
+## @param defaultBuckets Comma, semi-colon or space separated list of buckets to create at initialization
+## Format: "bucket-name" or "bucket-name:policy" where policy can be: none, download, upload, or public
+## e.g: "my-bucket, my-second-bucket:download, my-public-bucket:public"
+defaultBuckets: ""
+
 ## @section Deployment configuration
 replicaCount: 1
 
