feat: support command for minioJob

[jiuker]

feat: support command for minioJob
how to test:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: mc-job-sa
  namespace: minio-operator
---
apiVersion: sts.min.io/v1alpha1
kind: PolicyBinding
metadata:
  name: mc-job-bingding
  namespace: minio-operator
spec:
  application:
    serviceaccount: mc-job-sa
    namespace: minio-operator
  policies:
    - consoleAdmin
---
apiVersion: job.min.io/v1alpha1
kind: MinIOJob
metadata:
  name: minio-test-job
  namespace: minio-operator
spec:
  serviceAccountName: mc-job-sa
  tenant:
    name: myminio
    namespace: minio-operator
  commands:
    - op: make-bucket
      args:
        name: memes
    - op: stat
      command:
        - "mc"
        - "stat"
        - "myminio/memes"
        - "--insecure"

[cniackz]

I love this feature

[shtripat]

LGTM. Verified.
One suggestion.

[ramondeklein]

I'm fine with the code, but isn't it a security risk to allow running commands as any service account? If you know the name of a privileged service account, then you can run any command using that account (if you're entitled to submit Minio jobs).

[ramondeklein]

I'm fine with the code, but isn't it a security risk to allow running commands as any service account? If you know the name of a privileged service account, then you can run any command using that account (if you're entitled to submit Minio jobs).

@dvaldivia @harshavardhana What's your opinion? You can also submit jobs that issue wget or curl commands this way. Not sure if we would want that? I know our Docker images have only a few tools installed, but running any tool under someone else's credentials feels too tricky to me...