From 2cb6e9a29f1fb02727ba728d1a2e806e940f6a60 Mon Sep 17 00:00:00 2001
From: Kochetkov S <kochetkov.s@sarex.io>
Date: Tue, 14 Apr 2026 12:51:28 +0300
Subject: [PATCH 1/2] fix kafka

---
 clusters/yc-k8s-test/infrastructure/patches/kafka.yaml | 3 +++
 infrastructure/kafka/base/helmrelease.yaml             | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/clusters/yc-k8s-test/infrastructure/patches/kafka.yaml b/clusters/yc-k8s-test/infrastructure/patches/kafka.yaml
index db40f54..ac9180a 100644
--- a/clusters/yc-k8s-test/infrastructure/patches/kafka.yaml
+++ b/clusters/yc-k8s-test/infrastructure/patches/kafka.yaml
@@ -25,6 +25,9 @@ spec:
       client:
         protocol: SASL_SSL
     sasl:
+      managedExistingSecret:
+        enabled: true
+      existingSecret: kafka-kafka-contour-user-passwords
       enabledMechanisms: PLAIN,SCRAM-SHA-512
       interBrokerMechanism: PLAIN
       controllerMechanism: PLAIN
diff --git a/infrastructure/kafka/base/helmrelease.yaml b/infrastructure/kafka/base/helmrelease.yaml
index 412283e..48b1fc2 100644
--- a/infrastructure/kafka/base/helmrelease.yaml
+++ b/infrastructure/kafka/base/helmrelease.yaml
@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: kafka-contour
-      version: "0.1.2"
+      version: "0.1.3"
       sourceRef:
         kind: HelmRepository
         name: yc-oci-charts

From 694b72d52aa7eb0cd4fc5db9d7db7a2a3be0adf4 Mon Sep 17 00:00:00 2001
From: Kochetkov S <kochetkov.s@sarex.io>
Date: Tue, 14 Apr 2026 13:55:49 +0300
Subject: [PATCH 2/2] add vault

---
 .../infrastructure/kustomization.yaml         |  7 ++++++
 .../infrastructure/patches/vault.yaml         |  8 +++++++
 infrastructure/kustomization.yaml             |  1 +
 infrastructure/vault/base/helmrelease.yaml    | 22 +++++++++++++++++++
 infrastructure/vault/base/kustomization.yaml  |  6 +++++
 infrastructure/vault/base/namespace.yaml      |  6 +++++
 infrastructure/vault/kustomization.yaml       |  4 ++++
 7 files changed, 54 insertions(+)
 create mode 100644 clusters/yc-k8s-test/infrastructure/patches/vault.yaml
 create mode 100644 infrastructure/vault/base/helmrelease.yaml
 create mode 100644 infrastructure/vault/base/kustomization.yaml
 create mode 100644 infrastructure/vault/base/namespace.yaml
 create mode 100644 infrastructure/vault/kustomization.yaml

diff --git a/clusters/yc-k8s-test/infrastructure/kustomization.yaml b/clusters/yc-k8s-test/infrastructure/kustomization.yaml
index ec4211c..c114093 100644
--- a/clusters/yc-k8s-test/infrastructure/kustomization.yaml
+++ b/clusters/yc-k8s-test/infrastructure/kustomization.yaml
@@ -134,3 +134,10 @@ patches:
       kind: HelmRelease
       name: openldap
       namespace: openldap
+  - path: ./patches/vault.yaml
+    target:
+      group: helm.toolkit.fluxcd.io
+      version: v2
+      kind: HelmRelease
+      name: vailt
+      namespace: vault    
diff --git a/clusters/yc-k8s-test/infrastructure/patches/vault.yaml b/clusters/yc-k8s-test/infrastructure/patches/vault.yaml
new file mode 100644
index 0000000..ee2ac55
--- /dev/null
+++ b/clusters/yc-k8s-test/infrastructure/patches/vault.yaml
@@ -0,0 +1,8 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: vault
+  namespace: vault
+spec:
+  interval: 5m
+  timeout: 10m
diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml
index 4f9e07e..0361b09 100644
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@@ -19,3 +19,4 @@ resources:
   - istio-pilot
   - istio-gateway
   - zitadel
+  - vault
diff --git a/infrastructure/vault/base/helmrelease.yaml b/infrastructure/vault/base/helmrelease.yaml
new file mode 100644
index 0000000..6ff485f
--- /dev/null
+++ b/infrastructure/vault/base/helmrelease.yaml
@@ -0,0 +1,22 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: vault
+  namespace: vault
+spec:
+  interval: 10m
+  chart:
+    spec:
+      chart: vault-contour
+      version: "0.1.0"
+      sourceRef:
+        kind: HelmRepository
+        name: yc-oci-charts
+        namespace: flux-system
+      interval: 10m
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
diff --git a/infrastructure/vault/base/kustomization.yaml b/infrastructure/vault/base/kustomization.yaml
new file mode 100644
index 0000000..7f43e04
--- /dev/null
+++ b/infrastructure/vault/base/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: zitadel
+resources:
+  - helmrelease.yaml
+  - namespace.yaml
diff --git a/infrastructure/vault/base/namespace.yaml b/infrastructure/vault/base/namespace.yaml
new file mode 100644
index 0000000..77ee9e7
--- /dev/null
+++ b/infrastructure/vault/base/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: vault
+  labels:
+    istio-injection: enabled
diff --git a/infrastructure/vault/kustomization.yaml b/infrastructure/vault/kustomization.yaml
new file mode 100644
index 0000000..85dcd9d
--- /dev/null
+++ b/infrastructure/vault/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - base