From 86748770402cea0236dfe3ae82edac809d764cf6 Mon Sep 17 00:00:00 2001
From: Kochetkov S <kochetkov.s@sarex.io>
Date: Fri, 10 Apr 2026 12:45:23 +0300
Subject: [PATCH] create dumps bucket and user + deploy s3 proxy

---
 .../infrastructure/kustomization.yaml         |  7 ++++
 .../infrastructure/patches/minio.yaml         | 32 +++++++++++++++++++
 .../infrastructure/patches/s3-proxy.yaml      | 16 ++++++++++
 infrastructure/kustomization.yaml             |  1 +
 infrastructure/s3-proxy/base/helmrelease.yaml | 22 +++++++++++++
 .../s3-proxy/base/kustomization.yaml          |  6 ++++
 infrastructure/s3-proxy/base/namespace.yaml   |  6 ++++
 infrastructure/s3-proxy/kustomization.yaml    |  4 +++
 8 files changed, 94 insertions(+)
 create mode 100644 clusters/yc-k8s-test/infrastructure/patches/s3-proxy.yaml
 create mode 100644 infrastructure/s3-proxy/base/helmrelease.yaml
 create mode 100644 infrastructure/s3-proxy/base/kustomization.yaml
 create mode 100644 infrastructure/s3-proxy/base/namespace.yaml
 create mode 100644 infrastructure/s3-proxy/kustomization.yaml

diff --git a/clusters/yc-k8s-test/infrastructure/kustomization.yaml b/clusters/yc-k8s-test/infrastructure/kustomization.yaml
index 35bddf6..0ff2b84 100644
--- a/clusters/yc-k8s-test/infrastructure/kustomization.yaml
+++ b/clusters/yc-k8s-test/infrastructure/kustomization.yaml
@@ -99,3 +99,10 @@ patches:
       kind: HelmRelease
       name: camunda
       namespace: camunda
+  - path: ./patches/s3-proxy.yaml
+    target:
+      group: helm.toolkit.fluxcd.io
+      version: v2
+      kind: HelmRelease
+      name: s3-proxy
+      namespace: postgresql
diff --git a/clusters/yc-k8s-test/infrastructure/patches/minio.yaml b/clusters/yc-k8s-test/infrastructure/patches/minio.yaml
index d2cdf3d..cc95a52 100644
--- a/clusters/yc-k8s-test/infrastructure/patches/minio.yaml
+++ b/clusters/yc-k8s-test/infrastructure/patches/minio.yaml
@@ -25,3 +25,35 @@ spec:
     resources:
       requests:
         memory: 1Gi
+    buckets:
+      - name: dumps
+        policy: none
+        purge: false
+        versioning: false
+        objectlocking: false
+    policies:
+      - name: dumps-owner
+        statements:
+          - resources:
+              - 'arn:aws:s3:::dumps'
+            actions:
+              - "s3:GetBucketLocation"
+              - "s3:ListBucket"
+              - "s3:ListBucketMultipartUploads"
+              - "s3:PutBucketPolicy"
+              - "s3:GetBucketPolicy"
+          - resources:
+              - 'arn:aws:s3:::dumps/*'
+            actions:
+              - "s3:AbortMultipartUpload"
+              - "s3:GetObject"
+              - "s3:DeleteObject"
+              - "s3:PutObject"
+              - "s3:ListMultipartUploadParts"
+    users:
+      - accessKey: console
+        secretKey: console123
+        policy: consoleAdmin
+      - accessKey: s3-proxy
+        secretKey: s3-proxy-change-me-password
+        policy: dumps-owner
diff --git a/clusters/yc-k8s-test/infrastructure/patches/s3-proxy.yaml b/clusters/yc-k8s-test/infrastructure/patches/s3-proxy.yaml
new file mode 100644
index 0000000..e3ce3cc
--- /dev/null
+++ b/clusters/yc-k8s-test/infrastructure/patches/s3-proxy.yaml
@@ -0,0 +1,16 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: s3-proxy
+  namespace: postgresql
+spec:
+  interval: 5m
+  timeout: 10m
+  values:
+    universal-chart:
+      services:
+        s3Proxy:
+          envs:
+            - name: AWS_API_ENDPOINT
+              value:
+                _default: "http://minio.minio.svc.cluster.local:9000"
diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml
index 2190819..2eb16e2 100644
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@@ -10,6 +10,7 @@ resources:
   - minio
   - rabbitmq
   - redis
+  - s3-proxy
   - istio-base
   - istio-pilot
   - istio-gateway
diff --git a/infrastructure/s3-proxy/base/helmrelease.yaml b/infrastructure/s3-proxy/base/helmrelease.yaml
new file mode 100644
index 0000000..8a407dd
--- /dev/null
+++ b/infrastructure/s3-proxy/base/helmrelease.yaml
@@ -0,0 +1,22 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: s3-proxy
+  namespace: postgresql
+spec:
+  interval: 10m
+  chart:
+    spec:
+      chart: s3-proxy-contour
+      version: "0.0.1"
+      sourceRef:
+        kind: HelmRepository
+        name: yc-oci-charts
+        namespace: flux-system
+      interval: 10m
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
diff --git a/infrastructure/s3-proxy/base/kustomization.yaml b/infrastructure/s3-proxy/base/kustomization.yaml
new file mode 100644
index 0000000..f26a436
--- /dev/null
+++ b/infrastructure/s3-proxy/base/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: postgresql
+resources:
+  - namespace.yaml
+  - helmrelease.yaml
diff --git a/infrastructure/s3-proxy/base/namespace.yaml b/infrastructure/s3-proxy/base/namespace.yaml
new file mode 100644
index 0000000..008cdd0
--- /dev/null
+++ b/infrastructure/s3-proxy/base/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: postgresql
+  labels:
+    istio-injection: enabled
diff --git a/infrastructure/s3-proxy/kustomization.yaml b/infrastructure/s3-proxy/kustomization.yaml
new file mode 100644
index 0000000..3c2f51f
--- /dev/null
+++ b/infrastructure/s3-proxy/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./base