create dumps bucket and user + deploy s3 proxy

clusters/yc-k8s-test/infrastructure/kustomization.yaml

@@ -99,3 +99,10 @@ patches:
       kind: HelmRelease
       name: camunda
       namespace: camunda
+  - path: ./patches/s3-proxy.yaml
+    target:
+      group: helm.toolkit.fluxcd.io
+      version: v2
+      kind: HelmRelease
+      name: s3-proxy
+      namespace: postgresql

clusters/yc-k8s-test/infrastructure/patches/minio.yaml

@@ -25,3 +25,35 @@ spec:
     resources:
       requests:
         memory: 1Gi
+    buckets:
+      - name: dumps
+        policy: none
+        purge: false
+        versioning: false
+        objectlocking: false
+    policies:
+      - name: dumps-owner
+        statements:
+          - resources:
+              - 'arn:aws:s3:::dumps'
+            actions:
+              - "s3:GetBucketLocation"
+              - "s3:ListBucket"
+              - "s3:ListBucketMultipartUploads"
+              - "s3:PutBucketPolicy"
+              - "s3:GetBucketPolicy"
+          - resources:
+              - 'arn:aws:s3:::dumps/*'
+            actions:
+              - "s3:AbortMultipartUpload"
+              - "s3:GetObject"
+              - "s3:DeleteObject"
+              - "s3:PutObject"
+              - "s3:ListMultipartUploadParts"
+    users:
+      - accessKey: console
+        secretKey: console123
+        policy: consoleAdmin
+      - accessKey: s3-proxy
+        secretKey: s3-proxy-change-me-password
+        policy: dumps-owner

clusters/yc-k8s-test/infrastructure/patches/s3-proxy.yaml

@@ -0,0 +1,16 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: s3-proxy
+  namespace: postgresql
+spec:
+  interval: 5m
+  timeout: 10m
+  values:
+    universal-chart:
+      services:
+        s3Proxy:
+          envs:
+            - name: AWS_API_ENDPOINT
+              value:
+                _default: "http://minio.minio.svc.cluster.local:9000"

infrastructure/kustomization.yaml

@@ -10,6 +10,7 @@ resources:
   - minio
   - rabbitmq
   - redis
+  - s3-proxy
   - istio-base
   - istio-pilot
   - istio-gateway

infrastructure/s3-proxy/base/helmrelease.yaml

@@ -0,0 +1,22 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: s3-proxy
+  namespace: postgresql
+spec:
+  interval: 10m
+  chart:
+    spec:
+      chart: s3-proxy-contour
+      version: "0.0.1"
+      sourceRef:
+        kind: HelmRepository
+        name: yc-oci-charts
+        namespace: flux-system
+      interval: 10m
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3

infrastructure/s3-proxy/base/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: postgresql
+resources:
+  - namespace.yaml
+  - helmrelease.yaml

infrastructure/s3-proxy/base/namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: postgresql
+  labels:
+    istio-injection: enabled

infrastructure/s3-proxy/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./base