create dumps bucket and user + deploy s3 proxy

2026-04-10 12:45:23 +03:00 · 2026-04-10 12:45:23 +03:00 · 8674877040
commit 8674877040
parent 30b3854bd3
8 changed files with 94 additions and 0 deletions
--- a/clusters/yc-k8s-test/infrastructure/kustomization.yaml
+++ b/clusters/yc-k8s-test/infrastructure/kustomization.yaml
@ -99,3 +99,10 @@ patches:
      kind: HelmRelease
      name: camunda
      namespace: camunda
+  - path: ./patches/s3-proxy.yaml
+    target:
+      group: helm.toolkit.fluxcd.io
+      version: v2
+      kind: HelmRelease
+      name: s3-proxy
+      namespace: postgresql
--- a/clusters/yc-k8s-test/infrastructure/patches/minio.yaml
+++ b/clusters/yc-k8s-test/infrastructure/patches/minio.yaml
@ -25,3 +25,35 @@ spec:
    resources:
      requests:
        memory: 1Gi
+    buckets:
+      - name: dumps
+        policy: none
+        purge: false
+        versioning: false
+        objectlocking: false
+    policies:
+      - name: dumps-owner
+        statements:
+          - resources:
+              - 'arn:aws:s3:::dumps'
+            actions:
+              - "s3:GetBucketLocation"
+              - "s3:ListBucket"
+              - "s3:ListBucketMultipartUploads"
+              - "s3:PutBucketPolicy"
+              - "s3:GetBucketPolicy"
+          - resources:
+              - 'arn:aws:s3:::dumps/*'
+            actions:
+              - "s3:AbortMultipartUpload"
+              - "s3:GetObject"
+              - "s3:DeleteObject"
+              - "s3:PutObject"
+              - "s3:ListMultipartUploadParts"
+    users:
+      - accessKey: console
+        secretKey: console123
+        policy: consoleAdmin
+      - accessKey: s3-proxy
+        secretKey: s3-proxy-change-me-password
+        policy: dumps-owner
--- a/clusters/yc-k8s-test/infrastructure/patches/s3-proxy.yaml
+++ b/clusters/yc-k8s-test/infrastructure/patches/s3-proxy.yaml
@ -0,0 +1,16 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: s3-proxy
+  namespace: postgresql
+spec:
+  interval: 5m
+  timeout: 10m
+  values:
+    universal-chart:
+      services:
+        s3Proxy:
+          envs:
+            - name: AWS_API_ENDPOINT
+              value:
+                _default: "http://minio.minio.svc.cluster.local:9000"
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@ -10,6 +10,7 @@ resources:
  - minio
  - rabbitmq
  - redis
+  - s3-proxy
  - istio-base
  - istio-pilot
  - istio-gateway
--- a/infrastructure/s3-proxy/base/helmrelease.yaml
+++ b/infrastructure/s3-proxy/base/helmrelease.yaml
@ -0,0 +1,22 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: s3-proxy
+  namespace: postgresql
+spec:
+  interval: 10m
+  chart:
+    spec:
+      chart: s3-proxy-contour
+      version: "0.0.1"
+      sourceRef:
+        kind: HelmRepository
+        name: yc-oci-charts
+        namespace: flux-system
+      interval: 10m
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
--- a/infrastructure/s3-proxy/base/kustomization.yaml
+++ b/infrastructure/s3-proxy/base/kustomization.yaml
@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: postgresql
+resources:
+  - namespace.yaml
+  - helmrelease.yaml
--- a/infrastructure/s3-proxy/base/namespace.yaml
+++ b/infrastructure/s3-proxy/base/namespace.yaml
@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: postgresql
+  labels:
+    istio-injection: enabled
--- a/infrastructure/s3-proxy/kustomization.yaml
+++ b/infrastructure/s3-proxy/kustomization.yaml
@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./base