From 9a4701771e895bfba054bc65905a497e5a825aa1 Mon Sep 17 00:00:00 2001 From: Kochetkov S Date: Thu, 28 May 2026 16:12:35 +0300 Subject: [PATCH] add minio + vault + lpp --- .../yc-k8s-test-02/helm-repositories.yaml | 12 +++++ .../infrastructure/kustomization.yaml | 28 ++++++++++ .../patches/local-path-provisioner.yaml | 53 +++++++++++++++++++ .../infrastructure/patches/minio.yaml | 39 ++++++++++++++ .../infrastructure/patches/vault.yaml | 12 +++++ clusters/yc-k8s-test-02/kustomization.yaml | 6 +++ 6 files changed, 150 insertions(+) create mode 100644 clusters/yc-k8s-test-02/helm-repositories.yaml create mode 100644 clusters/yc-k8s-test-02/infrastructure/kustomization.yaml create mode 100644 clusters/yc-k8s-test-02/infrastructure/patches/local-path-provisioner.yaml create mode 100644 clusters/yc-k8s-test-02/infrastructure/patches/minio.yaml create mode 100644 clusters/yc-k8s-test-02/infrastructure/patches/vault.yaml create mode 100644 clusters/yc-k8s-test-02/kustomization.yaml diff --git a/clusters/yc-k8s-test-02/helm-repositories.yaml b/clusters/yc-k8s-test-02/helm-repositories.yaml new file mode 100644 index 0000000..bbdeea6 --- /dev/null +++ b/clusters/yc-k8s-test-02/helm-repositories.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: yc-oci-charts + namespace: flux-system +spec: + type: oci + interval: 10m0s + url: oci://cr.yandex/crp3ccidau046kdj8g9q/charts + secretRef: + name: yc-cr-auth diff --git a/clusters/yc-k8s-test-02/infrastructure/kustomization.yaml b/clusters/yc-k8s-test-02/infrastructure/kustomization.yaml new file mode 100644 index 0000000..4e07c26 --- /dev/null +++ b/clusters/yc-k8s-test-02/infrastructure/kustomization.yaml @@ -0,0 +1,28 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../infrastructure/local-path-provisioner + - ../../../infrastructure/minio + - ../../../infrastructure/vault +patches: + - path: ./patches/local-path-provisioner.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: local-path-provisioner + namespace: local-path-provisioner + - path: ./patches/minio.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: minio + namespace: minio + - path: ./patches/vault.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: vault + namespace: vault diff --git a/clusters/yc-k8s-test-02/infrastructure/patches/local-path-provisioner.yaml b/clusters/yc-k8s-test-02/infrastructure/patches/local-path-provisioner.yaml new file mode 100644 index 0000000..7c1eba6 --- /dev/null +++ b/clusters/yc-k8s-test-02/infrastructure/patches/local-path-provisioner.yaml @@ -0,0 +1,53 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: local-path-provisioner + namespace: local-path-provisioner +spec: + interval: 5m + timeout: 10m + values: + replicaCount: 1 + image: + repository: cr.yandex/crp3ccidau046kdj8g9q/contour/local-path-provisioner-nn/local-path-provisioner + tag: v0.0.24 + pullPolicy: IfNotPresent + helperImage: + repository: cr.yandex/crp3ccidau046kdj8g9q/contour/local-path-provisioner-nn/busybox + tag: latest + defaultSettings: + registrySecret: null + privateRegistry: + registryUrl: null + registryUser: null + registryPasswd: null + imagePullSecrets: + - name: regcred + nameOverride: "" + fullnameOverride: "" + storageClass: + create: true + defaultClass: false + name: local-path + reclaimPolicy: Delete + nodePathMap: + - node: DEFAULT_PATH_FOR_NON_LISTED_NODES + paths: + - /opt/local-path-provisioner + resources: {} + rbac: + create: true + serviceAccount: + create: true + name: "" + nodeSelector: {} + tolerations: [] + affinity: {} + configmap: + name: local-path-config + setup: |- + set -eu + mkdir -m 0777 -p "$VOL_DIR" + teardown: |- + set -eu + rm -rf "$VOL_DIR" diff --git a/clusters/yc-k8s-test-02/infrastructure/patches/minio.yaml b/clusters/yc-k8s-test-02/infrastructure/patches/minio.yaml new file mode 100644 index 0000000..769c6a7 --- /dev/null +++ b/clusters/yc-k8s-test-02/infrastructure/patches/minio.yaml @@ -0,0 +1,39 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: minio + namespace: minio +spec: + interval: 5m + timeout: 10m + values: + nameOverride: "minio" + mode: standalone + environment: + MINIO_SERVER_URL: "https://minio.contour.infra.sarex.tech" + MINIO_BROWSER_REDIRECT_URL: "https://minio.contour.infra.sarex.tech/console/" + MINIO_API_CORS_ALLOW_ORIGIN: "https://minio.contour.infra.sarex.tech" + imagePullSecrets: + - name: regcred + vaultRoot: + enabled: true + role: minio + authPath: auth/kubernetes + secretPath: secrets/data/minio/admin + rootUserKey: rootUser + rootPasswordKey: rootPassword + drivesPerNode: 1 + replicas: 1 + nodeSelector: + dedicated: s3 + tolerations: + - key: dedicated + operator: Equal + value: s3 + effect: NoSchedule + persistence: + storageClass: local-path + size: 100Gi + resources: + requests: + memory: 1Gi diff --git a/clusters/yc-k8s-test-02/infrastructure/patches/vault.yaml b/clusters/yc-k8s-test-02/infrastructure/patches/vault.yaml new file mode 100644 index 0000000..ad856db --- /dev/null +++ b/clusters/yc-k8s-test-02/infrastructure/patches/vault.yaml @@ -0,0 +1,12 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: vault + namespace: vault +spec: + interval: 5m + timeout: 10m + values: + server: + dataStorage: + storageClass: local-path diff --git a/clusters/yc-k8s-test-02/kustomization.yaml b/clusters/yc-k8s-test-02/kustomization.yaml new file mode 100644 index 0000000..a8384a3 --- /dev/null +++ b/clusters/yc-k8s-test-02/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./flux-system + - ./helm-repositories.yaml + - ./infrastructure