Replace static S3 credentials with secret-based environment variables in attachments app deployment configuration

apps/attachments/base/deployment.yaml

@@ -29,16 +29,43 @@ spec:
               value: "10"
             - name: API_ADDRESS
               value: 0.0.0.0:8000
-            - name: YANDEX_S3_ACCOUNT_PATH
-              value: /etc/sarex/yc-s3-storage/yc-s3-service-account.json
+            - name: YANDEX_S3_ENDPOINT_URL
+              valueFrom:
+                secretKeyRef:
+                  name: s3-secret
+                  key: endpoint
+            - name: YANDEX_S3_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: s3-secret
+                  key: login
+            - name: YANDEX_S3_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: s3-secret
+                  key: password
+            - name: YANDEX_S3_USE_SSL
+              valueFrom:
+                secretKeyRef:
+                  name: s3-secret
+                  key: use_ssl
+            - name: YANDEX_S3_REGION
+              valueFrom:
+                secretKeyRef:
+                  name: s3-secret
+                  key: region
+            - name: YANDEX_S3_VERIFY
+              valueFrom:
+                secretKeyRef:
+                  name: s3-secret
+                  key: verify
             - name: BUCKET_NAME
-              value: attachments-storage
+              valueFrom:
+                secretKeyRef:
+                  name: s3-secret
+                  key: bucket
             - name: DATABASE_SSL_MODE
               value: disable
-            - name: YANDEX_S3_VERIFY
-              value: "false"
-            - name: YANDEX_S3_USE_SSL
-              value: "false"
             - name: DATABASE_HOST
               value: "postgresql.attachments"
             - name: DATABASE_PORT