From e1836798fc18469647798dfabf7c065c64b1d815 Mon Sep 17 00:00:00 2001
From: Kochetkov S <kochetkov.s@sarex.io>
Date: Wed, 15 Apr 2026 11:10:31 +0300
Subject: [PATCH] add vault integration

---
 .../infrastructure/patches/minio.yaml         | 43 +++----------------
 infrastructure/minio/base/helmrelease.yaml    |  2 +-
 2 files changed, 8 insertions(+), 37 deletions(-)

diff --git a/clusters/yc-k8s-test/infrastructure/patches/minio.yaml b/clusters/yc-k8s-test/infrastructure/patches/minio.yaml
index a0cd046..a2c7f03 100644
--- a/clusters/yc-k8s-test/infrastructure/patches/minio.yaml
+++ b/clusters/yc-k8s-test/infrastructure/patches/minio.yaml
@@ -10,6 +10,13 @@ spec:
     mode: standalone
     imagePullSecrets:
       - name: regcred
+    vaultRoot:
+      enabled: true
+      role: minio
+      authPath: auth/kubernetes
+      secretPath: secrets/data/minio/admin
+      rootUserKey: rootUser
+      rootPasswordKey: rootPassword
     drivesPerNode: 1
     replicas: 1
     nodeSelector:
@@ -25,39 +32,3 @@ spec:
     resources:
       requests:
         memory: 1Gi
-    buckets:
-      - name: dumps
-        policy: none
-        purge: false
-        versioning: false
-        objectlocking: false
-    policies:
-      - name: dumps-owner
-        statements:
-          - resources:
-              - 'arn:aws:s3:::dumps'
-            actions:
-              - "s3:GetBucketLocation"
-              - "s3:ListBucket"
-              - "s3:ListBucketMultipartUploads"
-              - "s3:PutBucketPolicy"
-              - "s3:GetBucketPolicy"
-          - resources:
-              - 'arn:aws:s3:::dumps/*'
-            actions:
-              - "s3:AbortMultipartUpload"
-              - "s3:GetObject"
-              - "s3:DeleteObject"
-              - "s3:PutObject"
-              - "s3:ListMultipartUploadParts"
-    users:
-      - existingSecret: minio-user-console
-        existingSecretAccessKeyKey: accessKey
-        existingSecretKey: secretKey
-        bucket: console
-        policy: consoleAdmin
-      - existingSecret: minio-user-s3-proxy
-        existingSecretAccessKeyKey: accessKey
-        existingSecretKey: secretKey
-        bucket: dumps
-        policy: dumps-owner
diff --git a/infrastructure/minio/base/helmrelease.yaml b/infrastructure/minio/base/helmrelease.yaml
index 5ecfcc7..a05ae87 100644
--- a/infrastructure/minio/base/helmrelease.yaml
+++ b/infrastructure/minio/base/helmrelease.yaml
@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: minio-contour
-      version: "5.4.2"
+      version: "5.4.3"
       sourceRef:
         kind: HelmRepository
         name: yc-oci-charts