sarex/iac
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master'

Browse Source
This commit is contained in:
emelinda 2026-06-05 15:52:43 +03:00
commit 3f0dd1898b
13 changed files with 924 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/processing/brusnika-stage/api.yaml
View File

@ -35,7 +35,7 @@ spec:
image: image:
name: name:
_default: cr.yandex/crp3ccidau046kdj8g9q/workflows-api:prod_ee75fda9 _default: cr.yandex/crp3ccidau046kdj8g9q/workflows-api:prod_e963403f
pullPolicy: pullPolicy:
_default: IfNotPresent _default: IfNotPresent
@ -52,7 +52,7 @@ spec:
production: 3 production: 3
port: port:
_default: 8000 _default: 8080
probes: probes:
liveness: liveness:
@ -73,7 +73,7 @@ spec:
_default: 8000 _default: 8000
targetPort: targetPort:
_default: 8000 _default: 8080
portName: portName:
_default: http _default: http

379
apps/transmittal/brusnika-stage/backend.yaml Normal file
View File

@ -0,0 +1,379 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: transmittal
namespace: transmittal
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/transmittal-api:prod_d94cce67
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: transmittal
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: transmittal-service
type:
_default: ClusterIP
port:
_default: 80
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
labels:
monitoring: prometheus
envs:
- name: TRANSMITTAL_SERVICE_APP__NAME
value:
_default: "Transmittal Service"
- name: TRANSMITTAL_SERVICE_APP__LOG_LEVEL
value:
_default: "ERROR"
- name: TRANSMITTAL_SERVICE_APP__HOST
value:
_default: "https://test.sarex.brusnika.tech/transmittal"
- name: TRANSMITTAL_SERVICE_APP__ENVIRONMENT
value:
_default: "prod"
- name: TRANSMITTAL_SERVICE_CORS__ALLOW_ORIGINS
value:
_default: '["*"]'
- name: TRANSMITTAL_SERVICE_CORS__ALLOW_METHODS
value:
_default: '["*"]'
- name: TRANSMITTAL_SERVICE_CORS__ALLOW_HEADERS
value:
_default: '["*"]'
- name: TRANSMITTAL_SERVICE_CORS__ALLOW_CREDENTIALS
value:
_default: "true"
- name: TRANSMITTAL_SERVICE_UVICORN__HOST
value:
_default: "0.0.0.0"
- name: TRANSMITTAL_SERVICE_UVICORN__PORT
value:
_default: "8000"
- name: TRANSMITTAL_SERVICE_UVICORN__ENABLE_AUTO_RELOAD
value:
_default: "false"
- name: TRANSMITTAL_SERVICE_OTEL__ENABLE
value:
_default: "false"
- name: TRANSMITTAL_SERVICE_OTEL__HOST
value:
_default: "http://signoz-otel-collector-external.signoz.svc.cluster.local:4317"
- name: TRANSMITTAL_SERVICE_OTEL__SERVICE_NAME
value:
_default: "backend.transmittals-prod"
- name: TRANSMITTAL_SERVICE_OTEL__INSECURE
value:
_default: "false"
- name: TRANSMITTAL_SERVICE_DATABASE__SSL_MODE
value:
_default: "verify-full"
- name: TRANSMITTAL_SERVICE_DATABASE__SSL_ROOT_CERT_PATH
value:
_default: "/opt/.postgresql/root.crt"
- name: TRANSMITTAL_SERVICE_UVICORN__LOG_LEVEL
value:
_default: "info"
- name: TRANSMITTAL_SERVICE_UVICORN__NUM_WORKERS
value:
_default: "2"
- name: TRANSMITTAL_SERVICE_UVICORN__ROOT_PATH
value:
_default: ""
- name: TRANSMITTAL_SERVICE_DATABASE__HOST
value:
_default: "192.168.2.45"
- name: TRANSMITTAL_SERVICE_DATABASE__PORT
value:
_default: "5432"
- name: TRANSMITTAL_SERVICE_DATABASE__NAME
value:
_default: "transmittal_db"
- name: TRANSMITTAL_SERVICE_DATABASE__ENABLE_SSL
value:
_default: "false"
- name: TRANSMITTAL_SERVICE_RABBITMQ__VHOST
value:
_default: "api"
- name: TRANSMITTAL_SERVICE_RABBITMQ__HOST
value:
_default: "rabbitmq-service"
- name: TRANSMITTAL_SERVICE_RABBITMQ__PORT
value:
_default: "5672"
- name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__BASE_URL
value:
_default: "http://backend.django.svc.cluster.local:8000"
- name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__MAX_CONNECTIONS
value:
_default: "10"
- name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS
value:
_default: "5"
- name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__TIMEOUT
value:
_default: "15"
- name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__BASE_URL
value:
_default: "http://resources-service.resources.svc.cluster.local:8000"
- name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__MAX_CONNECTIONS
value:
_default: "10"
- name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS
value:
_default: "5"
- name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__TIMEOUT
value:
_default: "15"
- name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__BASE_URL
value:
_default: "http://documentations-api.documentations.svc.cluster.local:8080"
- name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__MAX_CONNECTIONS
value:
_default: "10"
- name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS
value:
_default: "5"
- name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__TIMEOUT
value:
_default: "15"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__MAX_POOL_CONNECTIONS
value:
_default: "10"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__CONNECT_TIMEOUT
value:
_default: "10"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__READ_TIMEOUT
value:
_default: "50"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__REGION_NAME
value:
_default: "ru-central1"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__VERIFY
value:
_default: "true"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__DEFAULT_BUCKET
value:
_default: "transmittal-storage"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__ENDPOINT
value:
_default: "minio-service.minio.svc.cluster.local:9000"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__USE_SSL
value:
_default: "false"
- name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__BASE_URL
value:
_default: "http://export-project-service.django.svc.cluster.local:8000"
- name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__MAX_CONNECTIONS
value:
_default: "10"
- name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__MAX_KEEPALIVE_CONNECTIONS
value:
_default: "5"
- name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__TIMEOUT
value:
_default: "50"
- name: TRANSMITTAL_SERVICE_MARKINGS__BASE_URL
value:
_default: "http://marks-service.documentations.svc.cluster.local:8000"
- name: TRANSMITTAL_SERVICE_MARKINGS__MAX_CONNECTIONS
value:
_default: "10"
- name: TRANSMITTAL_SERVICE_MARKINGS__MAX_KEEPALIVE_CONNECTIONS
value:
_default: "5"
- name: TRANSMITTAL_SERVICE_MARKINGS__TIMEOUT
value:
_default: "50"
- name: TRANSMITTAL_SERVICE_MAILGUN__BASE_URL
value:
_default: "https://api.mailgun.net/v3/mg.sarex.io"
- name: TRANSMITTAL_SERVICE_MAILGUN__MAX_CONNECTIONS
value:
_default: "10"
- name: TRANSMITTAL_SERVICE_MAILGUN__MAX_KEEPALIVE_CONNECTIONS
value:
_default: "5"
- name: TRANSMITTAL_SERVICE_MAILGUN__TIMEOUT
value:
_default: "15"
- name: TRANSMITTAL_SERVICE_MAILGUN__EMAIL
value:
_default: "hello@wb.io"
secretEnvs:
- name: TRANSMITTAL_SERVICE_DATABASE__USER
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: TRANSMITTAL_SERVICE_DATABASE__PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: TRANSMITTAL_SERVICE_AUTH__PUBLIC_KEY
secretName:
_default: "public-key"
secretKey: "key"
- name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__BASIC_AUTH_ENCODED
secretName:
_default: "django-auth"
secretKey: "key"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__ACCESS_KEY
secretName:
_default: "s3-secret"
secretKey: "access_key"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__SECRET_KEY
secretName:
_default: "s3-secret"
secretKey: "secret_key"
- name: TRANSMITTAL_SERVICE_RABBITMQ__USER
secretName:
_default: "rabbitmq-cred"
secretKey: "username"
- name: TRANSMITTAL_SERVICE_RABBITMQ__PASSWORD
secretName:
_default: "rabbitmq-cred"
secretKey: "password"
- name: TRANSMITTAL_SERVICE_MAILGUN__API_KEY
secretName:
_default: "mailgun-cred"
secretKey: "api_key"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

94
apps/transmittal/brusnika-stage/frontend.yaml Normal file
View File

@ -0,0 +1,94 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: transmittal-frontend-static
namespace: transmittal
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
frontend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/transmittal-frontend:wb_e6600344
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: transmittal-frontend-static
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 80
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: transmittal-frontend-static
type:
_default: ClusterIP
port:
_default: 80
targetPort:
_default: 80
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

8
apps/transmittal/brusnika-stage/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: transmittal
resources:
- frontend.yaml
- backend.yaml
- worker.yaml

387
apps/transmittal/brusnika-stage/worker.yaml Normal file
View File

@ -0,0 +1,387 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: worker
namespace: transmittal
spec:
interval: 10m
chart:
spec:
chart: universal-chart
version: "0.1.7"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
interval: 10m
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
enabled: true
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/transmittal-api:prod_d94cce67
pullPolicy:
_default: IfNotPresent
deployment:
enabled: true
name:
_default: worker
replicaCount:
_default: 1
stage: 1
preprod: 3
production: 3
port:
_default: 8000
command:
_default:
- taskiq
- worker
- '--no-parse'
- transmittal_service.tasks.broker:broker
- transmittal_service.tasks.transmittal.tasks
- transmittal_service.tasks.email.tasks
probes:
liveness:
enabled: false
readiness:
enabled: false
service:
enabled: true
name:
_default: worker
type:
_default: ClusterIP
port:
_default: 80
targetPort:
_default: 8000
portName:
_default: http
imagePullSecrets:
enabled:
_default: true
name:
_default: regcred
labels:
monitoring: prometheus
envs:
- name: TRANSMITTAL_SERVICE_APP__NAME
value:
_default: "Transmittal Service"
- name: TRANSMITTAL_SERVICE_APP__LOG_LEVEL
value:
_default: "ERROR"
- name: TRANSMITTAL_SERVICE_APP__HOST
value:
_default: "https://test.sarex.brusnika.tech/transmittal"
- name: TRANSMITTAL_SERVICE_APP__ENVIRONMENT
value:
_default: "prod"
- name: TRANSMITTAL_SERVICE_CORS__ALLOW_ORIGINS
value:
_default: '["*"]'
- name: TRANSMITTAL_SERVICE_CORS__ALLOW_METHODS
value:
_default: '["*"]'
- name: TRANSMITTAL_SERVICE_CORS__ALLOW_HEADERS
value:
_default: '["*"]'
- name: TRANSMITTAL_SERVICE_CORS__ALLOW_CREDENTIALS
value:
_default: "true"
- name: TRANSMITTAL_SERVICE_UVICORN__HOST
value:
_default: "0.0.0.0"
- name: TRANSMITTAL_SERVICE_UVICORN__PORT
value:
_default: "8000"
- name: TRANSMITTAL_SERVICE_UVICORN__ENABLE_AUTO_RELOAD
value:
_default: "false"
- name: TRANSMITTAL_SERVICE_OTEL__ENABLE
value:
_default: "false"
- name: TRANSMITTAL_SERVICE_OTEL__HOST
value:
_default: "http://signoz-otel-collector-external.signoz.svc.cluster.local:4317"
- name: TRANSMITTAL_SERVICE_OTEL__SERVICE_NAME
value:
_default: "backend.transmittals-prod"
- name: TRANSMITTAL_SERVICE_OTEL__INSECURE
value:
_default: "false"
- name: TRANSMITTAL_SERVICE_DATABASE__SSL_MODE
value:
_default: "verify-full"
- name: TRANSMITTAL_SERVICE_DATABASE__SSL_ROOT_CERT_PATH
value:
_default: "/opt/.postgresql/root.crt"
- name: TRANSMITTAL_SERVICE_UVICORN__LOG_LEVEL
value:
_default: "info"
- name: TRANSMITTAL_SERVICE_UVICORN__NUM_WORKERS
value:
_default: "2"
- name: TRANSMITTAL_SERVICE_UVICORN__ROOT_PATH
value:
_default: ""
- name: TRANSMITTAL_SERVICE_DATABASE__HOST
value:
_default: "192.168.2.45"
- name: TRANSMITTAL_SERVICE_DATABASE__PORT
value:
_default: "5432"
- name: TRANSMITTAL_SERVICE_DATABASE__NAME
value:
_default: "transmittal_db"
- name: TRANSMITTAL_SERVICE_DATABASE__ENABLE_SSL
value:
_default: "false"
- name: TRANSMITTAL_SERVICE_RABBITMQ__VHOST
value:
_default: "api"
- name: TRANSMITTAL_SERVICE_RABBITMQ__HOST
value:
_default: "rabbitmq-service"
- name: TRANSMITTAL_SERVICE_RABBITMQ__PORT
value:
_default: "5672"
- name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__BASE_URL
value:
_default: "http://backend.django.svc.cluster.local:8000"
- name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__MAX_CONNECTIONS
value:
_default: "10"
- name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS
value:
_default: "5"
- name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__TIMEOUT
value:
_default: "15"
- name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__BASE_URL
value:
_default: "http://resources-service.resources.svc.cluster.local:8000"
- name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__MAX_CONNECTIONS
value:
_default: "10"
- name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS
value:
_default: "5"
- name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__TIMEOUT
value:
_default: "15"
- name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__BASE_URL
value:
_default: "http://documentations-api.documentations.svc.cluster.local:8080"
- name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__MAX_CONNECTIONS
value:
_default: "10"
- name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS
value:
_default: "5"
- name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__TIMEOUT
value:
_default: "15"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__MAX_POOL_CONNECTIONS
value:
_default: "10"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__CONNECT_TIMEOUT
value:
_default: "10"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__READ_TIMEOUT
value:
_default: "50"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__REGION_NAME
value:
_default: "ru-central1"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__VERIFY
value:
_default: "true"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__DEFAULT_BUCKET
value:
_default: "transmittal-storage"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__ENDPOINT
value:
_default: "minio-service.minio.svc.cluster.local:9000"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__USE_SSL
value:
_default: "false"
- name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__BASE_URL
value:
_default: "http://export-project-service.django.svc.cluster.local:8000"
- name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__MAX_CONNECTIONS
value:
_default: "10"
- name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__MAX_KEEPALIVE_CONNECTIONS
value:
_default: "5"
- name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__TIMEOUT
value:
_default: "50"
- name: TRANSMITTAL_SERVICE_MARKINGS__BASE_URL
value:
_default: "http://marks-service.documentations.svc.cluster.local:8000"
- name: TRANSMITTAL_SERVICE_MARKINGS__MAX_CONNECTIONS
value:
_default: "10"
- name: TRANSMITTAL_SERVICE_MARKINGS__MAX_KEEPALIVE_CONNECTIONS
value:
_default: "5"
- name: TRANSMITTAL_SERVICE_MARKINGS__TIMEOUT
value:
_default: "50"
- name: TRANSMITTAL_SERVICE_MAILGUN__BASE_URL
value:
_default: "https://api.mailgun.net/v3/mg.sarex.io"
- name: TRANSMITTAL_SERVICE_MAILGUN__MAX_CONNECTIONS
value:
_default: "10"
- name: TRANSMITTAL_SERVICE_MAILGUN__MAX_KEEPALIVE_CONNECTIONS
value:
_default: "5"
- name: TRANSMITTAL_SERVICE_MAILGUN__TIMEOUT
value:
_default: "15"
- name: TRANSMITTAL_SERVICE_MAILGUN__EMAIL
value:
_default: "hello@wb.io"
secretEnvs:
- name: TRANSMITTAL_SERVICE_DATABASE__USER
secretName:
_default: "postgres-secret"
secretKey: "username"
- name: TRANSMITTAL_SERVICE_DATABASE__PASSWORD
secretName:
_default: "postgres-secret"
secretKey: "password"
- name: TRANSMITTAL_SERVICE_AUTH__PUBLIC_KEY
secretName:
_default: "public-key"
secretKey: "key"
- name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__BASIC_AUTH_ENCODED
secretName:
_default: "django-auth"
secretKey: "key"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__ACCESS_KEY
secretName:
_default: "s3-secret"
secretKey: "access_key"
- name: TRANSMITTAL_SERVICE_S3_CLIENT__SECRET_KEY
secretName:
_default: "s3-secret"
secretKey: "secret_key"
- name: TRANSMITTAL_SERVICE_RABBITMQ__USER
secretName:
_default: "rabbitmq-cred"
secretKey: "username"
- name: TRANSMITTAL_SERVICE_RABBITMQ__PASSWORD
secretName:
_default: "rabbitmq-cred"
secretKey: "password"
- name: TRANSMITTAL_SERVICE_MAILGUN__API_KEY
secretName:
_default: "mailgun-cred"
secretKey: "api_key"
commitSha: ""
gitlabUri: ""
gitlabJobUrl: ""
owner: ""

2
apps/workspaces/brusnika-stage/frontend.yaml
View File

@ -35,7 +35,7 @@ spec:
image: image:
name: name:
_default: cr.yandex/crp3ccidau046kdj8g9q/workspaces-v2-frontend:contour_8e96aa59 _default: cr.yandex/crp3ccidau046kdj8g9q/workspaces-v2-frontend:contour_8b87e5b0
pullPolicy: pullPolicy:
_default: IfNotPresent _default: IfNotPresent

20
clusters/brusnika-prod/infrastructure/clusterissuer-letsencrypt.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
email: emelin.d@sarex.io
privateKeySecretRef:
name: letsencrypt
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- selector:
dnsNames:
- zitadel.brusnika.onprem.sarex.io
http01:
ingress:
class: istio
- http01:
ingress:
class: nginx

1
clusters/brusnika-prod/infrastructure/kustomization.yaml
View File

@ -8,6 +8,7 @@ resources:
- ../../../infrastructure/vault - ../../../infrastructure/vault
- ../../../infrastructure/zitadel - ../../../infrastructure/zitadel
- ./vault-ingress.yaml - ./vault-ingress.yaml
- ./clusterissuer-letsencrypt.yaml
patches: patches:
- path: ./patches/istio-gateway.yaml - path: ./patches/istio-gateway.yaml
target: target:

11
clusters/brusnika-prod/infrastructure/patches/istio-config.yaml
View File

@ -4,6 +4,10 @@ metadata:
name: istio-config name: istio-config
namespace: default namespace: default
spec: spec:
install:
disableWait: true
upgrade:
disableWait: true
values: values:
global: global:
env: brusnika-prod env: brusnika-prod
@ -610,13 +614,6 @@ spec:
gateways: gateways:
- ingress-nginx/zitadel-gw - ingress-nginx/zitadel-gw
routes: routes:
- match:
- port: 80
uri:
prefix: /
redirect:
scheme: https
redirectCode: 308
- path: - path:
prefix: / prefix: /
service: zitadel-idp-contour.zitadel.svc.cluster.local service: zitadel-idp-contour.zitadel.svc.cluster.local

20
clusters/brusnika-stage/infrastructure/clusterissuer-letsencrypt.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
email: emelin.d@sarex.io
privateKeySecretRef:
name: letsencrypt
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- selector:
dnsNames:
- zitadel.test.sarex.brusnika.tech
http01:
ingress:
class: istio
- http01:
ingress:
class: nginx

1
clusters/brusnika-stage/infrastructure/kustomization.yaml
View File

@ -9,6 +9,7 @@ resources:
- ../../../infrastructure/zitadel - ../../../infrastructure/zitadel
- ./lb-service-override.yaml - ./lb-service-override.yaml
- ./vault-ingress.yaml - ./vault-ingress.yaml
- ./clusterissuer-letsencrypt.yaml
patches: patches:
- path: ./patches/istio-gateway.yaml - path: ./patches/istio-gateway.yaml
target: target:

11
clusters/brusnika-stage/infrastructure/patches/istio-config.yaml
View File

@ -4,6 +4,10 @@ metadata:
name: istio-config name: istio-config
namespace: default namespace: default
spec: spec:
install:
disableWait: true
upgrade:
disableWait: true
values: values:
global: global:
env: brusnika-stage env: brusnika-stage
@ -562,13 +566,6 @@ spec:
gateways: gateways:
- ingress-nginx/zitadel-gw - ingress-nginx/zitadel-gw
routes: routes:
- match:
- port: 80
uri:
prefix: /
redirect:
scheme: https
redirectCode: 308
- path: - path:
prefix: / prefix: /
service: zitadel-idp-contour.zitadel.svc.cluster.local service: zitadel-idp-contour.zitadel.svc.cluster.local

1
clusters/brusnika-stage/kustomization.yaml
View File

@ -25,3 +25,4 @@ resources:
- ../../apps/rfi/brusnika-stage - ../../apps/rfi/brusnika-stage
- ../../apps/pm/brusnika-stage - ../../apps/pm/brusnika-stage
- ../../apps/checklists/brusnika-stage - ../../apps/checklists/brusnika-stage
- ../../apps/transmittal/brusnika-stage