sarex/iac
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move yc-cps-prod Gitea and Vault to cloud domains

Browse Source
This commit is contained in:
Kochetkov S 2026-06-02 16:50:30 +03:00
parent 759871c02b
commit d554ba4a0c
4 changed files with 67 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
clusters/yc-cps-prod/flux-system/gotk-sync.yaml
View File

@ -11,7 +11,7 @@ spec:
branch: master branch: master
secretRef: secretRef:
name: flux-system name: flux-system
url: https://gitea.infra.cps.sarex.io/sarex/iac.git url: https://gitea.cloud.cps.sarex.lonsdaleites.ru/sarex/iac.git
--- ---
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization

61
clusters/yc-cps-prod/infrastructure/gitea-istio.yaml Normal file
View File

@ -0,0 +1,61 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: gitea-cert
namespace: istio-system
spec:
dnsNames:
- gitea.cloud.cps.sarex.lonsdaleites.ru
duration: 2160h
issuerRef:
kind: ClusterIssuer
name: letsencrypt-issuer-istio
privateKey:
rotationPolicy: Always
renewBefore: 360h
secretName: gitea-tls
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: gitea-gateway
namespace: gateway
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- gitea.cloud.cps.sarex.lonsdaleites.ru
port:
name: https-443
number: 443
protocol: HTTPS
tls:
credentialName: gitea-tls
mode: SIMPLE
- hosts:
- gitea.cloud.cps.sarex.lonsdaleites.ru
port:
name: http-80
number: 80
protocol: HTTP
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: gitea-virt-service
namespace: gitea
spec:
gateways:
- gateway/gitea-gateway
hosts:
- gitea.cloud.cps.sarex.lonsdaleites.ru
http:
- match:
- uri:
prefix: /
route:
- destination:
host: gitea
port:
number: 3000

1
clusters/yc-cps-prod/infrastructure/kustomization.yaml
View File

@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ../../../infrastructure/vault - ../../../infrastructure/vault
- ./gitea-istio.yaml
- ./vault-istio.yaml - ./vault-istio.yaml
patches: patches:
- path: ./patches/vault.yaml - path: ./patches/vault.yaml

8
clusters/yc-cps-prod/infrastructure/vault-istio.yaml
View File

@ -5,7 +5,7 @@ metadata:
namespace: istio-system namespace: istio-system
spec: spec:
dnsNames: dnsNames:
- vault.infra.cps.sarex.io - vault.cloud.cps.sarex.lonsdaleites.ru
duration: 2160h duration: 2160h
issuerRef: issuerRef:
kind: ClusterIssuer kind: ClusterIssuer
@ -25,7 +25,7 @@ spec:
istio: ingressgateway istio: ingressgateway
servers: servers:
- hosts: - hosts:
- vault.infra.cps.sarex.io - vault.cloud.cps.sarex.lonsdaleites.ru
port: port:
name: https-443 name: https-443
number: 443 number: 443
@ -34,7 +34,7 @@ spec:
credentialName: vault-tls credentialName: vault-tls
mode: SIMPLE mode: SIMPLE
- hosts: - hosts:
- vault.infra.cps.sarex.io - vault.cloud.cps.sarex.lonsdaleites.ru
port: port:
name: http-80 name: http-80
number: 80 number: 80
@ -49,7 +49,7 @@ spec:
gateways: gateways:
- gateway/vault-gateway - gateway/vault-gateway
hosts: hosts:
- vault.infra.cps.sarex.io - vault.cloud.cps.sarex.lonsdaleites.ru
http: http:
- match: - match:
- uri: - uri: