apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: istio-config namespace: default spec: install: disableWait: true upgrade: disableWait: true values: global: env: brusnika-prod environments: brusnika-prod: namespaces: [] certManager: clusterIssuers: {} certificates: argocd-secret-name: namespace: ingress-nginx dnsNames: - argocd.brusnika.onprem.sarex.io issuerRef: name: letsencrypt kind: ClusterIssuer camunda-identity-tls: namespace: ingress-nginx dnsNames: - identity.camunda.cde.brusnika.ru issuerRef: name: letsencrypt kind: ClusterIssuer keycloak.camunda.cde.brusnika.ru-tls: namespace: ingress-nginx dnsNames: - keycloak.camunda.cde.brusnika.ru issuerRef: name: letsencrypt kind: ClusterIssuer camunda-platform-operate-tls: namespace: ingress-nginx dnsNames: - operate.camunda.cde.brusnika.ru issuerRef: name: letsencrypt kind: ClusterIssuer camunda-optimize-tls: namespace: ingress-nginx dnsNames: - optimize.camunda.cde.brusnika.ru issuerRef: name: letsencrypt kind: ClusterIssuer camunda-platform-tasklist-tls: namespace: ingress-nginx dnsNames: - tasklist.camunda.cde.brusnika.ru issuerRef: name: letsencrypt kind: ClusterIssuer yet-another-nginx-secret-name: namespace: ingress-nginx dnsNames: - document-link.cde.brusnika.ru - cde.brusnika.ru - rabbitmq.cde.brusnika.ru issuerRef: name: letsencrypt kind: ClusterIssuer tls-secret-for-qr: namespace: ingress-nginx dnsNames: - stamp-verification.cde.brusnika.ru issuerRef: name: letsencrypt kind: ClusterIssuer gitea-prod-tls: namespace: ingress-nginx dnsNames: - gitea.prod.brusnika.sarex.lonsdaleites.ru issuerRef: name: letsencrypt kind: ClusterIssuer jupyter-cert-secret: namespace: ingress-nginx dnsNames: - jupyter.brusnika.onprem.sarex.io issuerRef: name: letsencrypt kind: ClusterIssuer dashboard-secret-name: namespace: ingress-nginx dnsNames: - dashboard.brusnika.onprem.sarex.io issuerRef: name: letsencrypt kind: ClusterIssuer brusnika-secret-name: namespace: ingress-nginx dnsNames: - minio.brusnika.onprem.sarex.io issuerRef: name: letsencrypt kind: ClusterIssuer projects-secret-name: namespace: ingress-nginx dnsNames: - sso.brusnika.onprem.sarex.io issuerRef: name: letsencrypt kind: ClusterIssuer superset-tls-secret: namespace: ingress-nginx dnsNames: - superset.cde.brusnika.ru issuerRef: name: letsencrypt kind: ClusterIssuer vault-prod-tls: namespace: ingress-nginx dnsNames: - vault.prod.brusnika.sarex.lonsdaleites.ru issuerRef: name: letsencrypt kind: ClusterIssuer zitadel-tls: namespace: ingress-nginx dnsNames: - zitadel.brusnika.onprem.sarex.io issuerRef: name: letsencrypt kind: ClusterIssuer istio: envoyFilters: {} authorizationPolicies: {} requestAuthentications: {} gateways: argocd: name: argocd-gw namespace: ingress-nginx selector: istio: ingressgateway servers: - hosts: - argocd.brusnika.onprem.sarex.io tls: credentialName: argocd-secret-name camunda-identity: name: camunda-identity-gw namespace: ingress-nginx selector: istio: ingressgateway servers: - hosts: - identity.camunda.cde.brusnika.ru tls: credentialName: camunda-identity-tls camunda-keycloak: name: camunda-keycloak-gw namespace: ingress-nginx selector: istio: ingressgateway servers: - hosts: - keycloak.camunda.cde.brusnika.ru tls: credentialName: keycloak.camunda.cde.brusnika.ru-tls camunda-operate: name: camunda-operate-gw namespace: ingress-nginx selector: istio: ingressgateway servers: - hosts: - operate.camunda.cde.brusnika.ru tls: credentialName: camunda-platform-operate-tls camunda-optimize: name: camunda-optimize-gw namespace: ingress-nginx selector: istio: ingressgateway servers: - hosts: - optimize.camunda.cde.brusnika.ru tls: credentialName: camunda-optimize-tls camunda-tasklist: name: camunda-tasklist-gw namespace: ingress-nginx selector: istio: ingressgateway servers: - hosts: - tasklist.camunda.cde.brusnika.ru tls: credentialName: camunda-platform-tasklist-tls document-link: name: document-link-gw namespace: ingress-nginx selector: istio: ingressgateway servers: - hosts: - document-link.cde.brusnika.ru tls: credentialName: yet-another-nginx-secret-name stamp-verification: name: stamp-verification-gw namespace: ingress-nginx selector: istio: ingressgateway servers: - hosts: - stamp-verification.cde.brusnika.ru tls: credentialName: tls-secret-for-qr gitea: name: gitea-gw namespace: ingress-nginx selector: istio: ingressgateway servers: - hosts: - gitea.prod.brusnika.sarex.lonsdaleites.ru tls: credentialName: gitea-prod-tls global-cde: name: global-cde-gw namespace: ingress-nginx selector: istio: ingressgateway servers: - hosts: - cde.brusnika.ru tls: credentialName: yet-another-nginx-secret-name jupyter: name: jupyter-gw namespace: ingress-nginx selector: istio: ingressgateway servers: - hosts: - jupyter.brusnika.onprem.sarex.io tls: credentialName: jupyter-cert-secret dashboard: name: dashboard-gw namespace: ingress-nginx selector: istio: ingressgateway servers: - hosts: - dashboard.brusnika.onprem.sarex.io tls: credentialName: dashboard-secret-name minio: name: minio-gw namespace: ingress-nginx selector: istio: ingressgateway servers: - hosts: - minio.brusnika.onprem.sarex.io tls: credentialName: brusnika-secret-name sso-check: name: sso-check-gw namespace: ingress-nginx selector: istio: ingressgateway servers: - hosts: - sso.brusnika.onprem.sarex.io tls: credentialName: projects-secret-name superset: name: superset-gw namespace: ingress-nginx selector: istio: ingressgateway servers: - hosts: - superset.cde.brusnika.ru tls: credentialName: superset-tls-secret vault: name: vault-gw namespace: ingress-nginx selector: istio: ingressgateway servers: - hosts: - vault.prod.brusnika.sarex.lonsdaleites.ru tls: credentialName: vault-prod-tls zitadel: name: zitadel-gw namespace: ingress-nginx selector: istio: ingressgateway servers: - hosts: - zitadel.brusnika.onprem.sarex.io tls: credentialName: zitadel-tls rabbitmq: name: rabbitmq-gw namespace: ingress-nginx selector: istio: ingressgateway servers: - hosts: - rabbitmq.cde.brusnika.ru tls: credentialName: yet-another-nginx-secret-name virtualServices: argocd-vs: namespace: argocd hosts: - argocd.brusnika.onprem.sarex.io gateways: - ingress-nginx/argocd-gw cors: allowOrigins: - regex: ".*" routes: - match: - port: 80 uri: prefix: / redirect: scheme: https redirectCode: 308 - path: prefix: / service: argocd-server.argocd.svc.cluster.local port: 80 camunda-identity-vs: namespace: camunda hosts: - identity.camunda.cde.brusnika.ru gateways: - ingress-nginx/camunda-identity-gw routes: - path: prefix: / service: camunda-identity.camunda.svc.cluster.local port: 80 camunda-keycloak-vs: namespace: camunda hosts: - keycloak.camunda.cde.brusnika.ru gateways: - ingress-nginx/camunda-keycloak-gw routes: - match: - port: 80 uri: prefix: /auth/ redirect: scheme: https redirectCode: 308 - path: prefix: /auth/ service: camunda-keycloak.camunda.svc.cluster.local port: 80 camunda-operate-vs: namespace: camunda hosts: - operate.camunda.cde.brusnika.ru gateways: - ingress-nginx/camunda-operate-gw routes: - path: prefix: / service: camunda-operate.camunda.svc.cluster.local port: 80 camunda-optimize-vs: namespace: camunda hosts: - optimize.camunda.cde.brusnika.ru gateways: - ingress-nginx/camunda-optimize-gw routes: - path: prefix: / service: camunda-optimize.camunda.svc.cluster.local port: 80 camunda-tasklist-vs: namespace: camunda hosts: - tasklist.camunda.cde.brusnika.ru gateways: - ingress-nginx/camunda-tasklist-gw routes: - path: prefix: / service: camunda-tasklist.camunda.svc.cluster.local port: 80 document-link-vs: namespace: documentations hosts: - document-link.cde.brusnika.ru gateways: - ingress-nginx/document-link-gw cors: allowOrigins: - regex: ".*" routes: - match: - port: 80 uri: prefix: / redirect: scheme: https redirectCode: 308 - path: prefix: / service: frontend-service-public-link.documentations.svc.cluster.local port: 80 stamp-verification-vs: namespace: documentations hosts: - stamp-verification.cde.brusnika.ru gateways: - ingress-nginx/stamp-verification-gw cors: allowOrigins: - regex: ".*" routes: - match: - port: 80 uri: prefix: / redirect: scheme: https redirectCode: 308 - path: prefix: / service: stamp-verification-frontend-service.documentations.svc.cluster.local port: 8080 gitea-vs: namespace: gitea hosts: - gitea.prod.brusnika.sarex.lonsdaleites.ru gateways: - ingress-nginx/gitea-gw routes: - match: - port: 80 uri: prefix: / redirect: scheme: https redirectCode: 308 - path: prefix: / service: gitea.gitea.svc.cluster.local port: 3000 global-cde-vs: namespace: global-ingress hosts: - cde.brusnika.ru gateways: - ingress-nginx/global-cde-gw cors: allowOrigins: - exact: https://cde.brusnika.ru - exact: https://stamp-verification.cde.brusnika.ru - exact: https://document-link.cde.brusnika.ru routes: - match: - port: 80 uri: prefix: / redirect: scheme: https redirectCode: 308 - path: prefix: /integration/ service: yet-another-nginx-service.global-ingress.svc.cluster.local port: 80 - path: prefix: / service: nginx-service.global-ingress.svc.cluster.local port: 80 jupyter-vs: namespace: jupyter hosts: - jupyter.brusnika.onprem.sarex.io gateways: - ingress-nginx/jupyter-gw cors: allowOrigins: - regex: ".*" routes: - match: - port: 80 uri: prefix: / redirect: scheme: https redirectCode: 308 - path: prefix: / service: jupyter.jupyter.svc.cluster.local port: 8888 dashboard-vs: namespace: kubernetes-dashboard hosts: - dashboard.brusnika.onprem.sarex.io gateways: - ingress-nginx/dashboard-gw cors: allowOrigins: - regex: ".*" routes: - match: - port: 80 uri: prefix: / redirect: scheme: https redirectCode: 308 - path: prefix: / service: kubernetes-dashboard.kubernetes-dashboard.svc.cluster.local port: 80 minio-vs: namespace: minio hosts: - minio.brusnika.onprem.sarex.io gateways: - ingress-nginx/minio-gw cors: allowOrigins: - regex: ".*" routes: - match: - port: 80 uri: prefix: / redirect: scheme: https redirectCode: 308 - path: prefix: / service: minio-console-service.minio.svc.cluster.local port: 80 sso-check-vs: namespace: sso-check hosts: - sso.brusnika.onprem.sarex.io gateways: - ingress-nginx/sso-check-gw cors: allowOrigins: - regex: ".*" routes: - match: - port: 80 uri: prefix: / redirect: scheme: https redirectCode: 308 - path: prefix: / service: gatekeeper-service.sso-check.svc.cluster.local port: 80 superset-vs: namespace: superset hosts: - superset.cde.brusnika.ru gateways: - ingress-nginx/superset-gw routes: - match: - port: 80 uri: prefix: / redirect: scheme: https redirectCode: 308 - path: prefix: / service: superset.superset.svc.cluster.local port: 8088 vault-vs: namespace: vault hosts: - vault.prod.brusnika.sarex.lonsdaleites.ru gateways: - ingress-nginx/vault-gw routes: - match: - port: 80 uri: prefix: / redirect: scheme: https redirectCode: 308 - path: prefix: / service: vault-vault-contour.vault.svc.cluster.local port: 8200 zitadel-vs: namespace: zitadel hosts: - zitadel.brusnika.onprem.sarex.io gateways: - ingress-nginx/zitadel-gw routes: - path: prefix: / service: zitadel-idp-contour.zitadel.svc.cluster.local port: 8080 rabbitmq-vs: namespace: workflow hosts: - rabbitmq.cde.brusnika.ru gateways: - ingress-nginx/rabbitmq-gw cors: allowOrigins: - exact: https://cde.brusnika.ru - exact: https://stamp-verification.cde.brusnika.ru - exact: https://document-link.cde.brusnika.ru routes: - match: - port: 80 uri: prefix: / redirect: scheme: https redirectCode: 308 - path: prefix: / service: rabbitmq-service.workflow.svc.cluster.local port: 15672