apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: vault-cert
  namespace: istio-system
spec:
  dnsNames:
    - vault.invest.cps.sarex.lonsdaleites.ru
  issuerRef:
    kind: ClusterIssuer
    name: letsencrypt-prod
  secretName: vault-tls
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: vault-gateway
  namespace: gateway
spec:
  selector:
    istio: ingressgateway
  servers:
    - hosts:
        - vault.invest.cps.sarex.lonsdaleites.ru
      port:
        name: http
        number: 80
        protocol: HTTP
    - hosts:
        - vault.invest.cps.sarex.lonsdaleites.ru
      port:
        name: https
        number: 443
        protocol: HTTPS
      tls:
        credentialName: vault-tls
        mode: SIMPLE
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: vault-virt-service
  namespace: vault
spec:
  gateways:
    - gateway/vault-gateway
  hosts:
    - vault.invest.cps.sarex.lonsdaleites.ru
  http:
    - match:
        - uri:
            prefix: /
      route:
        - destination:
            host: vault-vault-contour.vault.svc.cluster.local
            port:
              number: 8200