sarex/iac
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6bae522d30
iac/clusters/brusnika-prod/infrastructure/patches/istio-config.yaml

644 lines
21 KiB
YAML
Raw Blame History

apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: istio-config
namespace: default
spec:
install:
disableWait: true
upgrade:
disableWait: true
values:
global:
env: brusnika-prod
environments:
brusnika-prod:
namespaces: []
certManager:
clusterIssuers: {}
certificates:
argocd-secret-name:
namespace: ingress-nginx
dnsNames:
- argocd.brusnika.onprem.sarex.io
issuerRef:
name: letsencrypt
kind: ClusterIssuer
camunda-identity-tls:
namespace: ingress-nginx
dnsNames:
- identity.camunda.cde.brusnika.ru
issuerRef:
name: letsencrypt
kind: ClusterIssuer
keycloak.camunda.cde.brusnika.ru-tls:
namespace: ingress-nginx
dnsNames:
- keycloak.camunda.cde.brusnika.ru
issuerRef:
name: letsencrypt
kind: ClusterIssuer
camunda-platform-operate-tls:
namespace: ingress-nginx
dnsNames:
- operate.camunda.cde.brusnika.ru
issuerRef:
name: letsencrypt
kind: ClusterIssuer
camunda-optimize-tls:
namespace: ingress-nginx
dnsNames:
- optimize.camunda.cde.brusnika.ru
issuerRef:
name: letsencrypt
kind: ClusterIssuer
camunda-platform-tasklist-tls:
namespace: ingress-nginx
dnsNames:
- tasklist.camunda.cde.brusnika.ru
issuerRef:
name: letsencrypt
kind: ClusterIssuer
yet-another-nginx-secret-name:
namespace: ingress-nginx
dnsNames:
- document-link.cde.brusnika.ru
- cde.brusnika.ru
- rabbitmq.cde.brusnika.ru
issuerRef:
name: letsencrypt
kind: ClusterIssuer
tls-secret-for-qr:
namespace: ingress-nginx
dnsNames:
- stamp-verification.cde.brusnika.ru
issuerRef:
name: letsencrypt
kind: ClusterIssuer
gitea-prod-tls:
namespace: ingress-nginx
dnsNames:
- gitea.prod.brusnika.sarex.lonsdaleites.ru
issuerRef:
name: letsencrypt
kind: ClusterIssuer
jupyter-cert-secret:
namespace: ingress-nginx
dnsNames:
- jupyter.brusnika.onprem.sarex.io
issuerRef:
name: letsencrypt
kind: ClusterIssuer
dashboard-secret-name:
namespace: ingress-nginx
dnsNames:
- dashboard.brusnika.onprem.sarex.io
issuerRef:
name: letsencrypt
kind: ClusterIssuer
brusnika-secret-name:
namespace: ingress-nginx
dnsNames:
- minio.brusnika.onprem.sarex.io
issuerRef:
name: letsencrypt
kind: ClusterIssuer
projects-secret-name:
namespace: ingress-nginx
dnsNames:
- sso.brusnika.onprem.sarex.io
issuerRef:
name: letsencrypt
kind: ClusterIssuer
superset-tls-secret:
namespace: ingress-nginx
dnsNames:
- superset.cde.brusnika.ru
issuerRef:
name: letsencrypt
kind: ClusterIssuer
vault-prod-tls:
namespace: ingress-nginx
dnsNames:
- vault.prod.brusnika.sarex.lonsdaleites.ru
issuerRef:
name: letsencrypt
kind: ClusterIssuer
zitadel-tls:
namespace: ingress-nginx
dnsNames:
- zitadel.brusnika.onprem.sarex.io
issuerRef:
name: letsencrypt
kind: ClusterIssuer
istio:
envoyFilters: {}
authorizationPolicies: {}
requestAuthentications: {}
gateways:
argocd:
name: argocd-gw
namespace: ingress-nginx
selector:
istio: ingressgateway
servers:
- hosts:
- argocd.brusnika.onprem.sarex.io
tls:
credentialName: argocd-secret-name
camunda-identity:
name: camunda-identity-gw
namespace: ingress-nginx
selector:
istio: ingressgateway
servers:
- hosts:
- identity.camunda.cde.brusnika.ru
tls:
credentialName: camunda-identity-tls
camunda-keycloak:
name: camunda-keycloak-gw
namespace: ingress-nginx
selector:
istio: ingressgateway
servers:
- hosts:
- keycloak.camunda.cde.brusnika.ru
tls:
credentialName: keycloak.camunda.cde.brusnika.ru-tls
camunda-operate:
name: camunda-operate-gw
namespace: ingress-nginx
selector:
istio: ingressgateway
servers:
- hosts:
- operate.camunda.cde.brusnika.ru
tls:
credentialName: camunda-platform-operate-tls
camunda-optimize:
name: camunda-optimize-gw
namespace: ingress-nginx
selector:
istio: ingressgateway
servers:
- hosts:
- optimize.camunda.cde.brusnika.ru
tls:
credentialName: camunda-optimize-tls
camunda-tasklist:
name: camunda-tasklist-gw
namespace: ingress-nginx
selector:
istio: ingressgateway
servers:
- hosts:
- tasklist.camunda.cde.brusnika.ru
tls:
credentialName: camunda-platform-tasklist-tls
document-link:
name: document-link-gw
namespace: ingress-nginx
selector:
istio: ingressgateway
servers:
- hosts:
- document-link.cde.brusnika.ru
tls:
credentialName: yet-another-nginx-secret-name
stamp-verification:
name: stamp-verification-gw
namespace: ingress-nginx
selector:
istio: ingressgateway
servers:
- hosts:
- stamp-verification.cde.brusnika.ru
tls:
credentialName: tls-secret-for-qr
gitea:
name: gitea-gw
namespace: ingress-nginx
selector:
istio: ingressgateway
servers:
- hosts:
- gitea.prod.brusnika.sarex.lonsdaleites.ru
tls:
credentialName: gitea-prod-tls
global-cde:
name: global-cde-gw
namespace: ingress-nginx
selector:
istio: ingressgateway
servers:
- hosts:
- cde.brusnika.ru
tls:
credentialName: yet-another-nginx-secret-name
jupyter:
name: jupyter-gw
namespace: ingress-nginx
selector:
istio: ingressgateway
servers:
- hosts:
- jupyter.brusnika.onprem.sarex.io
tls:
credentialName: jupyter-cert-secret
dashboard:
name: dashboard-gw
namespace: ingress-nginx
selector:
istio: ingressgateway
servers:
- hosts:
- dashboard.brusnika.onprem.sarex.io
tls:
credentialName: dashboard-secret-name
minio:
name: minio-gw
namespace: ingress-nginx
selector:
istio: ingressgateway
servers:
- hosts:
- minio.brusnika.onprem.sarex.io
tls:
credentialName: brusnika-secret-name
sso-check:
name: sso-check-gw
namespace: ingress-nginx
selector:
istio: ingressgateway
servers:
- hosts:
- sso.brusnika.onprem.sarex.io
tls:
credentialName: projects-secret-name
superset:
name: superset-gw
namespace: ingress-nginx
selector:
istio: ingressgateway
servers:
- hosts:
- superset.cde.brusnika.ru
tls:
credentialName: superset-tls-secret
vault:
name: vault-gw
namespace: ingress-nginx
selector:
istio: ingressgateway
servers:
- hosts:
- vault.prod.brusnika.sarex.lonsdaleites.ru
tls:
credentialName: vault-prod-tls
zitadel:
name: zitadel-gw
namespace: ingress-nginx
selector:
istio: ingressgateway
servers:
- hosts:
- zitadel.brusnika.onprem.sarex.io
tls:
credentialName: zitadel-tls
rabbitmq:
name: rabbitmq-gw
namespace: ingress-nginx
selector:
istio: ingressgateway
servers:
- hosts:
- rabbitmq.cde.brusnika.ru
tls:
credentialName: yet-another-nginx-secret-name
virtualServices:
argocd-vs:
namespace: argocd
hosts:
- argocd.brusnika.onprem.sarex.io
gateways:
- ingress-nginx/argocd-gw
cors:
allowOrigins:
- regex: ".*"
routes:
- match:
- port: 80
uri:
prefix: /
redirect:
scheme: https
redirectCode: 308
- path:
prefix: /
service: argocd-server.argocd.svc.cluster.local
port: 80
camunda-identity-vs:
namespace: camunda
hosts:
- identity.camunda.cde.brusnika.ru
gateways:
- ingress-nginx/camunda-identity-gw
routes:
- path:
prefix: /
service: camunda-identity.camunda.svc.cluster.local
port: 80
camunda-keycloak-vs:
namespace: camunda
hosts:
- keycloak.camunda.cde.brusnika.ru
gateways:
- ingress-nginx/camunda-keycloak-gw
routes:
- match:
- port: 80
uri:
prefix: /auth/
redirect:
scheme: https
redirectCode: 308
- path:
prefix: /auth/
service: camunda-keycloak.camunda.svc.cluster.local
port: 80
camunda-operate-vs:
namespace: camunda
hosts:
- operate.camunda.cde.brusnika.ru
gateways:
- ingress-nginx/camunda-operate-gw
routes:
- path:
prefix: /
service: camunda-operate.camunda.svc.cluster.local
port: 80
camunda-optimize-vs:
namespace: camunda
hosts:
- optimize.camunda.cde.brusnika.ru
gateways:
- ingress-nginx/camunda-optimize-gw
routes:
- path:
prefix: /
service: camunda-optimize.camunda.svc.cluster.local
port: 80
camunda-tasklist-vs:
namespace: camunda
hosts:
- tasklist.camunda.cde.brusnika.ru
gateways:
- ingress-nginx/camunda-tasklist-gw
routes:
- path:
prefix: /
service: camunda-tasklist.camunda.svc.cluster.local
port: 80
document-link-vs:
namespace: documentations
hosts:
- document-link.cde.brusnika.ru
gateways:
- ingress-nginx/document-link-gw
cors:
allowOrigins:
- regex: ".*"
routes:
- match:
- port: 80
uri:
prefix: /
redirect:
scheme: https
redirectCode: 308
- path:
prefix: /
service: frontend-service-public-link.documentations.svc.cluster.local
port: 80
stamp-verification-vs:
namespace: documentations
hosts:
- stamp-verification.cde.brusnika.ru
gateways:
- ingress-nginx/stamp-verification-gw
cors:
allowOrigins:
- regex: ".*"
routes:
- match:
- port: 80
uri:
prefix: /
redirect:
scheme: https
redirectCode: 308
- path:
prefix: /
service: stamp-verification-frontend-service.documentations.svc.cluster.local
port: 8080
gitea-vs:
namespace: gitea
hosts:
- gitea.prod.brusnika.sarex.lonsdaleites.ru
gateways:
- ingress-nginx/gitea-gw
routes:
- match:
- port: 80
uri:
prefix: /
redirect:
scheme: https
redirectCode: 308
- path:
prefix: /
service: gitea.gitea.svc.cluster.local
port: 3000
global-cde-vs:
namespace: global-ingress
hosts:
- cde.brusnika.ru
gateways:
- ingress-nginx/global-cde-gw
cors:
allowOrigins:
- exact: https://cde.brusnika.ru
- exact: https://stamp-verification.cde.brusnika.ru
- exact: https://document-link.cde.brusnika.ru
routes:
- match:
- port: 80
uri:
prefix: /
redirect:
scheme: https
redirectCode: 308
- path:
prefix: /integration/
service: yet-another-nginx-service.global-ingress.svc.cluster.local
port: 80
- path:
prefix: /
service: nginx-service.global-ingress.svc.cluster.local
port: 80
jupyter-vs:
namespace: jupyter
hosts:
- jupyter.brusnika.onprem.sarex.io
gateways:
- ingress-nginx/jupyter-gw
cors:
allowOrigins:
- regex: ".*"
routes:
- match:
- port: 80
uri:
prefix: /
redirect:
scheme: https
redirectCode: 308
- path:
prefix: /
service: jupyter.jupyter.svc.cluster.local
port: 8888
dashboard-vs:
namespace: kubernetes-dashboard
hosts:
- dashboard.brusnika.onprem.sarex.io
gateways:
- ingress-nginx/dashboard-gw
cors:
allowOrigins:
- regex: ".*"
routes:
- match:
- port: 80
uri:
prefix: /
redirect:
scheme: https
redirectCode: 308
- path:
prefix: /
service: kubernetes-dashboard.kubernetes-dashboard.svc.cluster.local
port: 80
minio-vs:
namespace: minio
hosts:
- minio.brusnika.onprem.sarex.io
gateways:
- ingress-nginx/minio-gw
cors:
allowOrigins:
- regex: ".*"
routes:
- match:
- port: 80
uri:
prefix: /
redirect:
scheme: https
redirectCode: 308
- path:
prefix: /
service: minio-console-service.minio.svc.cluster.local
port: 80
sso-check-vs:
namespace: sso-check
hosts:
- sso.brusnika.onprem.sarex.io
gateways:
- ingress-nginx/sso-check-gw
cors:
allowOrigins:
- regex: ".*"
routes:
- match:
- port: 80
uri:
prefix: /
redirect:
scheme: https
redirectCode: 308
- path:
prefix: /
service: gatekeeper-service.sso-check.svc.cluster.local
port: 80
superset-vs:
namespace: superset
hosts:
- superset.cde.brusnika.ru
gateways:
- ingress-nginx/superset-gw
routes:
- match:
- port: 80
uri:
prefix: /
redirect:
scheme: https
redirectCode: 308
- path:
prefix: /
service: superset.superset.svc.cluster.local
port: 8088
vault-vs:
namespace: vault
hosts:
- vault.prod.brusnika.sarex.lonsdaleites.ru
gateways:
- ingress-nginx/vault-gw
routes:
- match:
- port: 80
uri:
prefix: /
redirect:
scheme: https
redirectCode: 308
- path:
prefix: /
service: vault-vault-contour.vault.svc.cluster.local
port: 8200
zitadel-vs:
namespace: zitadel
hosts:
- zitadel.brusnika.onprem.sarex.io
gateways:
- ingress-nginx/zitadel-gw
routes:
- path:
prefix: /
service: zitadel-idp-contour.zitadel.svc.cluster.local
port: 8080
rabbitmq-vs:
namespace: workflow
hosts:
- rabbitmq.cde.brusnika.ru
gateways:
- ingress-nginx/rabbitmq-gw
cors:
allowOrigins:
- exact: https://cde.brusnika.ru
- exact: https://stamp-verification.cde.brusnika.ru
- exact: https://document-link.cde.brusnika.ru
routes:
- match:
- port: 80
uri:
prefix: /
redirect:
scheme: https
redirectCode: 308
- path:
prefix: /
service: rabbitmq-service.workflow.svc.cluster.local
port: 15672
Reference in New Issue View Git Blame Copy Permalink