iac/clusters/yc-cps-prod/infrastructure/vault-istio.yaml

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: vault-cert
  namespace: istio-system
spec:
  dnsNames:
    - vault.infra.cps.sarex.io
  duration: 2160h
  issuerRef:
    kind: ClusterIssuer
    name: letsencrypt-issuer-istio
  privateKey:
    rotationPolicy: Always
  renewBefore: 360h
  secretName: vault-tls
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: vault-gateway
  namespace: gateway
spec:
  selector:
    istio: ingressgateway
  servers:
    - hosts:
        - vault.infra.cps.sarex.io
      port:
        name: https-443
        number: 443
        protocol: HTTPS
      tls:
        credentialName: vault-tls
        mode: SIMPLE
    - hosts:
        - vault.infra.cps.sarex.io
      port:
        name: http-80
        number: 80
        protocol: HTTP
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: vault-virt-service
  namespace: vault
spec:
  gateways:
    - gateway/vault-gateway
  hosts:
    - vault.infra.cps.sarex.io
  http:
    - match:
        - uri:
            prefix: /
      route:
        - destination:
            host: vault-vault-contour.vault.svc.cluster.local
            port:
              number: 8200