diff --git a/clusters/yc-k8s-test/infrastructure/kustomization.yaml b/clusters/yc-k8s-test/infrastructure/kustomization.yaml index c114093..792329d 100644 --- a/clusters/yc-k8s-test/infrastructure/kustomization.yaml +++ b/clusters/yc-k8s-test/infrastructure/kustomization.yaml @@ -139,5 +139,5 @@ patches: group: helm.toolkit.fluxcd.io version: v2 kind: HelmRelease - name: vailt + name: vault namespace: vault diff --git a/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml b/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml index 44d4ceb..a7088c8 100644 --- a/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml +++ b/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml @@ -73,6 +73,12 @@ spec: issuerRef: name: letsencrypt-issuer-istio kind: ClusterIssuer + vault-tls: + dnsNames: + - vault.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer istio: gateways: minio: @@ -115,6 +121,14 @@ spec: - keycloak.contour.infra.sarex.tech tls: credentialName: keycloak-tls + vault: + name: vault-gateway + namespace: gateway + servers: + - hosts: + - vault.contour.infra.sarex.tech + tls: + credentialName: vault-tls camunda: name: camunda-gateway namespace: gateway @@ -140,6 +154,18 @@ spec: tls: credentialName: camunda-optimize-tls virtualServices: + vault: + name: vault-virt-service + namespace: gateway + hosts: + - vault.contour.infra.sarex.tech + gateways: + - gateway/vault-gateway + routes: + - path: + prefix: / + service: vault-vault-contour.vault.svc.cluster.local + port: 8200 minio: name: minio-virt-service namespace: gateway diff --git a/clusters/yc-k8s-test/infrastructure/patches/vault.yaml b/clusters/yc-k8s-test/infrastructure/patches/vault.yaml index ee2ac55..3fd1bb4 100644 --- a/clusters/yc-k8s-test/infrastructure/patches/vault.yaml +++ b/clusters/yc-k8s-test/infrastructure/patches/vault.yaml @@ -6,3 +6,8 @@ metadata: spec: interval: 5m timeout: 10m + values: + server: + dataStorage: + storageClass: local-path +