From dce53c0a73797a47ea325217bfbb0385358eb005 Mon Sep 17 00:00:00 2001
From: Kochetkov S <kochetkov.s@sarex.io>
Date: Tue, 14 Apr 2026 14:03:09 +0300
Subject: [PATCH 1/4] add vault

---
 clusters/yc-k8s-test/infrastructure/kustomization.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/clusters/yc-k8s-test/infrastructure/kustomization.yaml b/clusters/yc-k8s-test/infrastructure/kustomization.yaml
index c114093..792329d 100644
--- a/clusters/yc-k8s-test/infrastructure/kustomization.yaml
+++ b/clusters/yc-k8s-test/infrastructure/kustomization.yaml
@@ -139,5 +139,5 @@ patches:
       group: helm.toolkit.fluxcd.io
       version: v2
       kind: HelmRelease
-      name: vailt
+      name: vault
       namespace: vault    

From 4bdd77e66dedd100af1d88f48771a4d1fa4ba13a Mon Sep 17 00:00:00 2001
From: Kochetkov S <kochetkov.s@sarex.io>
Date: Tue, 14 Apr 2026 14:10:05 +0300
Subject: [PATCH 2/4] add SC to vault overrides

---
 clusters/yc-k8s-test/infrastructure/patches/vault.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/clusters/yc-k8s-test/infrastructure/patches/vault.yaml b/clusters/yc-k8s-test/infrastructure/patches/vault.yaml
index ee2ac55..3fd1bb4 100644
--- a/clusters/yc-k8s-test/infrastructure/patches/vault.yaml
+++ b/clusters/yc-k8s-test/infrastructure/patches/vault.yaml
@@ -6,3 +6,8 @@ metadata:
 spec:
   interval: 5m
   timeout: 10m
+  values: 
+    server:
+      dataStorage:
+        storageClass: local-path 
+    

From e7b8434ad60bb21c7e9c2f2a81c0fd279e736e89 Mon Sep 17 00:00:00 2001
From: Kochetkov S <kochetkov.s@sarex.io>
Date: Tue, 14 Apr 2026 14:26:53 +0300
Subject: [PATCH 3/4] add vault vs + gw + crt

---
 .../infrastructure/patches/istio-config.yaml  | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml b/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml
index 44d4ceb..e6f567b 100644
--- a/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml
+++ b/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml
@@ -73,6 +73,12 @@ spec:
               issuerRef:
                 name: letsencrypt-issuer-istio
                 kind: ClusterIssuer
+            vault-tls:
+              dnsNames:
+                - vault.contour.infra.sarex.tech
+              issuerRef:
+                name: letsencrypt-issuer-istio
+                kind: ClusterIssuer    
         istio:
           gateways:
             minio:
@@ -115,6 +121,14 @@ spec:
                     - keycloak.contour.infra.sarex.tech
                   tls:
                     credentialName: keycloak-tls
+            vault:
+              name: vault-gateway
+              namespace: vault
+              servers:
+                - hosts:
+                    - vault.contour.infra.sarex.tech
+                  tls:
+                    credentialName: vault-tls        
             camunda:
               name: camunda-gateway
               namespace: gateway
@@ -140,6 +154,18 @@ spec:
                   tls:
                     credentialName: camunda-optimize-tls
           virtualServices:
+            vault:
+              name: vault-virt-service
+              namespace: gateway
+              hosts:
+                - vault.contour.infra.sarex.tech
+              gateways:
+                - gateway/vault-gateway
+              routes:
+                - path:
+                    prefix: /
+                  service: vault-vault-contour.vault.svc.cluster.local
+                  port: 8200
             minio:
               name: minio-virt-service
               namespace: gateway

From 2307361c07be51faf9e5d1bbb50e37f1732040dc Mon Sep 17 00:00:00 2001
From: Kochetkov S <kochetkov.s@sarex.io>
Date: Tue, 14 Apr 2026 14:31:09 +0300
Subject: [PATCH 4/4] add vault vs + gw + crt

---
 clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml b/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml
index e6f567b..a7088c8 100644
--- a/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml
+++ b/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml
@@ -123,7 +123,7 @@ spec:
                     credentialName: keycloak-tls
             vault:
               name: vault-gateway
-              namespace: vault
+              namespace: gateway
               servers:
                 - hosts:
                     - vault.contour.infra.sarex.tech