From 873fe2623e3230edd3931525163f2a3cd6a28030 Mon Sep 17 00:00:00 2001 From: Kochetkov S Date: Thu, 28 May 2026 16:43:56 +0300 Subject: [PATCH] add istio resources --- .../infrastructure/kustomization.yaml | 32 + .../infrastructure/patches/istio-base.yaml | 8 + .../infrastructure/patches/istio-config.yaml | 640 ++++++++++++++++++ .../infrastructure/patches/istio-gateway.yaml | 13 + .../infrastructure/patches/istio-pilot.yaml | 11 + 5 files changed, 704 insertions(+) create mode 100644 clusters/yc-k8s-test-02/infrastructure/patches/istio-base.yaml create mode 100644 clusters/yc-k8s-test-02/infrastructure/patches/istio-config.yaml create mode 100644 clusters/yc-k8s-test-02/infrastructure/patches/istio-gateway.yaml create mode 100644 clusters/yc-k8s-test-02/infrastructure/patches/istio-pilot.yaml diff --git a/clusters/yc-k8s-test-02/infrastructure/kustomization.yaml b/clusters/yc-k8s-test-02/infrastructure/kustomization.yaml index 4e07c26..f509af5 100644 --- a/clusters/yc-k8s-test-02/infrastructure/kustomization.yaml +++ b/clusters/yc-k8s-test-02/infrastructure/kustomization.yaml @@ -1,10 +1,42 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - ../../../infrastructure/istio-base + - ../../../infrastructure/istio-pilot + - ../../../infrastructure/istio-gateway + - ../../../infrastructure/istio-config - ../../../infrastructure/local-path-provisioner - ../../../infrastructure/minio - ../../../infrastructure/vault patches: + - path: ./patches/istio-base.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: istio-base + namespace: istio-system + - path: ./patches/istio-pilot.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: istiod + namespace: istio-system + - path: ./patches/istio-gateway.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: ingressgateway + namespace: istio-system + - path: ./patches/istio-config.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: istio-config + namespace: default - path: ./patches/local-path-provisioner.yaml target: group: helm.toolkit.fluxcd.io diff --git a/clusters/yc-k8s-test-02/infrastructure/patches/istio-base.yaml b/clusters/yc-k8s-test-02/infrastructure/patches/istio-base.yaml new file mode 100644 index 0000000..0c7f66e --- /dev/null +++ b/clusters/yc-k8s-test-02/infrastructure/patches/istio-base.yaml @@ -0,0 +1,8 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: istio-base + namespace: istio-system +spec: + interval: 5m + timeout: 10m diff --git a/clusters/yc-k8s-test-02/infrastructure/patches/istio-config.yaml b/clusters/yc-k8s-test-02/infrastructure/patches/istio-config.yaml new file mode 100644 index 0000000..ae93e83 --- /dev/null +++ b/clusters/yc-k8s-test-02/infrastructure/patches/istio-config.yaml @@ -0,0 +1,640 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: istio-config + namespace: default +spec: + interval: 5m + timeout: 10m + values: + global: + env: contour + environments: + contour: + certManager: + certificates: + platform-tls: + dnsNames: + - sarex.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + minio-tls: + dnsNames: + - minio.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + zitadel-tls: + dnsNames: + - zitadel.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + dashboard-tls: + dnsNames: + - dashboard.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + rabbitmq-tls: + dnsNames: + - rabbitmq.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + keycloak-tls: + dnsNames: + - keycloak.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + glitchtip-tls: + dnsNames: + - glitchtip.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + openobserve-tls: + dnsNames: + - openobserve.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + camunda-keycloak-tls: + dnsNames: + - camunda-keycloak.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + camunda-identity-tls: + dnsNames: + - camunda-identity.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + camunda-operate-tls: + dnsNames: + - camunda-operate.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + camunda-tasklist-tls: + dnsNames: + - camunda-tasklist.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + camunda-optimize-tls: + dnsNames: + - camunda-optimize.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + vault-tls: + dnsNames: + - vault.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + istio: + gateways: + platform: + name: platform-gateway + namespace: gateway + servers: + - hosts: + - sarex.contour.infra.sarex.tech + tls: + credentialName: platform-tls + minio: + name: minio-gateway + namespace: gateway + servers: + - hosts: + - minio.contour.infra.sarex.tech + tls: + credentialName: minio-tls + zitadel: + name: zitadel-gateway + namespace: gateway + servers: + - hosts: + - zitadel.contour.infra.sarex.tech + tls: + credentialName: zitadel-tls + dashboard: + name: dashboard-gateway + namespace: gateway + servers: + - hosts: + - dashboard.contour.infra.sarex.tech + tls: + credentialName: dashboard-tls + rabbitmq: + name: rabbitmq-gateway + namespace: gateway + servers: + - hosts: + - rabbitmq.contour.infra.sarex.tech + tls: + credentialName: rabbitmq-tls + keycloak: + name: keycloak-gateway + namespace: gateway + servers: + - hosts: + - keycloak.contour.infra.sarex.tech + tls: + credentialName: keycloak-tls + glitchtip: + name: glitchtip-gateway + namespace: gateway + servers: + - hosts: + - glitchtip.contour.infra.sarex.tech + tls: + credentialName: glitchtip-tls + openobserve: + name: openobserve-gateway + namespace: gateway + servers: + - hosts: + - openobserve.contour.infra.sarex.tech + tls: + credentialName: openobserve-tls + vault: + name: vault-gateway + namespace: gateway + servers: + - hosts: + - vault.contour.infra.sarex.tech + tls: + credentialName: vault-tls + camunda: + name: camunda-gateway + namespace: gateway + servers: + - hosts: + - camunda-keycloak.contour.infra.sarex.tech + tls: + credentialName: camunda-keycloak-tls + - hosts: + - camunda-identity.contour.infra.sarex.tech + tls: + credentialName: camunda-identity-tls + - hosts: + - camunda-operate.contour.infra.sarex.tech + tls: + credentialName: camunda-operate-tls + - hosts: + - camunda-tasklist.contour.infra.sarex.tech + tls: + credentialName: camunda-tasklist-tls + - hosts: + - camunda-optimize.contour.infra.sarex.tech + tls: + credentialName: camunda-optimize-tls + virtualServices: + platform: + name: sarex-frontend-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /admin/ + service: backend-svc.django.svc.cluster.local + port: 80 + + - path: + prefix: /api/ + service: backend-svc.django.svc.cluster.local + port: 80 + + - path: + prefix: / + service: frontend-svc.django.svc.cluster.local + port: 80 + gateway-platform: + name: pdm-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /gateway/ + rewrite: / + service: pdm-svc.documentations.svc.cluster.local + port: 80 + resources-admin: + name: resources-admin-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /resource-management + rewrite: /resource-management + service: backend-svc.resources.svc.cluster.local + port: 80 + srx-admin-frontend: + name: srx-admin-frontend-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /control-interface/ + rewrite: / + service: frontend-svc.control-interface.svc.cluster.local + port: 80 + workflows-frontend: + name: workflows-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /workflows/api/ + rewrite: /api/ + service: backend-svc.processing.svc.cluster.local + port: 80 + - path: + prefix: /workflows/ + rewrite: / + service: frontend-svc.processing.svc.cluster.local + port: 80 + eav-api: + name: eav-api-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /eav/api/ + rewrite: /api/ + service: backend-svc.eav.svc.cluster.local + port: 80 + issues-api: + name: issues-api-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /issues/api/ + rewrite: /api/ + service: backend-svc.issues.svc.cluster.local + port: 80 + flows-api: + name: flows-api-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /flows/api/ + rewrite: /api/ + service: backend-svc.flows.svc.cluster.local + port: 80 + rfi-api: + name: rfi-api-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /rfi/api/ + rewrite: /api/ + service: backend-svc.rfi.svc.cluster.local + port: 80 + transmittals-api: + name: flows-api-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /transmittals/api/ + rewrite: /api/ + service: backend-svc.transmittal.svc.cluster.local + port: 80 + workspaces-api: + name: workspaces-api-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /workspaces/api/ + rewrite: /api/ + service: backend-svc.workspaces.svc.cluster.local + port: 80 + documentations-frontend: + name: documentations-frontend-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /documentations/static/ + rewrite: / + service: frontend-svc.documentations.svc.cluster.local + port: 80 + transmittal-frontend: + name: transmittal-frontend-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /transmittal/static/ + rewrite: / + service: frontend-svc.transmittal.svc.cluster.local + port: 80 + documentations-api: + name: documentations-api-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /documentations/api/ + rewrite: /api/ + service: backend-api-svc.documentations.svc.cluster.local + port: 80 + mapper-api: + name: mapper-api-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /mapper/api/ + rewrite: /api/ + service: backend-svc.mapper.svc.cluster.local + port: 80 + filestream-api: + name: documentations-filestream-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /files/api/ + rewrite: /api/ + service: backend-filestream-svc.documentations.svc.cluster.local + port: 80 + issues-frontend: + name: issues-frontend-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /issues/static/ + rewrite: / + service: frontend-svc.issues.svc.cluster.local + port: 80 + flows-frontend: + name: flows-frontend-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /flows/static/ + rewrite: / + service: frontend-svc.flows.svc.cluster.local + port: 80 + reviews-frontend: + name: reviews-frontend-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /reviews/static/ + rewrite: / + service: frontend-svc.reviews.svc.cluster.local + port: 80 + rfi-frontend: + name: rfi-frontend-virt-service + namespace: gateway + hosts: + - sarex.contour.infra.sarex.tech + gateways: + - gateway/platform-gateway + routes: + - path: + prefix: /rfi/static/ + rewrite: / + service: frontend-svc.rfi.svc.cluster.local + port: 80 + vault: + name: vault-virt-service + namespace: gateway + hosts: + - vault.contour.infra.sarex.tech + gateways: + - gateway/vault-gateway + routes: + - path: + prefix: / + service: vault-vault-contour.vault.svc.cluster.local + port: 8200 + minio: + name: minio-virt-service + namespace: gateway + hosts: + - minio.contour.infra.sarex.tech + gateways: + - gateway/minio-gateway + routes: + - path: + prefix: /console/ + service: minio-console.minio.svc.cluster.local + port: 9001 + minio-api: + name: minio-api-virt-service + namespace: gateway + hosts: + - minio.contour.infra.sarex.tech + gateways: + - gateway/minio-gateway + routes: + - path: + prefix: / + service: minio.minio.svc.cluster.local + port: 9000 + zitadel: + name: zitadel-virt-service + namespace: gateway + hosts: + - zitadel.contour.infra.sarex.tech + gateways: + - gateway/zitadel-gateway + routes: + - path: + prefix: / + service: zitadel-idp-contour.zitadel.svc.cluster.local + port: 8080 + dashboard: + name: dashboard-virt-service + namespace: gateway + hosts: + - dashboard.contour.infra.sarex.tech + gateways: + - gateway/dashboard-gateway + routes: + - path: + prefix: / + service: dashboard-kong-proxy.kubernetes-dashboard.svc.cluster.local + port: 80 + rabbitmq: + name: rabbitmq-virt-service + namespace: gateway + hosts: + - rabbitmq.contour.infra.sarex.tech + gateways: + - gateway/rabbitmq-gateway + routes: + - path: + prefix: / + service: rabbitmq.rabbitmq.svc.cluster.local + port: 15672 + keycloak: + name: keycloak-virt-service + namespace: gateway + hosts: + - keycloak.contour.infra.sarex.tech + gateways: + - gateway/keycloak-gateway + routes: + - path: + prefix: / + service: keycloak-keycloak-contour.keycloak.svc.cluster.local + port: 80 + glitchtip: + name: glitchtip-virt-service + namespace: gateway + hosts: + - glitchtip.contour.infra.sarex.tech + gateways: + - gateway/glitchtip-gateway + routes: + - path: + prefix: / + service: glitchtip-web.glitchtip.svc.cluster.local + port: 8000 + openobserve: + name: openobserve-virt-service + namespace: gateway + hosts: + - openobserve.contour.infra.sarex.tech + gateways: + - gateway/openobserve-gateway + routes: + - path: + prefix: / + service: openobserve-web.openobserve.svc.cluster.local + port: 5080 + camunda-keycloak: + name: camunda-keycloak-virt-service + namespace: gateway + hosts: + - camunda-keycloak.contour.infra.sarex.tech + gateways: + - gateway/camunda-gateway + routes: + - path: + prefix: / + service: camunda-keycloak.camunda.svc.cluster.local + port: 80 + camunda-identity: + name: camunda-identity-virt-service + namespace: gateway + hosts: + - camunda-identity.contour.infra.sarex.tech + gateways: + - gateway/camunda-gateway + routes: + - path: + prefix: / + service: camunda-identity.camunda.svc.cluster.local + port: 80 + camunda-operate: + name: camunda-operate-virt-service + namespace: gateway + hosts: + - camunda-operate.contour.infra.sarex.tech + gateways: + - gateway/camunda-gateway + routes: + - path: + prefix: / + service: camunda-operate.camunda.svc.cluster.local + port: 80 + camunda-tasklist: + name: camunda-tasklist-virt-service + namespace: gateway + hosts: + - camunda-tasklist.contour.infra.sarex.tech + gateways: + - gateway/camunda-gateway + routes: + - path: + prefix: / + service: camunda-tasklist.camunda.svc.cluster.local + port: 80 + camunda-optimize: + name: camunda-optimize-virt-service + namespace: gateway + hosts: + - camunda-optimize.contour.infra.sarex.tech + gateways: + - gateway/camunda-gateway + routes: + - path: + prefix: / + service: camunda-optimize.camunda.svc.cluster.local + port: 80 diff --git a/clusters/yc-k8s-test-02/infrastructure/patches/istio-gateway.yaml b/clusters/yc-k8s-test-02/infrastructure/patches/istio-gateway.yaml new file mode 100644 index 0000000..df607ed --- /dev/null +++ b/clusters/yc-k8s-test-02/infrastructure/patches/istio-gateway.yaml @@ -0,0 +1,13 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: ingressgateway + namespace: istio-system +spec: + interval: 5m + timeout: 10m + dependsOn: + - name: istio-base + namespace: istio-system + - name: istiod + namespace: istio-system diff --git a/clusters/yc-k8s-test-02/infrastructure/patches/istio-pilot.yaml b/clusters/yc-k8s-test-02/infrastructure/patches/istio-pilot.yaml new file mode 100644 index 0000000..061b753 --- /dev/null +++ b/clusters/yc-k8s-test-02/infrastructure/patches/istio-pilot.yaml @@ -0,0 +1,11 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: istiod + namespace: istio-system +spec: + interval: 5m + timeout: 10m + dependsOn: + - name: istio-base + namespace: istio-system