sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add istio resources

Browse Source
This commit is contained in:
Kochetkov S 2026-05-28 16:43:56 +03:00
parent 9a4701771e
commit 873fe2623e
5 changed files with 704 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
clusters/yc-k8s-test-02/infrastructure/kustomization.yaml
View File

@ -1,10 +1,42 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ../../../infrastructure/istio-base
- ../../../infrastructure/istio-pilot
- ../../../infrastructure/istio-gateway
- ../../../infrastructure/istio-config
- ../../../infrastructure/local-path-provisioner - ../../../infrastructure/local-path-provisioner
- ../../../infrastructure/minio - ../../../infrastructure/minio
- ../../../infrastructure/vault - ../../../infrastructure/vault
patches: patches:
- path: ./patches/istio-base.yaml
target:
group: helm.toolkit.fluxcd.io
version: v2
kind: HelmRelease
name: istio-base
namespace: istio-system
- path: ./patches/istio-pilot.yaml
target:
group: helm.toolkit.fluxcd.io
version: v2
kind: HelmRelease
name: istiod
namespace: istio-system
- path: ./patches/istio-gateway.yaml
target:
group: helm.toolkit.fluxcd.io
version: v2
kind: HelmRelease
name: ingressgateway
namespace: istio-system
- path: ./patches/istio-config.yaml
target:
group: helm.toolkit.fluxcd.io
version: v2
kind: HelmRelease
name: istio-config
namespace: default
- path: ./patches/local-path-provisioner.yaml - path: ./patches/local-path-provisioner.yaml
target: target:
group: helm.toolkit.fluxcd.io group: helm.toolkit.fluxcd.io

8
clusters/yc-k8s-test-02/infrastructure/patches/istio-base.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: istio-base
namespace: istio-system
spec:
interval: 5m
timeout: 10m

640
clusters/yc-k8s-test-02/infrastructure/patches/istio-config.yaml Normal file
View File

@ -0,0 +1,640 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: istio-config
namespace: default
spec:
interval: 5m
timeout: 10m
values:
global:
env: contour
environments:
contour:
certManager:
certificates:
platform-tls:
dnsNames:
- sarex.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
minio-tls:
dnsNames:
- minio.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
zitadel-tls:
dnsNames:
- zitadel.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
dashboard-tls:
dnsNames:
- dashboard.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
rabbitmq-tls:
dnsNames:
- rabbitmq.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
keycloak-tls:
dnsNames:
- keycloak.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
glitchtip-tls:
dnsNames:
- glitchtip.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
openobserve-tls:
dnsNames:
- openobserve.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
camunda-keycloak-tls:
dnsNames:
- camunda-keycloak.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
camunda-identity-tls:
dnsNames:
- camunda-identity.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
camunda-operate-tls:
dnsNames:
- camunda-operate.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
camunda-tasklist-tls:
dnsNames:
- camunda-tasklist.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
camunda-optimize-tls:
dnsNames:
- camunda-optimize.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
vault-tls:
dnsNames:
- vault.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
istio:
gateways:
platform:
name: platform-gateway
namespace: gateway
servers:
- hosts:
- sarex.contour.infra.sarex.tech
tls:
credentialName: platform-tls
minio:
name: minio-gateway
namespace: gateway
servers:
- hosts:
- minio.contour.infra.sarex.tech
tls:
credentialName: minio-tls
zitadel:
name: zitadel-gateway
namespace: gateway
servers:
- hosts:
- zitadel.contour.infra.sarex.tech
tls:
credentialName: zitadel-tls
dashboard:
name: dashboard-gateway
namespace: gateway
servers:
- hosts:
- dashboard.contour.infra.sarex.tech
tls:
credentialName: dashboard-tls
rabbitmq:
name: rabbitmq-gateway
namespace: gateway
servers:
- hosts:
- rabbitmq.contour.infra.sarex.tech
tls:
credentialName: rabbitmq-tls
keycloak:
name: keycloak-gateway
namespace: gateway
servers:
- hosts:
- keycloak.contour.infra.sarex.tech
tls:
credentialName: keycloak-tls
glitchtip:
name: glitchtip-gateway
namespace: gateway
servers:
- hosts:
- glitchtip.contour.infra.sarex.tech
tls:
credentialName: glitchtip-tls
openobserve:
name: openobserve-gateway
namespace: gateway
servers:
- hosts:
- openobserve.contour.infra.sarex.tech
tls:
credentialName: openobserve-tls
vault:
name: vault-gateway
namespace: gateway
servers:
- hosts:
- vault.contour.infra.sarex.tech
tls:
credentialName: vault-tls
camunda:
name: camunda-gateway
namespace: gateway
servers:
- hosts:
- camunda-keycloak.contour.infra.sarex.tech
tls:
credentialName: camunda-keycloak-tls
- hosts:
- camunda-identity.contour.infra.sarex.tech
tls:
credentialName: camunda-identity-tls
- hosts:
- camunda-operate.contour.infra.sarex.tech
tls:
credentialName: camunda-operate-tls
- hosts:
- camunda-tasklist.contour.infra.sarex.tech
tls:
credentialName: camunda-tasklist-tls
- hosts:
- camunda-optimize.contour.infra.sarex.tech
tls:
credentialName: camunda-optimize-tls
virtualServices:
platform:
name: sarex-frontend-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /admin/
service: backend-svc.django.svc.cluster.local
port: 80
- path:
prefix: /api/
service: backend-svc.django.svc.cluster.local
port: 80
- path:
prefix: /
service: frontend-svc.django.svc.cluster.local
port: 80
gateway-platform:
name: pdm-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /gateway/
rewrite: /
service: pdm-svc.documentations.svc.cluster.local
port: 80
resources-admin:
name: resources-admin-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /resource-management
rewrite: /resource-management
service: backend-svc.resources.svc.cluster.local
port: 80
srx-admin-frontend:
name: srx-admin-frontend-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /control-interface/
rewrite: /
service: frontend-svc.control-interface.svc.cluster.local
port: 80
workflows-frontend:
name: workflows-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /workflows/api/
rewrite: /api/
service: backend-svc.processing.svc.cluster.local
port: 80
- path:
prefix: /workflows/
rewrite: /
service: frontend-svc.processing.svc.cluster.local
port: 80
eav-api:
name: eav-api-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /eav/api/
rewrite: /api/
service: backend-svc.eav.svc.cluster.local
port: 80
issues-api:
name: issues-api-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /issues/api/
rewrite: /api/
service: backend-svc.issues.svc.cluster.local
port: 80
flows-api:
name: flows-api-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /flows/api/
rewrite: /api/
service: backend-svc.flows.svc.cluster.local
port: 80
rfi-api:
name: rfi-api-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /rfi/api/
rewrite: /api/
service: backend-svc.rfi.svc.cluster.local
port: 80
transmittals-api:
name: flows-api-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /transmittals/api/
rewrite: /api/
service: backend-svc.transmittal.svc.cluster.local
port: 80
workspaces-api:
name: workspaces-api-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /workspaces/api/
rewrite: /api/
service: backend-svc.workspaces.svc.cluster.local
port: 80
documentations-frontend:
name: documentations-frontend-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /documentations/static/
rewrite: /
service: frontend-svc.documentations.svc.cluster.local
port: 80
transmittal-frontend:
name: transmittal-frontend-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /transmittal/static/
rewrite: /
service: frontend-svc.transmittal.svc.cluster.local
port: 80
documentations-api:
name: documentations-api-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /documentations/api/
rewrite: /api/
service: backend-api-svc.documentations.svc.cluster.local
port: 80
mapper-api:
name: mapper-api-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /mapper/api/
rewrite: /api/
service: backend-svc.mapper.svc.cluster.local
port: 80
filestream-api:
name: documentations-filestream-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /files/api/
rewrite: /api/
service: backend-filestream-svc.documentations.svc.cluster.local
port: 80
issues-frontend:
name: issues-frontend-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /issues/static/
rewrite: /
service: frontend-svc.issues.svc.cluster.local
port: 80
flows-frontend:
name: flows-frontend-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /flows/static/
rewrite: /
service: frontend-svc.flows.svc.cluster.local
port: 80
reviews-frontend:
name: reviews-frontend-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /reviews/static/
rewrite: /
service: frontend-svc.reviews.svc.cluster.local
port: 80
rfi-frontend:
name: rfi-frontend-virt-service
namespace: gateway
hosts:
- sarex.contour.infra.sarex.tech
gateways:
- gateway/platform-gateway
routes:
- path:
prefix: /rfi/static/
rewrite: /
service: frontend-svc.rfi.svc.cluster.local
port: 80
vault:
name: vault-virt-service
namespace: gateway
hosts:
- vault.contour.infra.sarex.tech
gateways:
- gateway/vault-gateway
routes:
- path:
prefix: /
service: vault-vault-contour.vault.svc.cluster.local
port: 8200
minio:
name: minio-virt-service
namespace: gateway
hosts:
- minio.contour.infra.sarex.tech
gateways:
- gateway/minio-gateway
routes:
- path:
prefix: /console/
service: minio-console.minio.svc.cluster.local
port: 9001
minio-api:
name: minio-api-virt-service
namespace: gateway
hosts:
- minio.contour.infra.sarex.tech
gateways:
- gateway/minio-gateway
routes:
- path:
prefix: /
service: minio.minio.svc.cluster.local
port: 9000
zitadel:
name: zitadel-virt-service
namespace: gateway
hosts:
- zitadel.contour.infra.sarex.tech
gateways:
- gateway/zitadel-gateway
routes:
- path:
prefix: /
service: zitadel-idp-contour.zitadel.svc.cluster.local
port: 8080
dashboard:
name: dashboard-virt-service
namespace: gateway
hosts:
- dashboard.contour.infra.sarex.tech
gateways:
- gateway/dashboard-gateway
routes:
- path:
prefix: /
service: dashboard-kong-proxy.kubernetes-dashboard.svc.cluster.local
port: 80
rabbitmq:
name: rabbitmq-virt-service
namespace: gateway
hosts:
- rabbitmq.contour.infra.sarex.tech
gateways:
- gateway/rabbitmq-gateway
routes:
- path:
prefix: /
service: rabbitmq.rabbitmq.svc.cluster.local
port: 15672
keycloak:
name: keycloak-virt-service
namespace: gateway
hosts:
- keycloak.contour.infra.sarex.tech
gateways:
- gateway/keycloak-gateway
routes:
- path:
prefix: /
service: keycloak-keycloak-contour.keycloak.svc.cluster.local
port: 80
glitchtip:
name: glitchtip-virt-service
namespace: gateway
hosts:
- glitchtip.contour.infra.sarex.tech
gateways:
- gateway/glitchtip-gateway
routes:
- path:
prefix: /
service: glitchtip-web.glitchtip.svc.cluster.local
port: 8000
openobserve:
name: openobserve-virt-service
namespace: gateway
hosts:
- openobserve.contour.infra.sarex.tech
gateways:
- gateway/openobserve-gateway
routes:
- path:
prefix: /
service: openobserve-web.openobserve.svc.cluster.local
port: 5080
camunda-keycloak:
name: camunda-keycloak-virt-service
namespace: gateway
hosts:
- camunda-keycloak.contour.infra.sarex.tech
gateways:
- gateway/camunda-gateway
routes:
- path:
prefix: /
service: camunda-keycloak.camunda.svc.cluster.local
port: 80
camunda-identity:
name: camunda-identity-virt-service
namespace: gateway
hosts:
- camunda-identity.contour.infra.sarex.tech
gateways:
- gateway/camunda-gateway
routes:
- path:
prefix: /
service: camunda-identity.camunda.svc.cluster.local
port: 80
camunda-operate:
name: camunda-operate-virt-service
namespace: gateway
hosts:
- camunda-operate.contour.infra.sarex.tech
gateways:
- gateway/camunda-gateway
routes:
- path:
prefix: /
service: camunda-operate.camunda.svc.cluster.local
port: 80
camunda-tasklist:
name: camunda-tasklist-virt-service
namespace: gateway
hosts:
- camunda-tasklist.contour.infra.sarex.tech
gateways:
- gateway/camunda-gateway
routes:
- path:
prefix: /
service: camunda-tasklist.camunda.svc.cluster.local
port: 80
camunda-optimize:
name: camunda-optimize-virt-service
namespace: gateway
hosts:
- camunda-optimize.contour.infra.sarex.tech
gateways:
- gateway/camunda-gateway
routes:
- path:
prefix: /
service: camunda-optimize.camunda.svc.cluster.local
port: 80

13
clusters/yc-k8s-test-02/infrastructure/patches/istio-gateway.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: ingressgateway
namespace: istio-system
spec:
interval: 5m
timeout: 10m
dependsOn:
- name: istio-base
namespace: istio-system
- name: istiod
namespace: istio-system

11
clusters/yc-k8s-test-02/infrastructure/patches/istio-pilot.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: istiod
namespace: istio-system
spec:
interval: 5m
timeout: 10m
dependsOn:
- name: istio-base
namespace: istio-system