sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add isito-config

Browse Source
This commit is contained in:
Kochetkov S 2026-04-13 16:17:37 +03:00
parent 2d98d143b7
commit ded0022fd9
9 changed files with 295 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
clusters/yc-k8s-test/infrastructure/kustomization.yaml
View File

@ -31,6 +31,13 @@ patches:
kind: HelmRelease
name: ingressgateway
namespace: istio-system
- path: ./patches/istio-config.yaml
target:
group: helm.toolkit.fluxcd.io
version: v2
kind: HelmRelease
name: istio-config
namespace: default
- path: ./patches/dashboard.yaml
target:
group: helm.toolkit.fluxcd.io
@ -38,13 +45,6 @@ patches:
kind: HelmRelease
name: dashboard
namespace: kubernetes-dashboard
- path: ./patches/dashboard-certificate.yaml
target:
group: cert-manager.io
version: v1
kind: Certificate
name: dashboard-tls
namespace: istio-system
- path: ./patches/clusterissuer-letsencrypt.yaml
target:
group: cert-manager.io

2
clusters/yc-k8s-test/infrastructure/patches/camunda.yaml
View File

@ -26,8 +26,6 @@ spec:
redirectUrl: "https://camunda-web-modeler.contour.infra.sarex.tech"
console:
redirectUrl: "https://camunda-console.contour.infra.sarex.tech"
virtualService: []
gateway: []
identityPostgresql:
primary:
persistence:

8
clusters/yc-k8s-test/infrastructure/patches/dashboard-certificate.yaml
View File

@ -1,8 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: dashboard-tls
namespace: istio-system
spec:
dnsNames:
- dashboard.contour.infra.sarex.tech

42
clusters/yc-k8s-test/infrastructure/patches/dashboard.yaml
View File

@ -11,47 +11,10 @@ spec:
enabled: true
host: "dashboard-kong-proxy"
tlsMode: "DISABLE"
virtualService:
enabled: true
annotations: {}
labels: {}
name: dashboard-virt-service
namespace: kubernetes-dashboard
gateways:
- istio-system/dashboard-gateway
hosts:
- dashboard.contour.infra.sarex.tech
http:
- match:
uriPrefix: /
route:
destination:
host: dashboard-kong-proxy
port: 80
enabled: false
gateway:
enabled: true
name: dashboard-gateway
namespace: istio-system
selector:
istio: ingressgateway
servers:
- hosts:
- dashboard.contour.infra.sarex.tech
port:
name: https-443
number: 443
protocol: HTTPS
tls:
credentialName: dashboard-tls
mode: SIMPLE
- hosts:
- dashboard.contour.infra.sarex.tech
port:
name: http-80
number: 80
protocol: HTTP
enabled: false
app:
image:
pullSecrets:
@ -60,4 +23,3 @@ spec:
image:
pullSecrets:
- regcred

282
clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml Normal file
View File

@ -0,0 +1,282 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: istio-config
namespace: default
spec:
interval: 5m
timeout: 10m
values:
global:
env: contour
environments:
contour:
certManager:
certificates:
minio-tls:
dnsNames:
- minio.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
zitadel-tls:
dnsNames:
- zitadel.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
dashboard-tls:
dnsNames:
- dashboard.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
rabbitmq-tls:
dnsNames:
- rabbitmq.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
keycloak-tls:
dnsNames:
- keycloak.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
camunda-keycloak-tls:
dnsNames:
- camunda-keycloak.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
camunda-identity-tls:
dnsNames:
- camunda-identity.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
camunda-operate-tls:
dnsNames:
- camunda-operate.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
camunda-tasklist-tls:
dnsNames:
- camunda-tasklist.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
camunda-optimize-tls:
dnsNames:
- camunda-optimize.contour.infra.sarex.tech
issuerRef:
name: letsencrypt-issuer-istio
kind: ClusterIssuer
istio:
gateways:
minio:
name: minio-gateway
namespace: gateway
servers:
- hosts:
- minio.contour.infra.sarex.tech
tls:
credentialName: minio-tls
- hosts:
- minio.contour.infra.sarex.tech
zitadel:
name: zitadel-gateway
namespace: gateway
servers:
- hosts:
- zitadel.contour.infra.sarex.tech
tls:
credentialName: zitadel-tls
- hosts:
- zitadel.contour.infra.sarex.tech
dashboard:
name: dashboard-gateway
namespace: gateway
servers:
- hosts:
- dashboard.contour.infra.sarex.tech
tls:
credentialName: dashboard-tls
- hosts:
- dashboard.contour.infra.sarex.tech
rabbitmq:
name: rabbitmq-gateway
namespace: gateway
servers:
- hosts:
- rabbitmq.contour.infra.sarex.tech
tls:
credentialName: rabbitmq-tls
- hosts:
- rabbitmq.contour.infra.sarex.tech
keycloak:
name: keycloak-gateway
namespace: gateway
servers:
- hosts:
- keycloak.contour.infra.sarex.tech
tls:
credentialName: keycloak-tls
- hosts:
- keycloak.contour.infra.sarex.tech
camunda:
name: camunda-gateway
namespace: gateway
servers:
- hosts:
- camunda-keycloak.contour.infra.sarex.tech
tls:
credentialName: camunda-keycloak-tls
- hosts:
- camunda-keycloak.contour.infra.sarex.tech
- hosts:
- camunda-identity.contour.infra.sarex.tech
tls:
credentialName: camunda-identity-tls
- hosts:
- camunda-identity.contour.infra.sarex.tech
- hosts:
- camunda-operate.contour.infra.sarex.tech
tls:
credentialName: camunda-operate-tls
- hosts:
- camunda-operate.contour.infra.sarex.tech
- hosts:
- camunda-tasklist.contour.infra.sarex.tech
tls:
credentialName: camunda-tasklist-tls
- hosts:
- camunda-tasklist.contour.infra.sarex.tech
- hosts:
- camunda-optimize.contour.infra.sarex.tech
tls:
credentialName: camunda-optimize-tls
- hosts:
- camunda-optimize.contour.infra.sarex.tech
virtualServices:
minio:
name: minio-virt-service
namespace: gateway
hosts:
- minio.contour.infra.sarex.tech
gateways:
- gateway/minio-gateway
routes:
- path:
prefix: /
service: minio-minio-contour-console.minio.svc.cluster.local
port: 9001
zitadel:
name: zitadel-virt-service
namespace: gateway
hosts:
- zitadel.contour.infra.sarex.tech
gateways:
- gateway/zitadel-gateway
routes:
- path:
prefix: /
service: zitadel-idp-contour.zitadel.svc.cluster.local
port: 8080
dashboard:
name: dashboard-virt-service
namespace: gateway
hosts:
- dashboard.contour.infra.sarex.tech
gateways:
- gateway/dashboard-gateway
routes:
- path:
prefix: /
service: dashboard-kong-proxy.kubernetes-dashboard.svc.cluster.local
port: 80
rabbitmq:
name: rabbitmq-virt-service
namespace: gateway
hosts:
- rabbitmq.contour.infra.sarex.tech
gateways:
- gateway/rabbitmq-gateway
routes:
- path:
prefix: /
service: rabbitmq.rabbitmq.svc.cluster.local
port: 15672
keycloak:
name: keycloak-virt-service
namespace: gateway
hosts:
- keycloak.contour.infra.sarex.tech
gateways:
- gateway/keycloak-gateway
routes:
- path:
prefix: /
service: keycloak-keycloak-contour.keycloak.svc.cluster.local
port: 80
camunda-keycloak:
name: camunda-keycloak-virt-service
namespace: gateway
hosts:
- camunda-keycloak.contour.infra.sarex.tech
gateways:
- gateway/camunda-gateway
routes:
- path:
prefix: /
service: camunda-keycloak.camunda.svc.cluster.local
port: 80
camunda-identity:
name: camunda-identity-virt-service
namespace: gateway
hosts:
- camunda-identity.contour.infra.sarex.tech
gateways:
- gateway/camunda-gateway
routes:
- path:
prefix: /
service: camunda-identity.camunda.svc.cluster.local
port: 80
camunda-operate:
name: camunda-operate-virt-service
namespace: gateway
hosts:
- camunda-operate.contour.infra.sarex.tech
gateways:
- gateway/camunda-gateway
routes:
- path:
prefix: /
service: camunda-operate.camunda.svc.cluster.local
port: 80
camunda-tasklist:
name: camunda-tasklist-virt-service
namespace: gateway
hosts:
- camunda-tasklist.contour.infra.sarex.tech
gateways:
- gateway/camunda-gateway
routes:
- path:
prefix: /
service: camunda-tasklist.camunda.svc.cluster.local
port: 80
camunda-optimize:
name: camunda-optimize-virt-service
namespace: gateway
hosts:
- camunda-optimize.contour.infra.sarex.tech
gateways:
- gateway/camunda-gateway
routes:
- path:
prefix: /
service: camunda-optimize.camunda.svc.cluster.local
port: 80

29
clusters/yc-k8s-test/infrastructure/patches/rabbitmq.yaml
View File

@ -10,6 +10,9 @@ spec:
global:
security:
allowInsecureImages: true
virtualService: null
gateway: null
certificate: null
metrics:
serviceMonitor:
enabled: false
@ -20,32 +23,6 @@ spec:
detailed:
enabled: false
extraServiceMonitors: []
virtualService:
rabbitmq:
hosts:
- rabbitmq.contour.infra.sarex.tech
gateway:
grafana:
servers:
- hosts:
- rabbitmq.contour.infra.sarex.tech
port:
name: https-443
number: 443
protocol: HTTPS
tls:
credentialName: rmq-tls
mode: SIMPLE
- hosts:
- rabbitmq.contour.infra.sarex.tech
port:
name: http-80
number: 80
protocol: HTTP
certificate:
rabbitmq:
dnsNames:
- rabbitmq.contour.infra.sarex.tech
replicaCount: 1
resources:
requests:

2
clusters/yc-k8s-test/infrastructure/patches/zitadel.yaml
View File

@ -9,7 +9,7 @@ spec:
values:
zitadel:
configmapConfig:
ExternalDomain: login.contour.infra.sarex.tech
ExternalDomain: zitadel.contour.infra.sarex.tech
login:
env:
- name: ZITADEL_DATABASE_POSTGRES_HOST

12
infrastructure/dashboard/base/certificate.yaml
View File

@ -1,12 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: dashboard-tls
namespace: istio-system
spec:
secretName: dashboard-tls
issuerRef:
kind: ClusterIssuer
name: letsencrypt-issuer-istio
dnsNames:
- dashboard.example.local

1
infrastructure/dashboard/base/kustomization.yaml
View File

@ -3,4 +3,3 @@ kind: Kustomization
resources:
- namespace.yaml
- helmrelease.yaml
- certificate.yaml