diff --git a/clusters/yc-k8s-test/infrastructure/kustomization.yaml b/clusters/yc-k8s-test/infrastructure/kustomization.yaml index 97d575b..ec4211c 100644 --- a/clusters/yc-k8s-test/infrastructure/kustomization.yaml +++ b/clusters/yc-k8s-test/infrastructure/kustomization.yaml @@ -31,6 +31,13 @@ patches: kind: HelmRelease name: ingressgateway namespace: istio-system + - path: ./patches/istio-config.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: istio-config + namespace: default - path: ./patches/dashboard.yaml target: group: helm.toolkit.fluxcd.io @@ -38,13 +45,6 @@ patches: kind: HelmRelease name: dashboard namespace: kubernetes-dashboard - - path: ./patches/dashboard-certificate.yaml - target: - group: cert-manager.io - version: v1 - kind: Certificate - name: dashboard-tls - namespace: istio-system - path: ./patches/clusterissuer-letsencrypt.yaml target: group: cert-manager.io diff --git a/clusters/yc-k8s-test/infrastructure/patches/camunda.yaml b/clusters/yc-k8s-test/infrastructure/patches/camunda.yaml index a81bb0c..f7b99c4 100644 --- a/clusters/yc-k8s-test/infrastructure/patches/camunda.yaml +++ b/clusters/yc-k8s-test/infrastructure/patches/camunda.yaml @@ -26,8 +26,6 @@ spec: redirectUrl: "https://camunda-web-modeler.contour.infra.sarex.tech" console: redirectUrl: "https://camunda-console.contour.infra.sarex.tech" - virtualService: [] - gateway: [] identityPostgresql: primary: persistence: diff --git a/clusters/yc-k8s-test/infrastructure/patches/dashboard-certificate.yaml b/clusters/yc-k8s-test/infrastructure/patches/dashboard-certificate.yaml deleted file mode 100644 index ad191c8..0000000 --- a/clusters/yc-k8s-test/infrastructure/patches/dashboard-certificate.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: dashboard-tls - namespace: istio-system -spec: - dnsNames: - - dashboard.contour.infra.sarex.tech diff --git a/clusters/yc-k8s-test/infrastructure/patches/dashboard.yaml b/clusters/yc-k8s-test/infrastructure/patches/dashboard.yaml index 8346a1e..5a7bd7d 100644 --- a/clusters/yc-k8s-test/infrastructure/patches/dashboard.yaml +++ b/clusters/yc-k8s-test/infrastructure/patches/dashboard.yaml @@ -11,47 +11,10 @@ spec: enabled: true host: "dashboard-kong-proxy" tlsMode: "DISABLE" - virtualService: - enabled: true - annotations: {} - labels: {} - name: dashboard-virt-service - namespace: kubernetes-dashboard - gateways: - - istio-system/dashboard-gateway - hosts: - - dashboard.contour.infra.sarex.tech - http: - - match: - uriPrefix: / - route: - destination: - host: dashboard-kong-proxy - port: 80 - + enabled: false gateway: - enabled: true - name: dashboard-gateway - namespace: istio-system - selector: - istio: ingressgateway - servers: - - hosts: - - dashboard.contour.infra.sarex.tech - port: - name: https-443 - number: 443 - protocol: HTTPS - tls: - credentialName: dashboard-tls - mode: SIMPLE - - hosts: - - dashboard.contour.infra.sarex.tech - port: - name: http-80 - number: 80 - protocol: HTTP + enabled: false app: image: pullSecrets: @@ -60,4 +23,3 @@ spec: image: pullSecrets: - regcred - diff --git a/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml b/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml new file mode 100644 index 0000000..1b16c9a --- /dev/null +++ b/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml @@ -0,0 +1,282 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: istio-config + namespace: default +spec: + interval: 5m + timeout: 10m + values: + global: + env: contour + environments: + contour: + certManager: + certificates: + minio-tls: + dnsNames: + - minio.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + zitadel-tls: + dnsNames: + - zitadel.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + dashboard-tls: + dnsNames: + - dashboard.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + rabbitmq-tls: + dnsNames: + - rabbitmq.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + keycloak-tls: + dnsNames: + - keycloak.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + camunda-keycloak-tls: + dnsNames: + - camunda-keycloak.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + camunda-identity-tls: + dnsNames: + - camunda-identity.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + camunda-operate-tls: + dnsNames: + - camunda-operate.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + camunda-tasklist-tls: + dnsNames: + - camunda-tasklist.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + camunda-optimize-tls: + dnsNames: + - camunda-optimize.contour.infra.sarex.tech + issuerRef: + name: letsencrypt-issuer-istio + kind: ClusterIssuer + istio: + gateways: + minio: + name: minio-gateway + namespace: gateway + servers: + - hosts: + - minio.contour.infra.sarex.tech + tls: + credentialName: minio-tls + - hosts: + - minio.contour.infra.sarex.tech + zitadel: + name: zitadel-gateway + namespace: gateway + servers: + - hosts: + - zitadel.contour.infra.sarex.tech + tls: + credentialName: zitadel-tls + - hosts: + - zitadel.contour.infra.sarex.tech + dashboard: + name: dashboard-gateway + namespace: gateway + servers: + - hosts: + - dashboard.contour.infra.sarex.tech + tls: + credentialName: dashboard-tls + - hosts: + - dashboard.contour.infra.sarex.tech + rabbitmq: + name: rabbitmq-gateway + namespace: gateway + servers: + - hosts: + - rabbitmq.contour.infra.sarex.tech + tls: + credentialName: rabbitmq-tls + - hosts: + - rabbitmq.contour.infra.sarex.tech + keycloak: + name: keycloak-gateway + namespace: gateway + servers: + - hosts: + - keycloak.contour.infra.sarex.tech + tls: + credentialName: keycloak-tls + - hosts: + - keycloak.contour.infra.sarex.tech + camunda: + name: camunda-gateway + namespace: gateway + servers: + - hosts: + - camunda-keycloak.contour.infra.sarex.tech + tls: + credentialName: camunda-keycloak-tls + - hosts: + - camunda-keycloak.contour.infra.sarex.tech + - hosts: + - camunda-identity.contour.infra.sarex.tech + tls: + credentialName: camunda-identity-tls + - hosts: + - camunda-identity.contour.infra.sarex.tech + - hosts: + - camunda-operate.contour.infra.sarex.tech + tls: + credentialName: camunda-operate-tls + - hosts: + - camunda-operate.contour.infra.sarex.tech + - hosts: + - camunda-tasklist.contour.infra.sarex.tech + tls: + credentialName: camunda-tasklist-tls + - hosts: + - camunda-tasklist.contour.infra.sarex.tech + - hosts: + - camunda-optimize.contour.infra.sarex.tech + tls: + credentialName: camunda-optimize-tls + - hosts: + - camunda-optimize.contour.infra.sarex.tech + virtualServices: + minio: + name: minio-virt-service + namespace: gateway + hosts: + - minio.contour.infra.sarex.tech + gateways: + - gateway/minio-gateway + routes: + - path: + prefix: / + service: minio-minio-contour-console.minio.svc.cluster.local + port: 9001 + zitadel: + name: zitadel-virt-service + namespace: gateway + hosts: + - zitadel.contour.infra.sarex.tech + gateways: + - gateway/zitadel-gateway + routes: + - path: + prefix: / + service: zitadel-idp-contour.zitadel.svc.cluster.local + port: 8080 + dashboard: + name: dashboard-virt-service + namespace: gateway + hosts: + - dashboard.contour.infra.sarex.tech + gateways: + - gateway/dashboard-gateway + routes: + - path: + prefix: / + service: dashboard-kong-proxy.kubernetes-dashboard.svc.cluster.local + port: 80 + rabbitmq: + name: rabbitmq-virt-service + namespace: gateway + hosts: + - rabbitmq.contour.infra.sarex.tech + gateways: + - gateway/rabbitmq-gateway + routes: + - path: + prefix: / + service: rabbitmq.rabbitmq.svc.cluster.local + port: 15672 + keycloak: + name: keycloak-virt-service + namespace: gateway + hosts: + - keycloak.contour.infra.sarex.tech + gateways: + - gateway/keycloak-gateway + routes: + - path: + prefix: / + service: keycloak-keycloak-contour.keycloak.svc.cluster.local + port: 80 + camunda-keycloak: + name: camunda-keycloak-virt-service + namespace: gateway + hosts: + - camunda-keycloak.contour.infra.sarex.tech + gateways: + - gateway/camunda-gateway + routes: + - path: + prefix: / + service: camunda-keycloak.camunda.svc.cluster.local + port: 80 + camunda-identity: + name: camunda-identity-virt-service + namespace: gateway + hosts: + - camunda-identity.contour.infra.sarex.tech + gateways: + - gateway/camunda-gateway + routes: + - path: + prefix: / + service: camunda-identity.camunda.svc.cluster.local + port: 80 + camunda-operate: + name: camunda-operate-virt-service + namespace: gateway + hosts: + - camunda-operate.contour.infra.sarex.tech + gateways: + - gateway/camunda-gateway + routes: + - path: + prefix: / + service: camunda-operate.camunda.svc.cluster.local + port: 80 + camunda-tasklist: + name: camunda-tasklist-virt-service + namespace: gateway + hosts: + - camunda-tasklist.contour.infra.sarex.tech + gateways: + - gateway/camunda-gateway + routes: + - path: + prefix: / + service: camunda-tasklist.camunda.svc.cluster.local + port: 80 + camunda-optimize: + name: camunda-optimize-virt-service + namespace: gateway + hosts: + - camunda-optimize.contour.infra.sarex.tech + gateways: + - gateway/camunda-gateway + routes: + - path: + prefix: / + service: camunda-optimize.camunda.svc.cluster.local + port: 80 diff --git a/clusters/yc-k8s-test/infrastructure/patches/rabbitmq.yaml b/clusters/yc-k8s-test/infrastructure/patches/rabbitmq.yaml index 1417955..179d834 100644 --- a/clusters/yc-k8s-test/infrastructure/patches/rabbitmq.yaml +++ b/clusters/yc-k8s-test/infrastructure/patches/rabbitmq.yaml @@ -10,6 +10,9 @@ spec: global: security: allowInsecureImages: true + virtualService: null + gateway: null + certificate: null metrics: serviceMonitor: enabled: false @@ -20,32 +23,6 @@ spec: detailed: enabled: false extraServiceMonitors: [] - virtualService: - rabbitmq: - hosts: - - rabbitmq.contour.infra.sarex.tech - gateway: - grafana: - servers: - - hosts: - - rabbitmq.contour.infra.sarex.tech - port: - name: https-443 - number: 443 - protocol: HTTPS - tls: - credentialName: rmq-tls - mode: SIMPLE - - hosts: - - rabbitmq.contour.infra.sarex.tech - port: - name: http-80 - number: 80 - protocol: HTTP - certificate: - rabbitmq: - dnsNames: - - rabbitmq.contour.infra.sarex.tech replicaCount: 1 resources: requests: diff --git a/clusters/yc-k8s-test/infrastructure/patches/zitadel.yaml b/clusters/yc-k8s-test/infrastructure/patches/zitadel.yaml index f39c18d..cf311c3 100644 --- a/clusters/yc-k8s-test/infrastructure/patches/zitadel.yaml +++ b/clusters/yc-k8s-test/infrastructure/patches/zitadel.yaml @@ -9,7 +9,7 @@ spec: values: zitadel: configmapConfig: - ExternalDomain: login.contour.infra.sarex.tech + ExternalDomain: zitadel.contour.infra.sarex.tech login: env: - name: ZITADEL_DATABASE_POSTGRES_HOST diff --git a/infrastructure/dashboard/base/certificate.yaml b/infrastructure/dashboard/base/certificate.yaml deleted file mode 100644 index f33424c..0000000 --- a/infrastructure/dashboard/base/certificate.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: dashboard-tls - namespace: istio-system -spec: - secretName: dashboard-tls - issuerRef: - kind: ClusterIssuer - name: letsencrypt-issuer-istio - dnsNames: - - dashboard.example.local diff --git a/infrastructure/dashboard/base/kustomization.yaml b/infrastructure/dashboard/base/kustomization.yaml index 8ff011b..0370974 100644 --- a/infrastructure/dashboard/base/kustomization.yaml +++ b/infrastructure/dashboard/base/kustomization.yaml @@ -3,4 +3,3 @@ kind: Kustomization resources: - namespace.yaml - helmrelease.yaml - - certificate.yaml