diff --git a/clusters/yc-ecp/flux-system/gotk-sync.yaml b/clusters/yc-ecp/flux-system/gotk-sync.yaml
index 2de0542..472feae 100644
--- a/clusters/yc-ecp/flux-system/gotk-sync.yaml
+++ b/clusters/yc-ecp/flux-system/gotk-sync.yaml
@@ -11,7 +11,7 @@ spec:
     branch: master
   secretRef:
     name: flux-system
-  url: https://gitea.158-160-200-60.nip.io/sarex/iac.git
+  url: https://gitea.invest.cps.sarex.lonsdaleites.ru/sarex/iac.git
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
diff --git a/clusters/yc-ecp/infrastructure/gitea-istio.yaml b/clusters/yc-ecp/infrastructure/gitea-istio.yaml
new file mode 100644
index 0000000..70397ab
--- /dev/null
+++ b/clusters/yc-ecp/infrastructure/gitea-istio.yaml
@@ -0,0 +1,57 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: gitea-cert
+  namespace: istio-system
+spec:
+  dnsNames:
+    - gitea.invest.cps.sarex.lonsdaleites.ru
+  issuerRef:
+    kind: ClusterIssuer
+    name: letsencrypt-prod
+  secretName: gitea-tls-secret
+---
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: gitea-gateway
+  namespace: gateway
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+    - hosts:
+        - gitea.invest.cps.sarex.lonsdaleites.ru
+      port:
+        name: http
+        number: 80
+        protocol: HTTP
+    - hosts:
+        - gitea.invest.cps.sarex.lonsdaleites.ru
+      port:
+        name: https
+        number: 443
+        protocol: HTTPS
+      tls:
+        credentialName: gitea-tls-secret
+        mode: SIMPLE
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: gitea-virt-service
+  namespace: gitea
+spec:
+  gateways:
+    - gateway/gitea-gateway
+  hosts:
+    - gitea.invest.cps.sarex.lonsdaleites.ru
+  http:
+    - match:
+        - uri:
+            prefix: /
+      route:
+        - destination:
+            host: gitea
+            port:
+              number: 3000
diff --git a/clusters/yc-ecp/infrastructure/kustomization.yaml b/clusters/yc-ecp/infrastructure/kustomization.yaml
index 9a4f017..63b7b6b 100644
--- a/clusters/yc-ecp/infrastructure/kustomization.yaml
+++ b/clusters/yc-ecp/infrastructure/kustomization.yaml
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ../../../infrastructure/vault
+  - ./gitea-istio.yaml
   - ./vault-istio.yaml
 patches:
   - path: ./patches/vault.yaml
diff --git a/clusters/yc-ecp/infrastructure/vault-istio.yaml b/clusters/yc-ecp/infrastructure/vault-istio.yaml
index a44300f..37d6d6e 100644
--- a/clusters/yc-ecp/infrastructure/vault-istio.yaml
+++ b/clusters/yc-ecp/infrastructure/vault-istio.yaml
@@ -5,7 +5,7 @@ metadata:
   namespace: istio-system
 spec:
   dnsNames:
-    - vault.158-160-200-60.nip.io
+    - vault.invest.cps.sarex.lonsdaleites.ru
   issuerRef:
     kind: ClusterIssuer
     name: letsencrypt-prod
@@ -21,13 +21,13 @@ spec:
     istio: ingressgateway
   servers:
     - hosts:
-        - vault.158-160-200-60.nip.io
+        - vault.invest.cps.sarex.lonsdaleites.ru
       port:
         name: http
         number: 80
         protocol: HTTP
     - hosts:
-        - vault.158-160-200-60.nip.io
+        - vault.invest.cps.sarex.lonsdaleites.ru
       port:
         name: https
         number: 443
@@ -45,7 +45,7 @@ spec:
   gateways:
     - gateway/vault-gateway
   hosts:
-    - vault.158-160-200-60.nip.io
+    - vault.invest.cps.sarex.lonsdaleites.ru
   http:
     - match:
         - uri: