Move yc-cps-prod Gitea and Vault to cloud domains

2026-06-02 16:50:30 +03:00 · 2026-06-02 16:50:30 +03:00 · d554ba4a0c
commit d554ba4a0c
parent 759871c02b
4 changed files with 67 additions and 5 deletions
--- a/clusters/yc-cps-prod/flux-system/gotk-sync.yaml
+++ b/clusters/yc-cps-prod/flux-system/gotk-sync.yaml
@ -11,7 +11,7 @@ spec:
    branch: master
  secretRef:
    name: flux-system
-  url: https://gitea.infra.cps.sarex.io/sarex/iac.git
+  url: https://gitea.cloud.cps.sarex.lonsdaleites.ru/sarex/iac.git
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
--- a/clusters/yc-cps-prod/infrastructure/gitea-istio.yaml
+++ b/clusters/yc-cps-prod/infrastructure/gitea-istio.yaml
@ -0,0 +1,61 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: gitea-cert
+  namespace: istio-system
+spec:
+  dnsNames:
+    - gitea.cloud.cps.sarex.lonsdaleites.ru
+  duration: 2160h
+  issuerRef:
+    kind: ClusterIssuer
+    name: letsencrypt-issuer-istio
+  privateKey:
+    rotationPolicy: Always
+  renewBefore: 360h
+  secretName: gitea-tls
+---
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: gitea-gateway
+  namespace: gateway
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+    - hosts:
+        - gitea.cloud.cps.sarex.lonsdaleites.ru
+      port:
+        name: https-443
+        number: 443
+        protocol: HTTPS
+      tls:
+        credentialName: gitea-tls
+        mode: SIMPLE
+    - hosts:
+        - gitea.cloud.cps.sarex.lonsdaleites.ru
+      port:
+        name: http-80
+        number: 80
+        protocol: HTTP
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: gitea-virt-service
+  namespace: gitea
+spec:
+  gateways:
+    - gateway/gitea-gateway
+  hosts:
+    - gitea.cloud.cps.sarex.lonsdaleites.ru
+  http:
+    - match:
+        - uri:
+            prefix: /
+      route:
+        - destination:
+            host: gitea
+            port:
+              number: 3000
--- a/clusters/yc-cps-prod/infrastructure/kustomization.yaml
+++ b/clusters/yc-cps-prod/infrastructure/kustomization.yaml
@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ../../../infrastructure/vault
+  - ./gitea-istio.yaml
  - ./vault-istio.yaml
 patches:
  - path: ./patches/vault.yaml
--- a/clusters/yc-cps-prod/infrastructure/vault-istio.yaml
+++ b/clusters/yc-cps-prod/infrastructure/vault-istio.yaml
@ -5,7 +5,7 @@ metadata:
  namespace: istio-system
 spec:
  dnsNames:
-    - vault.infra.cps.sarex.io
+    - vault.cloud.cps.sarex.lonsdaleites.ru
  duration: 2160h
  issuerRef:
    kind: ClusterIssuer
@ -25,7 +25,7 @@ spec:
    istio: ingressgateway
  servers:
    - hosts:
-        - vault.infra.cps.sarex.io
+        - vault.cloud.cps.sarex.lonsdaleites.ru
      port:
        name: https-443
        number: 443
@ -34,7 +34,7 @@ spec:
        credentialName: vault-tls
        mode: SIMPLE
    - hosts:
-        - vault.infra.cps.sarex.io
+        - vault.cloud.cps.sarex.lonsdaleites.ru
      port:
        name: http-80
        number: 80
@ -49,7 +49,7 @@ spec:
  gateways:
    - gateway/vault-gateway
  hosts:
-    - vault.infra.cps.sarex.io
+    - vault.cloud.cps.sarex.lonsdaleites.ru
  http:
    - match:
        - uri: