diff --git a/clusters/yc-cps-prod/flux-system/gotk-sync.yaml b/clusters/yc-cps-prod/flux-system/gotk-sync.yaml
index 451af63..e268570 100644
--- a/clusters/yc-cps-prod/flux-system/gotk-sync.yaml
+++ b/clusters/yc-cps-prod/flux-system/gotk-sync.yaml
@@ -11,7 +11,7 @@ spec:
     branch: master
   secretRef:
     name: flux-system
-  url: https://gitea.infra.cps.sarex.io/sarex/iac.git
+  url: https://gitea.cloud.cps.sarex.lonsdaleites.ru/sarex/iac.git
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
diff --git a/clusters/yc-cps-prod/infrastructure/gitea-istio.yaml b/clusters/yc-cps-prod/infrastructure/gitea-istio.yaml
new file mode 100644
index 0000000..7a98e61
--- /dev/null
+++ b/clusters/yc-cps-prod/infrastructure/gitea-istio.yaml
@@ -0,0 +1,61 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: gitea-cert
+  namespace: istio-system
+spec:
+  dnsNames:
+    - gitea.cloud.cps.sarex.lonsdaleites.ru
+  duration: 2160h
+  issuerRef:
+    kind: ClusterIssuer
+    name: letsencrypt-issuer-istio
+  privateKey:
+    rotationPolicy: Always
+  renewBefore: 360h
+  secretName: gitea-tls
+---
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: gitea-gateway
+  namespace: gateway
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+    - hosts:
+        - gitea.cloud.cps.sarex.lonsdaleites.ru
+      port:
+        name: https-443
+        number: 443
+        protocol: HTTPS
+      tls:
+        credentialName: gitea-tls
+        mode: SIMPLE
+    - hosts:
+        - gitea.cloud.cps.sarex.lonsdaleites.ru
+      port:
+        name: http-80
+        number: 80
+        protocol: HTTP
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: gitea-virt-service
+  namespace: gitea
+spec:
+  gateways:
+    - gateway/gitea-gateway
+  hosts:
+    - gitea.cloud.cps.sarex.lonsdaleites.ru
+  http:
+    - match:
+        - uri:
+            prefix: /
+      route:
+        - destination:
+            host: gitea
+            port:
+              number: 3000
diff --git a/clusters/yc-cps-prod/infrastructure/kustomization.yaml b/clusters/yc-cps-prod/infrastructure/kustomization.yaml
index 9a4f017..63b7b6b 100644
--- a/clusters/yc-cps-prod/infrastructure/kustomization.yaml
+++ b/clusters/yc-cps-prod/infrastructure/kustomization.yaml
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ../../../infrastructure/vault
+  - ./gitea-istio.yaml
   - ./vault-istio.yaml
 patches:
   - path: ./patches/vault.yaml
diff --git a/clusters/yc-cps-prod/infrastructure/vault-istio.yaml b/clusters/yc-cps-prod/infrastructure/vault-istio.yaml
index db40b05..a50393c 100644
--- a/clusters/yc-cps-prod/infrastructure/vault-istio.yaml
+++ b/clusters/yc-cps-prod/infrastructure/vault-istio.yaml
@@ -5,7 +5,7 @@ metadata:
   namespace: istio-system
 spec:
   dnsNames:
-    - vault.infra.cps.sarex.io
+    - vault.cloud.cps.sarex.lonsdaleites.ru
   duration: 2160h
   issuerRef:
     kind: ClusterIssuer
@@ -25,7 +25,7 @@ spec:
     istio: ingressgateway
   servers:
     - hosts:
-        - vault.infra.cps.sarex.io
+        - vault.cloud.cps.sarex.lonsdaleites.ru
       port:
         name: https-443
         number: 443
@@ -34,7 +34,7 @@ spec:
         credentialName: vault-tls
         mode: SIMPLE
     - hosts:
-        - vault.infra.cps.sarex.io
+        - vault.cloud.cps.sarex.lonsdaleites.ru
       port:
         name: http-80
         number: 80
@@ -49,7 +49,7 @@ spec:
   gateways:
     - gateway/vault-gateway
   hosts:
-    - vault.infra.cps.sarex.io
+    - vault.cloud.cps.sarex.lonsdaleites.ru
   http:
     - match:
         - uri: