Use Istio HTTP solver for Zitadel certificates

clusters/brusnika-prod/infrastructure/clusterissuer-letsencrypt.yaml

@@ -0,0 +1,20 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    email: emelin.d@sarex.io
+    privateKeySecretRef:
+      name: letsencrypt
+    server: https://acme-v02.api.letsencrypt.org/directory
+    solvers:
+      - selector:
+          dnsNames:
+            - zitadel.brusnika.onprem.sarex.io
+        http01:
+          ingress:
+            class: istio
+      - http01:
+          ingress:
+            class: nginx

clusters/brusnika-prod/infrastructure/kustomization.yaml

@@ -8,6 +8,7 @@ resources:
   - ../../../infrastructure/vault
   - ../../../infrastructure/zitadel
   - ./vault-ingress.yaml
+  - ./clusterissuer-letsencrypt.yaml
 patches:
   - path: ./patches/istio-gateway.yaml
     target:

clusters/brusnika-stage/infrastructure/clusterissuer-letsencrypt.yaml

@@ -0,0 +1,20 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    email: emelin.d@sarex.io
+    privateKeySecretRef:
+      name: letsencrypt
+    server: https://acme-v02.api.letsencrypt.org/directory
+    solvers:
+      - selector:
+          dnsNames:
+            - zitadel.test.sarex.brusnika.tech
+        http01:
+          ingress:
+            class: istio
+      - http01:
+          ingress:
+            class: nginx

clusters/brusnika-stage/infrastructure/kustomization.yaml

@@ -9,6 +9,7 @@ resources:
   - ../../../infrastructure/zitadel
   - ./lb-service-override.yaml
   - ./vault-ingress.yaml
+  - ./clusterissuer-letsencrypt.yaml
 patches:
   - path: ./patches/istio-gateway.yaml
     target: