[COMMON] Add pre/postfix and customized port option for Istio Ingress

Add new options for the created Ingress URLs (preaddr, postaddr) and allow to create Ingress configurations using customized ports Correction added to the installation of the Ingress Gateway. Issue-ID: OOM-3084 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: Ib31050c169799409c6e968adce7ff41e215e3ff9
author: Andreas Geissler <andreas-geissler@telekom.de> 2022-12-15 09:37:42 +0100
committer: Andreas Geissler <andreas-geissler@telekom.de> 2023-01-19 07:53:46 +0000
commit: 92cab4995fdd00bc4df6b702fe14b059def5abc4 (patch)
tree: 86322ce29c672289658fd60bc70e9c1d77543392
parent: 2f43e96c6a84b737590cc4db8a5d53fbac8fd586 (diff)
5 files changed, 102 insertions, 28 deletions
diff --git a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst
index a49543cc0c..90a20613fa 100644
--- a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst
+++ b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst
@@ -60,9 +60,17 @@ Global settings relevant for ServiceMesh:
       # enable all component's Ingress interfaces
       enable_all: false
       # default Ingress base URL
-      # can be overwritten in component by setting ingress.baseurlOverride
+      # All http requests via ingress will be redirected
       virtualhost:
+        # Default Ingress base URL
+        # can be overwritten in component by setting ingress.baseurlOverride
         baseurl: "simpledemo.onap.org"
+        # prefix for baseaddr
+        # can be overwritten in component by setting ingress.preaddrOverride
+        preaddr: ""
+        # postfix for baseaddr
+        # can be overwritten in component by setting ingress.postaddrOverride
+        postaddr: ""
       # All http requests via ingress will be redirected on Ingress controller
       # only valid for Istio Gateway (ServiceMesh enabled)
       config:
@@ -101,6 +109,10 @@ Ingress settings:
 - enable_all: true → enables Ingress configuration in each component
 - virtualhost.baseurl: "simpledemo.onap.org" → sets globally the URL for all Interfaces set by the components,
     resulting in e.g. "aai-api.simpledemo.onap.org", can be overwritten in the component via: ingress.baseurlOverride
+- virtualhost.preaddr: "pre-" → sets globally a prefix for the Application name for all Interfaces set by the components,
+    resulting in e.g. "pre-aai-api.simpledemo.onap.org", can be overwritten in the component via: ingress.preaddrOverride
+- virtualhost.postaddr: "-post" → sets globally a postfix for the Application name for all Interfaces set by the components,
+    resulting in e.g. "aai-api-post.simpledemo.onap.org", can be overwritten in the component via: ingress.postaddrOverride
 - config.ssl: redirect → sets in the Ingress globally the redirection of all Interfaces from http (port 80) to https (port 443)
 - config.tls.secret: "..." → (optional) overrides the default selfsigned SSL certificate with a certificate stored in the specified secret
 - namespace: istio-ingress → (optional) overrides the namespace of the ingress gateway which is used for the created SSL certificate
diff --git a/docs/sections/guides/infra_guides/oom_base_optional_addons.rst b/docs/sections/guides/infra_guides/oom_base_optional_addons.rst
index 5f81a363e9..b424c65c7d 100644
--- a/docs/sections/guides/infra_guides/oom_base_optional_addons.rst
+++ b/docs/sections/guides/infra_guides/oom_base_optional_addons.rst
@@ -128,7 +128,7 @@ Install Istio Gateway
   <recommended-istio-version> with the version defined in
   the :ref:`versions_table` table::
 
-    > helm upgrade -i istio-ingressgateway istio/gateway -n istio-ingress
+    > helm upgrade -i istio-ingress istio/gateway -n istio-ingress
     --version <recommended-istio-version> --wait
 
 Kiali Installation
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl
index d8a944712a..7065338cf9 100644
--- a/kubernetes/common/common/templates/_ingress.tpl
+++ b/kubernetes/common/common/templates/_ingress.tpl
@@ -23,45 +23,87 @@
 {{- define "ingress.config.host" -}}
 {{-   $dot := default . .dot -}}
 {{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{-   $preaddr := default "" $dot.Values.global.ingress.virtualhost.preaddr -}}
+{{-   $preaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $preaddr "parent" (default (dict) $dot.Values.ingress) "var" "preaddrOverride") -}}
+{{-   $postaddr := default "" $dot.Values.global.ingress.virtualhost.postaddr -}}
+{{-   $postaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $postaddr "parent" (default (dict) $dot.Values.ingress) "var" "postaddrOverride") -}}
 {{-   $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
 {{-   $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}}
-{{ printf "%s.%s" $baseaddr $burl }}
+{{ printf "%s%s%s.%s" $preaddr $baseaddr $postaddr $burl }}
 {{- end -}}
 
 {{/*
-  Helper function to add the tls route
+  Istio Helper function to add the tls route
 */}}
-{{- define "ingress.config.tls" -}}
+{{- define "istio.config.tls_simple" -}}
 {{-   $dot := default . .dot -}}
-{{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+    tls:
 {{-   if $dot.Values.global.ingress.config }}
-{{-     if $dot.Values.global.ingress.config.ssl }}
-{{-       if eq $dot.Values.global.ingress.config.ssl "redirect" }}
+{{-     if $dot.Values.global.ingress.config.tls }}
+      credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
+{{-     else }}
+      credentialName: "ingress-tls-secret"
+{{-     end }}
+{{-   else }}
+      credentialName: "ingress-tls-secret"
+{{-   end }}
+      mode: SIMPLE
+{{- end -}}
+
+{{/*
+  Istio Helper function to add the tls route
+*/}}
+{{- define "istio.config.tls" -}}
+{{-   $dot := default . .dot -}}
+{{-   $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{-   if $service.exposedPort }}
+{{-     if $service.exposedProtocol }}
+{{-       if eq $service.exposedProtocol "TLS" }}
+    {{ include "istio.config.tls_simple" (dict "dot" $dot ) }}
+{{-       end }}
+{{-     end }}
+{{-   else }}
+{{-     if $dot.Values.global.ingress.config }}
+{{-       if $dot.Values.global.ingress.config.ssl }}
+{{-         if eq $dot.Values.global.ingress.config.ssl "redirect" }}
     tls:
       httpsRedirect: true
   - port:
       number: 443
       name: https
       protocol: HTTPS
-    tls:
-{{-         if $dot.Values.global.ingress.config }}
-{{-           if $dot.Values.global.ingress.config.tls }}
-      credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
-{{-           else }}
-      credentialName: "ingress-tls-secret"
-{{-           end }}
-{{-         else }}
-      credentialName: "ingress-tls-secret"
-{{-         end }}
-      mode: SIMPLE
+    {{ include "istio.config.tls_simple" (dict "dot" $dot ) }}
     hosts:
     - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+{{-         end }}
 {{-       end }}
 {{-     end }}
 {{-   end }}
 {{- end -}}
 
 {{/*
+  Istio Helper function to add the external port of the service
+*/}}
+{{- define "istio.config.port" -}}
+{{-   $dot := default . .dot -}}
+{{-   if .exposedPort }}
+      number: {{ .exposedPort }}
+{{-     if .exposedProtocol }}
+      name: {{ .baseaddr }}
+      protocol: {{ .exposedProtocol }}
+{{-     else }}
+      name: http
+      protocol: HTTP
+{{-     end -}}
+{{-   else }}
+      number: 80
+      name: http
+      protocol: HTTP
+{{-   end -}}
+{{- end -}}
+
+{{/*
   Helper function to add the route to the service
 */}}
 {{- define "ingress.config.port" -}}
@@ -88,7 +130,7 @@
 {{- end -}}
 
 {{/*
-  Helper function to add the route to the service
+  Istio Helper function to add the route to the service
 */}}
 {{- define "istio.config.route" -}}
 {{-   $dot := default . .dot -}}
@@ -196,15 +238,13 @@ metadata:
   name: {{ $baseaddr }}-gateway
 spec:
   selector:
-    istio: ingressgateway # use Istio default gateway implementation
+    istio: ingress # use Istio default gateway implementation
   servers:
   - port:
-      number: 80
-      name: http
-      protocol: HTTP
+      {{- include "istio.config.port" . }}
     hosts:
     - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
-    {{ include "ingress.config.tls" (dict "dot" $dot "baseaddr" $baseaddr) }}
+    {{- include "istio.config.tls" (dict "dot" $dot "service" . "baseaddr" $baseaddr) }}
 ---
 apiVersion: networking.istio.io/v1beta1
 kind: VirtualService
diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
index 6e156023ee..2dfab060ff 100644
--- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
@@ -22,6 +22,16 @@ global:
     # enable all component's Ingress interfaces
     enable_all: true
     # All http requests via ingress will be redirected
+    virtualhost:
+      # Default Ingress base URL
+      # can be overwritten in component by setting ingress.baseurlOverride
+      baseurl: "simpledemo.onap.org"
+      # prefix for baseaddr
+      # can be overwritten in component by setting ingress.preaddrOverride
+      preaddr: ""
+      # postfix for baseaddr
+      # can be overwritten in component by setting ingress.postaddrOverride
+      postaddr: ""
     config:
       ssl: "redirect"
     # you can set an own Secret containing a certificate
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 15097edcf2..fe14c032d6 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -150,11 +150,23 @@ global:
     enabled: false
     # enable all component's Ingress interfaces
     enable_all: false
-    # default Ingress base URL
-    # can be overwritten in component vy setting ingress.baseurlOverride
+
+    # default Ingress base URL and preAddr- and postAddr settings
+    # Ingress URLs result:
+    # <preaddr><component.ingress.service.baseaddr><postaddr>.<baseurl>
     virtualhost:
+      # Default Ingress base URL
+      # can be overwritten in component by setting ingress.baseurlOverride
       baseurl: "simpledemo.onap.org"
-    # All http requests via ingress will be redirected on Ingress controller
+      # prefix for baseaddr
+      # can be overwritten in component by setting ingress.preaddrOverride
+      preaddr: ""
+      # postfix for baseaddr
+      # can be overwritten in component by setting ingress.postaddrOverride
+      postaddr: ""
+
+    # All http (port 80) requests via ingress will be redirected
+    # to port 443 on Ingress controller
     # only valid for Istio Gateway (ServiceMesh enabled)
     config:
       ssl: "redirect"
author	Andreas Geissler <andreas-geissler@telekom.de>	2022-12-15 09:37:42 +0100
committer	Andreas Geissler <andreas-geissler@telekom.de>	2023-01-19 07:53:46 +0000
commit	92cab4995fdd00bc4df6b702fe14b059def5abc4 (patch)
tree	86322ce29c672289658fd60bc70e9c1d77543392
parent	2f43e96c6a84b737590cc4db8a5d53fbac8fd586 (diff)