summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndreas Geissler <andreas-geissler@telekom.de>2022-07-18 19:12:09 +0200
committerAndreas Geissler <andreas-geissler@telekom.de>2022-08-19 05:55:24 +0000
commit7e3421290b2e55c3abbfacb7a2e0377425029f5a (patch)
tree3795200be3fb8af96c5282a49fb8d9769a33b7f9
parent9a3395bd906fcdbcd619f82535d0ce7e913ee3c4 (diff)
[COMMON] Add Istio IngressGateway config
In the _ingress.tpl create Gateway and VirtualService resources when SM is enabled, add ssl redirect and use plain_port, if it is defined in ingress config Issue-ID: OOM-3000 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I20c9f88573547fbad631df3c5e0fa17fbdeed80b
-rw-r--r--kubernetes/common/common/templates/_ingress.tpl105
1 files changed, 103 insertions, 2 deletions
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl
index f2741079c7..4fc2e4b1c9 100644
--- a/kubernetes/common/common/templates/_ingress.tpl
+++ b/kubernetes/common/common/templates/_ingress.tpl
@@ -1,3 +1,19 @@
+{{/*
+# Copyright © 2019-2021 Orange, Samsung
+# Copyright © 2022 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
{{- define "ingress.config.host" -}}
{{- $dot := default . .dot -}}
{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
@@ -28,6 +44,29 @@
{{- end }}
{{- end -}}
+{{- define "istio.config.route" -}}
+{{- $dot := default . .dot -}}
+{{ range .Values.ingress.service }}
+ http:
+ - route:
+ - destination:
+ port:
+ {{- if .plain_port }}
+ {{- if kindIs "string" .plain_port }}
+ name: {{ .plain_port }}
+ {{- else }}
+ number: {{ .plain_port }}
+ {{- end }}
+ {{- else }}
+ {{- if kindIs "string" .port }}
+ name: {{ .port }}
+ {{- else }}
+ number: {{ .port }}
+ {{- end }}
+ {{- end }}
+ host: {{ .name }}
+{{- end -}}
+{{- end -}}
{{- define "ingress.config.annotations.ssl" -}}
{{- if .Values.ingress.config -}}
@@ -71,11 +110,73 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false"
{{- end -}}
{{- define "common.ingress" -}}
+{{- $dot := default . .dot -}}
{{- if .Values.ingress -}}
{{- $ingressEnabled := default false .Values.ingress.enabled -}}
{{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" (default (dict) .Values.global.ingress) "var" "enabled") }}
{{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" .Values.ingress "var" "enabledOverride") }}
- {{- if $ingressEnabled }}
+{{- if $ingressEnabled }}
+{{- if (include "common.onServiceMesh" .) }}
+{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }}
+ {{- $dot := default . .dot -}}
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+ name: {{ include "common.fullname" . }}-gateway
+spec:
+ selector:
+ istio: ingressgateway # use Istio default gateway implementation
+ servers:
+ - port:
+ number: 80
+ name: http
+ protocol: HTTP
+ hosts:
+ {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ {{- end }}
+{{- if .Values.global.ingress.config }}
+{{- if .Values.global.ingress.config.ssl }}
+{{- if eq .Values.global.ingress.config.ssl "redirect" }}
+ tls:
+ httpsRedirect: true
+ - port:
+ number: 443
+ name: https
+ protocol: HTTPS
+ tls:
+{{- if .Values.global.ingress.config }}
+{{- if .Values.global.ingress.config.tls }}
+ credentialName: {{ default "ingress-tls-secret" .Values.global.ingress.config.tls.secret }}
+{{- else }}
+ credentialName: "ingress-tls-secret"
+{{- end }}
+{{- else }}
+ credentialName: "ingress-tls-secret"
+{{- end }}
+ mode: SIMPLE
+ hosts:
+ {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+ name: {{ include "common.fullname" . }}-service
+spec:
+ hosts:
+ {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ {{- end }}
+ gateways:
+ - {{ include "common.fullname" . }}-gateway
+ {{ include "istio.config.route" . | trim }}
+{{- end -}}
+{{- else -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -96,7 +197,6 @@ spec:
{{- end -}}
{{- if .Values.ingress.config -}}
{{- if .Values.ingress.config.tls -}}
-{{- $dot := default . .dot }}
tls:
- hosts:
{{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
@@ -108,3 +208,4 @@ spec:
{{- end -}}
{{- end -}}
{{- end -}}
+{{- end -}}