aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndreas Geissler <andreas-geissler@telekom.de>2023-08-03 17:48:48 +0200
committerAndreas Geissler <andreas-geissler@telekom.de>2023-08-07 18:36:58 +0200
commit38677306a64d7aab6154d76972310c3fc38b36d7 (patch)
tree9f461b484eb5844347961b5e4991a88eb2a6aac9
parent17d63089a2dc5d36e3441eb4871faacf9d122cfe (diff)
[COMMON] Add support for Gateway-API in Ingress template
Add options to set the Ingress provider and enhanced settings to provide different resource outputs for Ingress resurces Issue-ID: OOM-3184 Change-Id: I3a6ebf17191a558941d6e18fbfe676da0c78e487 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
-rw-r--r--kubernetes/common/common/Chart.yaml2
-rw-r--r--kubernetes/common/common/templates/_ingress.tpl563
-rw-r--r--kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml14
-rw-r--r--kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml13
-rwxr-xr-xkubernetes/onap/values.yaml15
5 files changed, 519 insertions, 88 deletions
diff --git a/kubernetes/common/common/Chart.yaml b/kubernetes/common/common/Chart.yaml
index f66a0c6bb9..e134fe8048 100644
--- a/kubernetes/common/common/Chart.yaml
+++ b/kubernetes/common/common/Chart.yaml
@@ -16,4 +16,4 @@
apiVersion: v2
description: Common templates for inclusion in other charts
name: common
-version: 13.0.0
+version: 13.0.1
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl
index db276d546c..968cb65a78 100644
--- a/kubernetes/common/common/templates/_ingress.tpl
+++ b/kubernetes/common/common/templates/_ingress.tpl
@@ -28,6 +28,171 @@ true
{{- end -}}
{{- end -}}
+{{/*
+ Helper function to check, if Ingress is enabled
+*/}}
+{{- define "common.ingress._enabled" -}}
+{{- $dot := default . .dot -}}
+{{- if $dot.Values.ingress -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if (default false $dot.Values.global.ingress.enabled) -}}
+{{- if (default false $dot.Values.global.ingress.enable_all) -}}
+true
+{{- else -}}
+{{- if $dot.Values.ingress.enabled -}}
+true
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Helper function to check, if TLS redirect is enabled
+*/}}
+{{- define "common.ingress._tlsRedirect" -}}
+{{- $dot := default . .dot -}}
+{{- if $dot.Values.global.ingress.config }}
+{{- if $dot.Values.global.ingress.config.ssl }}
+{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }}
+true
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the Ingress Provider (default is "ingress")
+*/}}
+{{- define "common.ingress._provider" -}}
+{{- $dot := default . .dot -}}
+{{- $provider := "ingress" -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if $dot.Values.global.ingress.provider -}}
+{{- if ne $dot.Values.global.ingress.provider "" -}}
+{{ $provider = $dot.Values.global.ingress.provider }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $provider -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the Ingress Class (default is "nginx")
+*/}}
+{{- define "common.ingress._class" -}}
+{{- $dot := default . .dot -}}
+{{- $class := "nginx" -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if $dot.Values.global.ingress.ingressClass -}}
+{{- if ne $dot.Values.global.ingress.ingressClass "" -}}
+{{ $class = $dot.Values.global.ingress.ingressClass }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $class -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the Ingress Selector (default is "ingress")
+*/}}
+{{- define "common.ingress._selector" -}}
+{{- $dot := default . .dot -}}
+{{- $selector := "ingress" -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if $dot.Values.global.ingress.ingressSelector -}}
+{{- if ne $dot.Values.global.ingress.ingressSelector "" -}}
+{{ $selector = $dot.Values.global.ingress.ingressSelector }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $selector -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the common Gateway, if exists
+*/}}
+{{- define "common.ingress._commonGateway" -}}
+{{- $dot := default . .dot -}}
+{{- $gateway := "-" -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if $dot.Values.global.ingress.commonGateway -}}
+{{- if $dot.Values.global.ingress.commonGateway.name -}}
+{{ $gateway = $dot.Values.global.ingress.commonGateway.name }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $gateway -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the common Gateway HTTP Listener name, if exists
+*/}}
+{{- define "common.ingress._gatewayHTTPListener" -}}
+{{- $dot := default . .dot -}}
+{{- $listener := "http-80" -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if $dot.Values.global.ingress.commonGateway -}}
+{{- if $dot.Values.global.ingress.commonGateway.name -}}
+{{ $listener = $dot.Values.global.ingress.commonGateway.httpListener }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $listener -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the common Gateway HTTPS Listener name, if exists
+*/}}
+{{- define "common.ingress._gatewayHTTPSListener" -}}
+{{- $dot := default . .dot -}}
+{{- $listener := "https-443" -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if $dot.Values.global.ingress.commonGateway -}}
+{{- if $dot.Values.global.ingress.commonGateway.name -}}
+{{ $listener = $dot.Values.global.ingress.commonGateway.httpsListener }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $listener -}}
+{{- end -}}
+
+{{/*
+ Helper function to check the existance of an override value
+*/}}
+{{- define "common.ingress._overrideIfDefined" -}}
+ {{- $currValue := .currVal }}
+ {{- $parent := .parent }}
+ {{- $var := .var }}
+ {{- if $parent -}}
+ {{- if hasKey $parent $var }}
+ {{- default "" (index $parent $var) }}
+ {{- else -}}
+ {{- default "" $currValue -}}
+ {{- end -}}
+ {{- else -}}
+ {{- default "" $currValue }}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the protocol of the service
+*/}}
+{{- define "common.ingress._protocol" -}}
+{{- $dot := default . .dot -}}
+{{- $protocol := "http" -}}
+{{- if $dot.tcpRoutes }}
+{{- $protocol = "tcp" -}}
+{{- end -}}
+{{- if $dot.udpRoutes }}
+{{- $protocol = "tcp" -}}
+{{- end -}}
+{{- if $dot.protocol }}
+{{- $protocol = (lower $dot.protocol) -}}
+{{- end -}}
+{{- $protocol -}}
+{{- end -}}
{{/*
Create the hostname as concatination <baseaddr>.<baseurl>
@@ -121,6 +286,21 @@ true
{{- end -}}
{{/*
+ Create Port entry in the Gateway resource
+*/}}
+{{- define "istio.config.gatewayPort" -}}
+{{- $dot := default . .dot -}}
+{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}}
+ - port:
+ {{- include "istio.config.port" (dict "dot" $service "baseaddr" $baseaddr "protocol" $protocol) }}
+ hosts:
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ {{- include "istio.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }}
+{{- end -}}
+
+{{/*
Helper function to add the route to the service
*/}}
{{- define "ingress.config.port" -}}
@@ -197,16 +377,17 @@ true
Helper function to add ssl annotations
*/}}
{{- define "ingress.config.annotations.ssl" -}}
+{{- $class := include "common.ingress._class" (dict "dot" .) }}
{{- if .Values.ingress.config -}}
{{- if .Values.ingress.config.ssl -}}
{{- if eq .Values.ingress.config.ssl "redirect" -}}
-kubernetes.io/ingress.class: nginx
-nginx.ingress.kubernetes.io/ssl-passthrough: "true"
-nginx.ingress.kubernetes.io/ssl-redirect: "true"
+kubernetes.io/ingress.class: {{ $class }}
+{{ $class }}.ingress.kubernetes.io/ssl-passthrough: "true"
+{{ $class }}.ingress.kubernetes.io/ssl-redirect: "true"
{{- else if eq .Values.ingress.config.ssl "native" -}}
-nginx.ingress.kubernetes.io/ssl-redirect: "true"
+{{ $class }}.ingress.kubernetes.io/ssl-redirect: "true"
{{- else if eq .Values.ingress.config.ssl "none" -}}
-nginx.ingress.kubernetes.io/ssl-redirect: "false"
+{{ $class }}.ingress.kubernetes.io/ssl-redirect: "false"
{{- end -}}
{{- end -}}
{{- end -}}
@@ -226,65 +407,16 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false"
{{- end -}}
{{/*
- Helper function to check the existance of an override value
-*/}}
-{{- define "common.ingress._overrideIfDefined" -}}
- {{- $currValue := .currVal }}
- {{- $parent := .parent }}
- {{- $var := .var }}
- {{- if $parent -}}
- {{- if hasKey $parent $var }}
- {{- default "" (index $parent $var) }}
- {{- else -}}
- {{- default "" $currValue -}}
- {{- end -}}
- {{- else -}}
- {{- default "" $currValue }}
- {{- end -}}
-{{- end -}}
-
-{{/*
- Helper function to check, if Ingress is enabled
-*/}}
-{{- define "common.ingress._enabled" -}}
-{{- $dot := default . .dot -}}
-{{- if $dot.Values.ingress -}}
-{{- if $dot.Values.global.ingress -}}
-{{- if (default false $dot.Values.global.ingress.enabled) -}}
-{{- if (default false $dot.Values.global.ingress.enable_all) -}}
-true
-{{- else -}}
-{{- if $dot.Values.ingress.enabled -}}
-true
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
- Create Port entry in the Gateway resource
-*/}}
-{{- define "istio.config.gatewayPort" -}}
-{{- $dot := default . .dot -}}
-{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
-{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
-{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}}
- - port:
- {{- include "istio.config.port" (dict "dot" $service "baseaddr" $baseaddr "protocol" $protocol) }}
- hosts:
- - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{- include "istio.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }}
-{{- end -}}
-
-{{/*
Create Istio Ingress resources per defined service
*/}}
{{- define "common.istioIngress" -}}
{{- $dot := default . .dot -}}
+{{- $selector := include "common.ingress._selector" (dict "dot" $dot) }}
+{{- $gateway := include "common.ingress._commonGateway" (dict "dot" $dot) }}
{{ range $dot.Values.ingress.service }}
+{{ if or ( eq (include "common.ingress._protocol" (dict "dot" .)) "http" ) ( eq (include "common.ingress._protocol" (dict "dot" .)) "tcp" )}}
{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
+{{- if eq $gateway "-" }}
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
@@ -292,19 +424,20 @@ metadata:
name: {{ $baseaddr }}-gateway
spec:
selector:
- istio: ingress # use Istio default gateway implementation
+ istio: {{ $selector }}
servers:
-{{- if .tcpRoutes }}
-{{ range .tcpRoutes }}
+{{- if .tcpRoutes }}
+{{ range .tcpRoutes }}
{{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }}
-{{ end -}}
-{{- else }}
- {{- if .protocol }}
+{{ end -}}
+{{- else }}
+ {{- if .protocol }}
{{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" .protocol) | trim }}
- {{- else }}
+ {{- else }}
{{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }}
- {{ end }}
-{{ end }}
+ {{ end }}
+{{ end }}
+{{ end }}
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
@@ -314,7 +447,11 @@ spec:
hosts:
- {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
gateways:
+{{- if eq $gateway "-" }}
- {{ $baseaddr }}-gateway
+{{- else }}
+ - {{ $gateway }}
+{{- end }}
{{- if .tcpRoutes }}
tcp:
{{ range .tcpRoutes }}
@@ -327,9 +464,253 @@ spec:
{{- else }}
http:
{{ include "istio.config.route" (dict "dot" . "protocol" "http") | trim }}
- {{ end }}
-{{ end }}
+ {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{/*
+ GW-API Helper function to add the tls route
+*/}}
+{{- define "gwapi.config.tls_simple" -}}
+{{- $dot := default . .dot -}}
+ tls:
+{{- if $dot.Values.global.ingress.config }}
+{{- if $dot.Values.global.ingress.config.tls }}
+ certificateRefs:
+ - kind: Secret
+ group: ""
+ name: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
+{{- else }}
+ certificateRefs:
+ - kind: Secret
+ group: ""
+ name: "ingress-tls-secret"
+{{- end }}
+{{- else }}
+ certificateRefs:
+ - kind: Secret
+ group: ""
+ name: "ingress-tls-secret"
+{{- end }}
+ mode: Terminate
+{{- end -}}
+
+{{/*
+ GW-API Helper function to add the tls route
+*/}}
+{{- define "gwapi.config.tls" -}}
+{{- $dot := default . .dot -}}
+{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- if $service.exposedPort }}
+{{- if $service.exposedProtocol }}
+{{- if eq $service.exposedProtocol "TLS" }}
+ {{ include "gwapi.config.tls_simple" (dict "dot" $dot ) }}
+{{- end }}
+{{- end }}
+{{- else }}
+{{- if (include "common.ingress._tlsRedirect" (dict "dot" $dot)) }}
+ - name: HTTPS-443
+ port: 443
+ protocol: HTTPS
+ hostname: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ {{ include "gwapi.config.tls_simple" (dict "dot" $dot ) }}
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{/*
+ Create Listener entry in the Gateway resource
+*/}}
+{{- define "gwapi.config.listener" -}}
+{{- $dot := default . .dot -}}
+{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}}
+{{- $port := default 80 $service.exposedPort -}}
+ - name: {{ $protocol }}-{{ $port }}
+ port: {{ $port }}
+{{- if $service.exposedProtocol }}
+ protocol: {{ upper $service.exposedProtocol }}
+{{- else }}
+ protocol: HTTP
+{{- end }}
+ hostname: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ allowedRoutes:
+ namespaces:
+ from: All
+{{- if eq $service.protocol "tcp" }}
+ kinds:
+ - kind: TCPRoute
+{{- else if eq $service.protocol "tcp" }}
+ kinds:
+ - kind: UDPRoute
+{{- end }}
+ {{- include "gwapi.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }}
+{{- end -}}
+
+{{/*
+ Create *Route entry for the Gateway-API
+*/}}
+{{- define "gwapi.config.route" -}}
+{{- $dot := default . .dot -}}
+{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}}
+{{- $gateway := include "common.ingress._commonGateway" (dict "dot" $dot) -}}
+{{- $namespace := default "istio-ingress" $dot.Values.global.ingress.namespace -}}
+{{- $path := default "/" $service.path -}}
+{{- if eq $protocol "udp" -}}
+---
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: UDPRoute
+metadata:
+ name: {{ $baseaddr }}-{{ $service.exposedPort }}-route
+spec:
+ parentRefs:
+{{- if eq $gateway "-" }}
+ - name: {{ $baseaddr }}-gateway
+{{- else }}
+ - name: {{ $gateway }}
+{{- end }}
+ namespace: {{ $namespace }}
+ sectionName: udp-{{ $service.exposedPort }}
+ rules:
+ - backendRefs:
+ - name: {{ $service.name }}
+ port: {{ $service.port }}
+{{- else if eq $protocol "tcp" }}
+---
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: TCPRoute
+metadata:
+ name: {{ $baseaddr }}-{{ $service.exposedPort }}-route
+spec:
+ parentRefs:
+{{- if eq $gateway "-" }}
+ - name: {{ $baseaddr }}-gateway
+{{- else }}
+ - name: {{ $gateway }}
+{{- end }}
+ namespace: {{ $namespace }}
+ sectionName: tcp-{{ $service.exposedPort }}
+ rules:
+ - backendRefs:
+ - name: {{ $service.name }}
+ port: {{ $service.port }}
+{{- else if eq $protocol "http" }}
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+ name: {{ $baseaddr }}-http-route
+spec:
+ parentRefs:
+{{- if eq $gateway "-" }}
+ - name: {{ $baseaddr }}-gateway
+{{- else }}
+ - name: {{ $gateway }}
+{{- end }}
+ namespace: {{ $namespace }}
+{{- if (include "common.ingress._tlsRedirect" (dict "dot" $dot)) }}
+ sectionName: {{ include "common.ingress._gatewayHTTPSListener" (dict "dot" $dot) }}
+{{- else }}
+ sectionName: {{ include "common.ingress._gatewayHTTPListener" (dict "dot" $dot) }}
+{{- end }}
+ hostnames:
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ rules:
+ - backendRefs:
+ - name: {{ $service.name }}
+ port: {{ $service.port }}
+ matches:
+ - path:
+ type: PathPrefix
+ value: {{ $path }}
+{{- if (include "common.ingress._tlsRedirect" (dict "dot" $dot)) }}
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+ name: {{ $baseaddr }}-redirect-route
+spec:
+ parentRefs:
+{{- if eq $gateway "-" }}
+ - name: {{ $baseaddr }}-gateway
+{{- else }}
+ - name: {{ $gateway }}
+{{- end }}
+ namespace: {{ $namespace }}
+ sectionName: {{ include "common.ingress._gatewayHTTPListener" (dict "dot" $dot) }}
+ hostnames:
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ rules:
+ - filters:
+ - type: RequestRedirect
+ requestRedirect:
+ scheme: https
+ statusCode: 301
+ port: 443
+ matches:
+ - path:
+ type: PathPrefix
+ value: {{ $path }}
+{{- end }}
+{{- end }}
{{- end -}}
+
+{{/*
+ Create GW-API Ingress resources per defined service
+*/}}
+{{- define "common.gwapiIngress" -}}
+{{- $dot := default . .dot -}}
+{{- $selector := include "common.ingress._selector" (dict "dot" $dot) }}
+{{- $gateway := include "common.ingress._commonGateway" (dict "dot" $dot) }}
+{{ range $dot.Values.ingress.service }}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
+{{- if eq $gateway "-" }}
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: Gateway
+metadata:
+ name: {{ $baseaddr }}-gateway
+spec:
+ gatewayClassName: {{ $dot.Values.global.serviceMesh.engine }}
+ listeners:
+{{- if .tcpRoutes }}
+{{ range .tcpRoutes }}
+ {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }}
+{{- end -}}
+{{- else if .udpRoutes }}
+{{ range .udpRoutes }}
+ {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "udp") | trim }}
+{{- end -}}
+{{- else }}
+{{- if .protocol }}
+ {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" (lower .protocol)) | trim }}
+{{- else }}
+ {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- if .tcpRoutes }}
+{{ range .tcpRoutes }}
+{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }}
+{{- end -}}
+{{- else if .udpRoutes }}
+{{ range .udpRoutes }}
+{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "udp") | trim }}
+{{- end -}}
+{{- else }}
+{{- if .protocol }}
+{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" (lower .protocol)) | trim }}
+{{- else }}
+{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }}
+{{- end }}
+{{- end }}
+{{- end }}
{{- end -}}
{{/*
@@ -337,6 +718,9 @@ spec:
*/}}
{{- define "common.nginxIngress" -}}
{{- $dot := default . .dot -}}
+{{ range $dot.Values.ingress.service }}
+{{ if eq (include "common.ingress._protocol" (dict "dot" .)) "http" }}
+{{ $baseaddr := required "baseaddr" .baseaddr }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -350,21 +734,21 @@ metadata:
heritage: {{ $dot.Release.Service }}
spec:
rules:
- {{ include "ingress.config.port" $dot | trim }}
-{{- if $dot.Values.ingress.tls }}
+ {{ include "ingress.config.port" . | trim }}
+{{- if $dot.Values.ingress.tls }}
tls:
{{ toYaml $dot.Values.ingress.tls | indent 4 }}
-{{- end -}}
-{{- if $dot.Values.ingress.config -}}
-{{- if $dot.Values.ingress.config.tls }}
+{{- end -}}
+{{- if $dot.Values.ingress.config -}}
+{{- if $dot.Values.ingress.config.tls }}
tls:
- hosts:
- {{- range $dot.Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
- - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{- end }}
+ - {{ include "ingress.config.host" (dict "dot" . "baseaddr" $baseaddr) }}
secretName: {{ required "secret" (tpl (default "" $dot.Values.ingress.config.tls.secret) $dot) }}
-{{- end -}}
-{{- end -}}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
{{- end -}}
{{/*
@@ -381,22 +765,29 @@ spec:
| true | true | any | ingress |
| true | false | true | ingress |
- If ServiceMesh (Istio) is enabled the respective resources are created:
- - Gateway
+ If ServiceMesh (Ingress-Provider: Istio) is enabled the respective resources
+ are created:
+ - Gateway (optional)
- VirtualService
+ If ServiceMesh (Ingress-Provider: GatewayAPI) is enabled the respective resources
+ are created:
+ - Gateway (optional)
+ - HTTPRoute, TCPRoute, UDPRoute (depending)
+
If ServiceMesh is disabled the standard Ingress resource is creates:
- Ingress
*/}}
{{- define "common.ingress" -}}
{{- $dot := default . .dot -}}
+{{- $provider := include "common.ingress._provider" (dict "dot" $dot) -}}
{{- if (include "common.ingress._enabled" (dict "dot" $dot)) }}
-{{- if (include "common.onServiceMesh" .) }}
-{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }}
-{{ include "common.istioIngress" (dict "dot" $dot) }}
-{{- end -}}
-{{- else -}}
+{{- if eq $provider "ingress" -}}
{{ include "common.nginxIngress" (dict "dot" $dot) }}
+{{- else if eq $provider "istio" -}}
+{{ include "common.istioIngress" (dict "dot" $dot) }}
+{{- else if eq $provider "gw-api" -}}
+{{ include "common.gwapiIngress" (dict "dot" $dot) }}
{{- end -}}
{{- end -}}
{{- end -}}
diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
index c04d397a9a..eeb5fc453b 100644
--- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
@@ -22,6 +22,20 @@ global:
# enable all component's Ingress interfaces
enable_all: true
# All http requests via ingress will be redirected
+
+ # Provider: ingress, istio, gw-api
+ provider: istio
+ # Ingress class (only for provider "ingress"): e.g. nginx, traefik
+ ingressClass:
+ # Ingress Selector (only for provider "istio") to match with the
+ # ingress pod label "istio=ingress"
+ ingressSelector: ingress
+ # optional: common used Gateway (for Istio, GW-API) and listener names
+ commonGateway:
+ name: ""
+ httpListener: ""
+ httpsListener: ""
+
virtualhost:
# Default Ingress base URL
# can be overwritten in component by setting ingress.baseurlOverride
diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
index ac3979ea9d..6d94f9912e 100644
--- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
@@ -20,6 +20,19 @@ global:
ingress:
enabled: true
enable_all: true
+ # Provider: ingress, istio, gw-api
+ provider: ingress
+ # Ingress class (only for provider "ingress"): e.g. nginx, traefik
+ ingressClass: nginx
+ # Ingress Selector (only for provider "istio") to match with the
+ # ingress pod label "istio=ingress"
+ ingressSelector: ingress
+ # optional: common used Gateway (for Istio, GW-API) and listener names
+ commonGateway:
+ name: ""
+ httpListener: ""
+ httpsListener: ""
+
cassandra:
enabled: true
mariadb-galera:
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 0456ce5a96..5697477ce4 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -134,6 +134,19 @@ global:
# enable all component's Ingress interfaces
enable_all: false
+ # Provider: ingress, istio, gw-api
+ provider: istio
+ # Ingress class (only for provider "ingress"): e.g. nginx, traefik
+ ingressClass:
+ # Ingress Selector (only for provider "istio") to match with the
+ # ingress pod label "istio=ingress"
+ ingressSelector: ingress
+ # optional: common used Gateway (for Istio, GW-API) and listener names
+ commonGateway:
+ name: ""
+ httpListener: ""
+ httpsListener: ""
+
# default Ingress base URL and preAddr- and postAddr settings
# Ingress URLs result:
# <preaddr><component.ingress.service.baseaddr><postaddr>.<baseurl>
@@ -158,7 +171,7 @@ global:
# tls:
# secret: 'my-ingress-cert'
- # optional: Namespace of the Istio IngressGateway
+ # optional: Namespace of the Istio IngressGateway or Gateway-API
# only valid for Istio Gateway (ServiceMesh enabled)
namespace: istio-ingress