aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
authorAndreas Geissler <andreas-geissler@telekom.de>2022-11-18 17:52:50 +0100
committerAndreas Geissler <andreas-geissler@telekom.de>2022-11-30 12:47:34 +0000
commitf925f889aabf7cf929fd4b2d0e9530e0b29e0b5f (patch)
tree6a630b4c8b83fffc31b7edeb221f50f4f256d4a3 /kubernetes
parent4a490084122eba1ca2cc704e6518cbf88a492eb4 (diff)
[COMMON] Correct Ingress template to create Istio GW/VS
The template should create for each Ingress service a single Gateway/VirtualService Resource, small update of service template Issue-ID: OOM-3000 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I480f8c7b6b9ca3a84813a9e96c4d796d332facc7 (cherry picked from commit c27078435ace81f7723fa06dc35b446a6c9fc307)
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/common/common/templates/_ingress.tpl204
-rw-r--r--kubernetes/common/common/templates/_service.tpl2
-rw-r--r--kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml2
-rw-r--r--kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml1
-rwxr-xr-xkubernetes/onap/values.yaml17
5 files changed, 162 insertions, 64 deletions
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl
index 4fc2e4b1c9..d8a944712a 100644
--- a/kubernetes/common/common/templates/_ingress.tpl
+++ b/kubernetes/common/common/templates/_ingress.tpl
@@ -14,13 +14,56 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
+{{/*
+ Create the hostname as concatination <baseaddr>.<baseurl>
+ - baseaddr: from component values: ingress.service.baseaddr
+ - baseurl: from values: global.ingress.virtualhost.baseurl
+ which van be overwritten in the component via: ingress.baseurlOverride
+*/}}
{{- define "ingress.config.host" -}}
{{- $dot := default . .dot -}}
{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
{{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
+{{- $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}}
{{ printf "%s.%s" $baseaddr $burl }}
{{- end -}}
+{{/*
+ Helper function to add the tls route
+*/}}
+{{- define "ingress.config.tls" -}}
+{{- $dot := default . .dot -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- if $dot.Values.global.ingress.config }}
+{{- if $dot.Values.global.ingress.config.ssl }}
+{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }}
+ tls:
+ httpsRedirect: true
+ - port:
+ number: 443
+ name: https
+ protocol: HTTPS
+ tls:
+{{- if $dot.Values.global.ingress.config }}
+{{- if $dot.Values.global.ingress.config.tls }}
+ credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
+{{- else }}
+ credentialName: "ingress-tls-secret"
+{{- end }}
+{{- else }}
+ credentialName: "ingress-tls-secret"
+{{- end }}
+ mode: SIMPLE
+ hosts:
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{/*
+ Helper function to add the route to the service
+*/}}
{{- define "ingress.config.port" -}}
{{- $dot := default . .dot -}}
{{ range .Values.ingress.service }}
@@ -44,9 +87,11 @@
{{- end }}
{{- end -}}
+{{/*
+ Helper function to add the route to the service
+*/}}
{{- define "istio.config.route" -}}
{{- $dot := default . .dot -}}
-{{ range .Values.ingress.service }}
http:
- route:
- destination:
@@ -66,8 +111,10 @@
{{- end }}
host: {{ .name }}
{{- end -}}
-{{- end -}}
+{{/*
+ Helper function to add ssl annotations
+*/}}
{{- define "ingress.config.annotations.ssl" -}}
{{- if .Values.ingress.config -}}
{{- if .Values.ingress.config.ssl -}}
@@ -85,6 +132,9 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false"
{{- end -}}
+{{/*
+ Helper function to add annotations
+*/}}
{{- define "ingress.config.annotations" -}}
{{- if .Values.ingress -}}
{{- if .Values.ingress.annotations -}}
@@ -94,6 +144,9 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false"
{{ include "ingress.config.annotations.ssl" . | indent 4 | trim }}
{{- end -}}
+{{/*
+ Helper function to check the existance of an override value
+*/}}
{{- define "common.ingress._overrideIfDefined" -}}
{{- $currValue := .currVal }}
{{- $parent := .parent }}
@@ -109,20 +162,38 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false"
{{- end -}}
{{- end -}}
-{{- define "common.ingress" -}}
+{{/*
+ Helper function to check, if Ingress is enabled
+*/}}
+{{- define "common.ingress._enabled" -}}
{{- $dot := default . .dot -}}
-{{- if .Values.ingress -}}
- {{- $ingressEnabled := default false .Values.ingress.enabled -}}
- {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" (default (dict) .Values.global.ingress) "var" "enabled") }}
- {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" .Values.ingress "var" "enabledOverride") }}
-{{- if $ingressEnabled }}
-{{- if (include "common.onServiceMesh" .) }}
-{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }}
- {{- $dot := default . .dot -}}
+{{- if $dot.Values.ingress -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if (default false $dot.Values.global.ingress.enabled) -}}
+{{- if (default false $dot.Values.global.ingress.enable_all) -}}
+true
+{{- else -}}
+{{- if $dot.Values.ingress.enabled -}}
+true
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create Istio Ingress resources per defined service
+*/}}
+{{- define "common.istioIngress" -}}
+{{- $dot := default . .dot -}}
+{{ range $dot.Values.ingress.service }}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
+---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
- name: {{ include "common.fullname" . }}-gateway
+ name: {{ $baseaddr }}-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
@@ -132,80 +203,87 @@ spec:
name: http
protocol: HTTP
hosts:
- {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
- - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{- end }}
-{{- if .Values.global.ingress.config }}
-{{- if .Values.global.ingress.config.ssl }}
-{{- if eq .Values.global.ingress.config.ssl "redirect" }}
- tls:
- httpsRedirect: true
- - port:
- number: 443
- name: https
- protocol: HTTPS
- tls:
-{{- if .Values.global.ingress.config }}
-{{- if .Values.global.ingress.config.tls }}
- credentialName: {{ default "ingress-tls-secret" .Values.global.ingress.config.tls.secret }}
-{{- else }}
- credentialName: "ingress-tls-secret"
-{{- end }}
-{{- else }}
- credentialName: "ingress-tls-secret"
-{{- end }}
- mode: SIMPLE
- hosts:
- {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
- {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{- end }}
-{{- end }}
-{{- end }}
-{{- end }}
+ {{ include "ingress.config.tls" (dict "dot" $dot "baseaddr" $baseaddr) }}
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
- name: {{ include "common.fullname" . }}-service
+ name: {{ $baseaddr }}-service
spec:
hosts:
- {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
- {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{- end }}
gateways:
- - {{ include "common.fullname" . }}-gateway
+ - {{ $baseaddr }}-gateway
{{ include "istio.config.route" . | trim }}
+{{- end -}}
{{- end -}}
-{{- else -}}
+
+{{/*
+ Create default Ingress resource
+*/}}
+{{- define "common.nginxIngress" -}}
+{{- $dot := default . .dot -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
- name: {{ include "common.fullname" . }}-ingress
+ name: {{ include "common.fullname" $dot }}-ingress
annotations:
- {{ include "ingress.config.annotations" . }}
+ {{ include "ingress.config.annotations" $dot }}
labels:
- app: {{ .Chart.Name }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ app: {{ $dot.Chart.Name }}
+ chart: {{ $dot.Chart.Name }}-{{ $dot.Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" $dot }}
+ heritage: {{ $dot.Release.Service }}
spec:
rules:
- {{ include "ingress.config.port" . | trim }}
-{{- if .Values.ingress.tls }}
+ {{ include "ingress.config.port" $dot | trim }}
+{{- if $dot.Values.ingress.tls }}
tls:
-{{ toYaml .Values.ingress.tls | indent 4 }}
+{{ toYaml $dot.Values.ingress.tls | indent 4 }}
{{- end -}}
-{{- if .Values.ingress.config -}}
-{{- if .Values.ingress.config.tls -}}
+{{- if $dot.Values.ingress.config -}}
+{{- if $dot.Values.ingress.config.tls -}}
tls:
- hosts:
- {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+ {{- range $dot.Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
- {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{- end }}
- secretName: {{ required "secret" (tpl (default "" .Values.ingress.config.tls.secret) $dot) }}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+ {{- end }}
+ secretName: {{ required "secret" (tpl (default "" $dot.Values.ingress.config.tls.secret) $dot) }}
+{{- end -}}
{{- end -}}
{{- end -}}
+
+{{/*
+ Create ingress template
+ Will create ingress template depending on the following values:
+ - .Values.global.ingress.enabled : enables Ingress globally
+ - .Values.global.ingress.enable_all : override default Ingress for all charts
+ - .Values.ingress.enabled : sets Ingress per chart basis
+
+ | global.ingress.enabled | global.ingress.enable_all |ingress.enabled | result |
+ |------------------------|---------------------------|----------------|------------|
+ | false | any | any | no ingress |
+ | true | false | false | no ingress |
+ | true | true | any | ingress |
+ | true | false | true | ingress |
+
+ If ServiceMesh (Istio) is enabled the respective resources are created:
+ - Gateway
+ - VirtualService
+
+ If ServiceMesh is disabled the standard Ingress resource is creates:
+ - Ingress
+*/}}
+{{- define "common.ingress" -}}
+{{- $dot := default . .dot -}}
+{{- if (include "common.ingress._enabled" (dict "dot" $dot)) }}
+{{- if (include "common.onServiceMesh" .) }}
+{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }}
+{{ include "common.istioIngress" (dict "dot" $dot) }}
+{{- end -}}
+{{- else -}}
+{{ include "common.nginxIngress" (dict "dot" $dot) }}
+{{- end -}}
+{{- end -}}
{{- end -}}
diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl
index 379992eae8..7b88af02aa 100644
--- a/kubernetes/common/common/templates/_service.tpl
+++ b/kubernetes/common/common/templates/_service.tpl
@@ -242,7 +242,7 @@ spec:
{{- $labels := default (dict) .labels -}}
{{- $matchLabels := default (dict) .matchLabels -}}
{{- if and (include "common.onServiceMesh" $dot) (eq $serviceType "NodePort") }}
-{{- $serviceType = "ClusterIP" }}
+{{- $serviceType = "ClusterIP" }}
{{- end }}
{{- if (and (include "common.needTLS" $dot) $both_tls_and_plain) }}
diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
index 3f2854efd7..4bd99ad046 100644
--- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
@@ -19,6 +19,8 @@
global:
ingress:
enabled: true
+ # enable all component's Ingress interfaces
+ enable_all: true
# All http requests via ingress will be redirected
config:
ssl: "redirect"
diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
index 54e2cf3c4f..b3e0999314 100644
--- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
@@ -19,6 +19,7 @@
global:
ingress:
enabled: true
+ enable_all: true
addTestingComponents: &testing true
centralizedLoggingEnabled: &centralizedLogging false
cassandra:
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 8a6af16c17..6b597ccd2f 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -146,9 +146,26 @@ global:
# Global ingress configuration
ingress:
+ # generally enable ingress for ONAP components
enabled: false
+ # enable all component's Ingress interfaces
+ enable_all: false
+ # default Ingress base URL
+ # can be overwritten in component vy setting ingress.baseurlOverride
virtualhost:
baseurl: "simpledemo.onap.org"
+ # All http requests via ingress will be redirected on Ingress controller
+ # only valid for Istio Gateway (ServiceMesh enabled)
+ config:
+ ssl: "redirect"
+ # you can set an own Secret containing a certificate
+ # only valid for Istio Gateway (ServiceMesh enabled)
+ # tls:
+ # secret: 'my-ingress-cert'
+
+ # optional: Namespace of the Istio IngressGateway
+ # only valid for Istio Gateway (ServiceMesh enabled)
+ namespace: istio-ingress
# Global Service Mesh configuration
# POC Mode, don't use it in production