diff options
author | Andreas Geissler <andreas-geissler@telekom.de> | 2023-03-23 14:05:45 +0100 |
---|---|---|
committer | Andreas Geissler <andreas-geissler@telekom.de> | 2023-03-27 13:00:51 +0200 |
commit | 2900765560071572d8a5c53482855048cddfac92 (patch) | |
tree | 55be0cddd23c1ca39a91a0168edc089dbddd7a3e /kubernetes | |
parent | 5b76eca5250aa16c7a3fcf8ef984acff2807d656 (diff) |
[STRIMZI] Correction for external Access via Ingress
VirtualService TCP route added in _ingress.tpl using
protocol option in onap-strimzi ingress configuration
Added support for multiple ports in _ingress.tpl added
Fixed port setting in onap-strimzi for external interface
Add information to the documents section
Issue-ID: OOM-3109
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: If8507278d952ee29ceaa3f134b99d18bd6f31cb7
Diffstat (limited to 'kubernetes')
-rw-r--r-- | kubernetes/common/common/templates/_ingress.tpl | 112 | ||||
-rw-r--r-- | kubernetes/strimzi/templates/strimzi-kafka.yaml | 4 | ||||
-rw-r--r-- | kubernetes/strimzi/values.yaml | 36 |
3 files changed, 108 insertions, 44 deletions
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index 30ef02295f..a9ffd70f96 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -102,18 +102,20 @@ true */}} {{- define "istio.config.port" -}} {{- $dot := default . .dot -}} -{{- if .exposedPort }} - number: {{ .exposedPort }} -{{- if .exposedProtocol }} - name: {{ .baseaddr }} - protocol: {{ .exposedProtocol }} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- $protocol := (required "'protocol' param, set to the name of the port, is required." .protocol) -}} +{{- if $dot.exposedPort }} + number: {{ $dot.exposedPort }} +{{- if $dot.exposedProtocol }} + name: {{ $protocol }}-{{ $dot.exposedPort }} + protocol: {{ $dot.exposedProtocol }} {{- else }} - name: http + name: {{ $protocol }} protocol: HTTP {{- end -}} {{- else }} number: 80 - name: http + name: {{ $protocol }} protocol: HTTP {{- end -}} {{- end -}} @@ -148,25 +150,47 @@ true Istio Helper function to add the route to the service */}} {{- define "istio.config.route" -}} -{{- $dot := default . .dot -}} - http: +{{- $dot := default . .dot -}} +{{- $protocol := (required "'protocol' param, is required." .protocol) -}} +{{- if eq $protocol "tcp" }} + - match: + - port: {{ $dot.exposedPort }} + route: + - destination: + port: + {{- if $dot.plain_port }} + {{- if kindIs "string" $dot.plain_port }} + name: {{ $dot.plain_port }} + {{- else }} + number: {{ $dot.plain_port }} + {{- end }} + {{- else }} + {{- if kindIs "string" $dot.port }} + name: {{ $dot.port }} + {{- else }} + number: {{ $dot.port }} + {{- end }} + {{- end }} + host: {{ $dot.name }} +{{- else if eq $protocol "http" }} - route: - destination: port: - {{- if .plain_port }} - {{- if kindIs "string" .plain_port }} - name: {{ .plain_port }} + {{- if $dot.plain_port }} + {{- if kindIs "string" $dot.plain_port }} + name: {{ $dot.plain_port }} {{- else }} - number: {{ .plain_port }} + number: {{ $dot.plain_port }} {{- end }} {{- else }} - {{- if kindIs "string" .port }} - name: {{ .port }} + {{- if kindIs "string" $dot.port }} + name: {{ $dot.port }} {{- else }} - number: {{ .port }} + number: {{ $dot.port }} {{- end }} {{- end }} - host: {{ .name }} + host: {{ $dot.name }} +{{- end -}} {{- end -}} {{/* @@ -240,12 +264,27 @@ true {{- end -}} {{/* + Create Port entry in the Gateway resource +*/}} +{{- define "istio.config.gatewayPort" -}} +{{- $dot := default . .dot -}} +{{- $service := (required "'service' param, set to the specific service, is required." .service) -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}} + - port: + {{- include "istio.config.port" (dict "dot" $service "baseaddr" $baseaddr "protocol" $protocol) }} + hosts: + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + {{- include "istio.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }} +{{- end -}} + +{{/* Create Istio Ingress resources per defined service */}} {{- define "common.istioIngress" -}} -{{- $dot := default . .dot -}} -{{ range $dot.Values.ingress.service }} -{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }} +{{- $dot := default . .dot -}} +{{ range $dot.Values.ingress.service }} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }} --- apiVersion: networking.istio.io/v1beta1 kind: Gateway @@ -255,11 +294,17 @@ spec: selector: istio: ingress # use Istio default gateway implementation servers: - - port: - {{- include "istio.config.port" . }} - hosts: - - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{- include "istio.config.tls" (dict "dot" $dot "service" . "baseaddr" $baseaddr) }} +{{- if .tcpRoutes }} +{{ range .tcpRoutes }} + {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }} +{{ end -}} +{{- else }} + {{- if .protocol }} + {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" .protocol) | trim }} + {{- else }} + {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }} + {{ end }} +{{ end }} --- apiVersion: networking.istio.io/v1beta1 kind: VirtualService @@ -270,8 +315,21 @@ spec: - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} gateways: - {{ $baseaddr }}-gateway - {{ include "istio.config.route" . | trim }} -{{- end -}} +{{- if .tcpRoutes }} + tcp: +{{ range .tcpRoutes }} + {{ include "istio.config.route" (dict "dot" . "protocol" "tcp") | trim }} +{{ end -}} +{{- else }} + {{- if .protocol }} + {{ .protocol }}: + {{ include "istio.config.route" (dict "dot" . "protocol" .protocol) | trim }} + {{- else }} + http: + {{ include "istio.config.route" (dict "dot" . "protocol" "http") | trim }} + {{ end }} +{{ end }} +{{- end -}} {{- end -}} {{/* diff --git a/kubernetes/strimzi/templates/strimzi-kafka.yaml b/kubernetes/strimzi/templates/strimzi-kafka.yaml index 99252ec3e6..3ce7b1d627 100644 --- a/kubernetes/strimzi/templates/strimzi-kafka.yaml +++ b/kubernetes/strimzi/templates/strimzi-kafka.yaml @@ -36,9 +36,9 @@ spec: - name: external port: 9094 type: {{ if (include "common.ingressEnabled" .) }}cluster-ip{{ else }}nodeport{{ end }} - tls: true + tls: {{ if (include "common.ingressEnabled" .) }}false{{ else }}true{{ end }} authentication: - type: tls + type: {{ if (include "common.ingressEnabled" .) }}{{ .Values.config.saslMechanism }}{{ else }}tls{{ end }} configuration: {{- if not (include "common.ingressEnabled" .) }} bootstrap: diff --git a/kubernetes/strimzi/values.yaml b/kubernetes/strimzi/values.yaml index ec1ed887a7..057f2003c7 100644 --- a/kubernetes/strimzi/values.yaml +++ b/kubernetes/strimzi/values.yaml @@ -19,6 +19,12 @@ global: nodePortPrefixExt: 304 persistence: mountPath: /dockerdata-nfs + ingress: + virtualhost: + baseurl: &baseurl "simpledemo.onap.org" + preaddr: &preaddr "" + postaddr: &postaddr "" + ################################################################# # Application configuration defaults. ################################################################# @@ -66,23 +72,23 @@ ingress: - baseaddr: "kafka-bootstrap-api" name: "onap-strimzi-kafka-external-bootstrap" port: 9094 + protocol: tcp exposedPort: 9010 exposedProtocol: TLS - - baseaddr: "kafka-0-api" - name: "onap-strimzi-kafka-0" - port: 9094 - exposedPort: *advertizedPortBroker0 - exposedProtocol: TLS - - baseaddr: "kafka-1-api" - name: "onap-strimzi-kafka-1" - port: 9094 - exposedPort: *advertizedPortBroker1 - exposedProtocol: TLS - - baseaddr: "kafka-2-api" - name: "onap-strimzi-kafka-2" - port: 9094 - exposedPort: *advertizedPortBroker2 - exposedProtocol: TLS + - baseaddr: "kafka-api" + tcpRoutes: + - name: "onap-strimzi-kafka-0" + port: 9094 + exposedPort: *advertizedPortBroker0 + exposedProtocol: TLS + - name: "onap-strimzi-kafka-1" + port: 9094 + exposedPort: *advertizedPortBroker1 + exposedProtocol: TLS + - name: "onap-strimzi-kafka-2" + port: 9094 + exposedPort: *advertizedPortBroker2 + exposedProtocol: TLS ###################### # Component overrides |