aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
authorAndreas Geissler <andreas-geissler@telekom.de>2023-03-23 14:05:45 +0100
committerAndreas Geissler <andreas-geissler@telekom.de>2023-03-27 13:00:51 +0200
commit2900765560071572d8a5c53482855048cddfac92 (patch)
tree55be0cddd23c1ca39a91a0168edc089dbddd7a3e /kubernetes
parent5b76eca5250aa16c7a3fcf8ef984acff2807d656 (diff)
[STRIMZI] Correction for external Access via Ingress
VirtualService TCP route added in _ingress.tpl using protocol option in onap-strimzi ingress configuration Added support for multiple ports in _ingress.tpl added Fixed port setting in onap-strimzi for external interface Add information to the documents section Issue-ID: OOM-3109 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: If8507278d952ee29ceaa3f134b99d18bd6f31cb7
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/common/common/templates/_ingress.tpl112
-rw-r--r--kubernetes/strimzi/templates/strimzi-kafka.yaml4
-rw-r--r--kubernetes/strimzi/values.yaml36
3 files changed, 108 insertions, 44 deletions
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl
index 30ef02295f..a9ffd70f96 100644
--- a/kubernetes/common/common/templates/_ingress.tpl
+++ b/kubernetes/common/common/templates/_ingress.tpl
@@ -102,18 +102,20 @@ true
*/}}
{{- define "istio.config.port" -}}
{{- $dot := default . .dot -}}
-{{- if .exposedPort }}
- number: {{ .exposedPort }}
-{{- if .exposedProtocol }}
- name: {{ .baseaddr }}
- protocol: {{ .exposedProtocol }}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $protocol := (required "'protocol' param, set to the name of the port, is required." .protocol) -}}
+{{- if $dot.exposedPort }}
+ number: {{ $dot.exposedPort }}
+{{- if $dot.exposedProtocol }}
+ name: {{ $protocol }}-{{ $dot.exposedPort }}
+ protocol: {{ $dot.exposedProtocol }}
{{- else }}
- name: http
+ name: {{ $protocol }}
protocol: HTTP
{{- end -}}
{{- else }}
number: 80
- name: http
+ name: {{ $protocol }}
protocol: HTTP
{{- end -}}
{{- end -}}
@@ -148,25 +150,47 @@ true
Istio Helper function to add the route to the service
*/}}
{{- define "istio.config.route" -}}
-{{- $dot := default . .dot -}}
- http:
+{{- $dot := default . .dot -}}
+{{- $protocol := (required "'protocol' param, is required." .protocol) -}}
+{{- if eq $protocol "tcp" }}
+ - match:
+ - port: {{ $dot.exposedPort }}
+ route:
+ - destination:
+ port:
+ {{- if $dot.plain_port }}
+ {{- if kindIs "string" $dot.plain_port }}
+ name: {{ $dot.plain_port }}
+ {{- else }}
+ number: {{ $dot.plain_port }}
+ {{- end }}
+ {{- else }}
+ {{- if kindIs "string" $dot.port }}
+ name: {{ $dot.port }}
+ {{- else }}
+ number: {{ $dot.port }}
+ {{- end }}
+ {{- end }}
+ host: {{ $dot.name }}
+{{- else if eq $protocol "http" }}
- route:
- destination:
port:
- {{- if .plain_port }}
- {{- if kindIs "string" .plain_port }}
- name: {{ .plain_port }}
+ {{- if $dot.plain_port }}
+ {{- if kindIs "string" $dot.plain_port }}
+ name: {{ $dot.plain_port }}
{{- else }}
- number: {{ .plain_port }}
+ number: {{ $dot.plain_port }}
{{- end }}
{{- else }}
- {{- if kindIs "string" .port }}
- name: {{ .port }}
+ {{- if kindIs "string" $dot.port }}
+ name: {{ $dot.port }}
{{- else }}
- number: {{ .port }}
+ number: {{ $dot.port }}
{{- end }}
{{- end }}
- host: {{ .name }}
+ host: {{ $dot.name }}
+{{- end -}}
{{- end -}}
{{/*
@@ -240,12 +264,27 @@ true
{{- end -}}
{{/*
+ Create Port entry in the Gateway resource
+*/}}
+{{- define "istio.config.gatewayPort" -}}
+{{- $dot := default . .dot -}}
+{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}}
+ - port:
+ {{- include "istio.config.port" (dict "dot" $service "baseaddr" $baseaddr "protocol" $protocol) }}
+ hosts:
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ {{- include "istio.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }}
+{{- end -}}
+
+{{/*
Create Istio Ingress resources per defined service
*/}}
{{- define "common.istioIngress" -}}
-{{- $dot := default . .dot -}}
-{{ range $dot.Values.ingress.service }}
-{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
+{{- $dot := default . .dot -}}
+{{ range $dot.Values.ingress.service }}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
@@ -255,11 +294,17 @@ spec:
selector:
istio: ingress # use Istio default gateway implementation
servers:
- - port:
- {{- include "istio.config.port" . }}
- hosts:
- - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{- include "istio.config.tls" (dict "dot" $dot "service" . "baseaddr" $baseaddr) }}
+{{- if .tcpRoutes }}
+{{ range .tcpRoutes }}
+ {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }}
+{{ end -}}
+{{- else }}
+ {{- if .protocol }}
+ {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" .protocol) | trim }}
+ {{- else }}
+ {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }}
+ {{ end }}
+{{ end }}
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
@@ -270,8 +315,21 @@ spec:
- {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
gateways:
- {{ $baseaddr }}-gateway
- {{ include "istio.config.route" . | trim }}
-{{- end -}}
+{{- if .tcpRoutes }}
+ tcp:
+{{ range .tcpRoutes }}
+ {{ include "istio.config.route" (dict "dot" . "protocol" "tcp") | trim }}
+{{ end -}}
+{{- else }}
+ {{- if .protocol }}
+ {{ .protocol }}:
+ {{ include "istio.config.route" (dict "dot" . "protocol" .protocol) | trim }}
+ {{- else }}
+ http:
+ {{ include "istio.config.route" (dict "dot" . "protocol" "http") | trim }}
+ {{ end }}
+{{ end }}
+{{- end -}}
{{- end -}}
{{/*
diff --git a/kubernetes/strimzi/templates/strimzi-kafka.yaml b/kubernetes/strimzi/templates/strimzi-kafka.yaml
index 99252ec3e6..3ce7b1d627 100644
--- a/kubernetes/strimzi/templates/strimzi-kafka.yaml
+++ b/kubernetes/strimzi/templates/strimzi-kafka.yaml
@@ -36,9 +36,9 @@ spec:
- name: external
port: 9094
type: {{ if (include "common.ingressEnabled" .) }}cluster-ip{{ else }}nodeport{{ end }}
- tls: true
+ tls: {{ if (include "common.ingressEnabled" .) }}false{{ else }}true{{ end }}
authentication:
- type: tls
+ type: {{ if (include "common.ingressEnabled" .) }}{{ .Values.config.saslMechanism }}{{ else }}tls{{ end }}
configuration:
{{- if not (include "common.ingressEnabled" .) }}
bootstrap:
diff --git a/kubernetes/strimzi/values.yaml b/kubernetes/strimzi/values.yaml
index ec1ed887a7..057f2003c7 100644
--- a/kubernetes/strimzi/values.yaml
+++ b/kubernetes/strimzi/values.yaml
@@ -19,6 +19,12 @@ global:
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
+ ingress:
+ virtualhost:
+ baseurl: &baseurl "simpledemo.onap.org"
+ preaddr: &preaddr ""
+ postaddr: &postaddr ""
+
#################################################################
# Application configuration defaults.
#################################################################
@@ -66,23 +72,23 @@ ingress:
- baseaddr: "kafka-bootstrap-api"
name: "onap-strimzi-kafka-external-bootstrap"
port: 9094
+ protocol: tcp
exposedPort: 9010
exposedProtocol: TLS
- - baseaddr: "kafka-0-api"
- name: "onap-strimzi-kafka-0"
- port: 9094
- exposedPort: *advertizedPortBroker0
- exposedProtocol: TLS
- - baseaddr: "kafka-1-api"
- name: "onap-strimzi-kafka-1"
- port: 9094
- exposedPort: *advertizedPortBroker1
- exposedProtocol: TLS
- - baseaddr: "kafka-2-api"
- name: "onap-strimzi-kafka-2"
- port: 9094
- exposedPort: *advertizedPortBroker2
- exposedProtocol: TLS
+ - baseaddr: "kafka-api"
+ tcpRoutes:
+ - name: "onap-strimzi-kafka-0"
+ port: 9094
+ exposedPort: *advertizedPortBroker0
+ exposedProtocol: TLS
+ - name: "onap-strimzi-kafka-1"
+ port: 9094
+ exposedPort: *advertizedPortBroker1
+ exposedProtocol: TLS
+ - name: "onap-strimzi-kafka-2"
+ port: 9094
+ exposedPort: *advertizedPortBroker2
+ exposedProtocol: TLS
######################
# Component overrides