diff options
| author |   Andreas Geissler <andreas-geissler@telekom.de> | 2022-12-15 09:37:42 +0100 |
|---|---|---|
| committer | Andreas Geissler <andreas-geissler@telekom.de> | 2023-01-19 07:53:46 +0000 |
| commit | 92cab4995fdd00bc4df6b702fe14b059def5abc4 (patch) | |
| tree | 86322ce29c672289658fd60bc70e9c1d77543392 /kubernetes | |
| parent | 2f43e96c6a84b737590cc4db8a5d53fbac8fd586 (diff) | |
[COMMON] Add pre/postfix and customized port option for Istio Ingress
Add new options for the created Ingress URLs (preaddr, postaddr)
and allow to create Ingress configurations using customized ports
Correction added to the installation of the Ingress Gateway.
Issue-ID: OOM-3084
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: Ib31050c169799409c6e968adce7ff41e215e3ff9
Diffstat (limited to 'kubernetes')
| -rw-r--r-- | kubernetes/common/common/templates/_ingress.tpl | 86 | ||||
| -rw-r--r-- | kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml | 10 | ||||
| -rwxr-xr-x | kubernetes/onap/values.yaml | 18 |
3 files changed, 88 insertions, 26 deletions
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index d8a944712a..7065338cf9 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -23,45 +23,87 @@ {{- define "ingress.config.host" -}} {{- $dot := default . .dot -}} {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- $preaddr := default "" $dot.Values.global.ingress.virtualhost.preaddr -}} +{{- $preaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $preaddr "parent" (default (dict) $dot.Values.ingress) "var" "preaddrOverride") -}} +{{- $postaddr := default "" $dot.Values.global.ingress.virtualhost.postaddr -}} +{{- $postaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $postaddr "parent" (default (dict) $dot.Values.ingress) "var" "postaddrOverride") -}} {{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}} {{- $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}} -{{ printf "%s.%s" $baseaddr $burl }} +{{ printf "%s%s%s.%s" $preaddr $baseaddr $postaddr $burl }} {{- end -}} {{/* - Helper function to add the tls route + Istio Helper function to add the tls route */}} -{{- define "ingress.config.tls" -}} +{{- define "istio.config.tls_simple" -}} {{- $dot := default . .dot -}} -{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} + tls: {{- if $dot.Values.global.ingress.config }} -{{- if $dot.Values.global.ingress.config.ssl }} -{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }} +{{- if $dot.Values.global.ingress.config.tls }} + credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }} +{{- else }} + credentialName: "ingress-tls-secret" +{{- end }} +{{- else }} + credentialName: "ingress-tls-secret" +{{- end }} + mode: SIMPLE +{{- end -}} + +{{/* + Istio Helper function to add the tls route +*/}} +{{- define "istio.config.tls" -}} +{{- $dot := default . .dot -}} +{{- $service := (required "'service' param, set to the specific service, is required." .service) -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- if $service.exposedPort }} +{{- if $service.exposedProtocol }} +{{- if eq $service.exposedProtocol "TLS" }} + {{ include "istio.config.tls_simple" (dict "dot" $dot ) }} +{{- end }} +{{- end }} +{{- else }} +{{- if $dot.Values.global.ingress.config }} +{{- if $dot.Values.global.ingress.config.ssl }} +{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }} tls: httpsRedirect: true - port: number: 443 name: https protocol: HTTPS - tls: -{{- if $dot.Values.global.ingress.config }} -{{- if $dot.Values.global.ingress.config.tls }} - credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }} -{{- else }} - credentialName: "ingress-tls-secret" -{{- end }} -{{- else }} - credentialName: "ingress-tls-secret" -{{- end }} - mode: SIMPLE + {{ include "istio.config.tls_simple" (dict "dot" $dot ) }} hosts: - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} +{{- end }} {{- end }} {{- end }} {{- end }} {{- end -}} {{/* + Istio Helper function to add the external port of the service +*/}} +{{- define "istio.config.port" -}} +{{- $dot := default . .dot -}} +{{- if .exposedPort }} + number: {{ .exposedPort }} +{{- if .exposedProtocol }} + name: {{ .baseaddr }} + protocol: {{ .exposedProtocol }} +{{- else }} + name: http + protocol: HTTP +{{- end -}} +{{- else }} + number: 80 + name: http + protocol: HTTP +{{- end -}} +{{- end -}} + +{{/* Helper function to add the route to the service */}} {{- define "ingress.config.port" -}} @@ -88,7 +130,7 @@ {{- end -}} {{/* - Helper function to add the route to the service + Istio Helper function to add the route to the service */}} {{- define "istio.config.route" -}} {{- $dot := default . .dot -}} @@ -196,15 +238,13 @@ metadata: name: {{ $baseaddr }}-gateway spec: selector: - istio: ingressgateway # use Istio default gateway implementation + istio: ingress # use Istio default gateway implementation servers: - port: - number: 80 - name: http - protocol: HTTP + {{- include "istio.config.port" . }} hosts: - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{ include "ingress.config.tls" (dict "dot" $dot "baseaddr" $baseaddr) }} + {{- include "istio.config.tls" (dict "dot" $dot "service" . "baseaddr" $baseaddr) }} --- apiVersion: networking.istio.io/v1beta1 kind: VirtualService diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml index 6e156023ee..2dfab060ff 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml @@ -22,6 +22,16 @@ global: # enable all component's Ingress interfaces enable_all: true # All http requests via ingress will be redirected + virtualhost: + # Default Ingress base URL + # can be overwritten in component by setting ingress.baseurlOverride + baseurl: "simpledemo.onap.org" + # prefix for baseaddr + # can be overwritten in component by setting ingress.preaddrOverride + preaddr: "" + # postfix for baseaddr + # can be overwritten in component by setting ingress.postaddrOverride + postaddr: "" config: ssl: "redirect" # you can set an own Secret containing a certificate diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 15097edcf2..fe14c032d6 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -150,11 +150,23 @@ global: enabled: false # enable all component's Ingress interfaces enable_all: false - # default Ingress base URL - # can be overwritten in component vy setting ingress.baseurlOverride + + # default Ingress base URL and preAddr- and postAddr settings + # Ingress URLs result: + # <preaddr><component.ingress.service.baseaddr><postaddr>.<baseurl> virtualhost: + # Default Ingress base URL + # can be overwritten in component by setting ingress.baseurlOverride baseurl: "simpledemo.onap.org" - # All http requests via ingress will be redirected on Ingress controller + # prefix for baseaddr + # can be overwritten in component by setting ingress.preaddrOverride + preaddr: "" + # postfix for baseaddr + # can be overwritten in component by setting ingress.postaddrOverride + postaddr: "" + + # All http (port 80) requests via ingress will be redirected + # to port 443 on Ingress controller # only valid for Istio Gateway (ServiceMesh enabled) config: ssl: "redirect" |