diff options
5 files changed, 102 insertions, 28 deletions
diff --git a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst index a49543cc0c..90a20613fa 100644 --- a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst +++ b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst @@ -60,9 +60,17 @@ Global settings relevant for ServiceMesh: # enable all component's Ingress interfaces enable_all: false # default Ingress base URL - # can be overwritten in component by setting ingress.baseurlOverride + # All http requests via ingress will be redirected virtualhost: + # Default Ingress base URL + # can be overwritten in component by setting ingress.baseurlOverride baseurl: "simpledemo.onap.org" + # prefix for baseaddr + # can be overwritten in component by setting ingress.preaddrOverride + preaddr: "" + # postfix for baseaddr + # can be overwritten in component by setting ingress.postaddrOverride + postaddr: "" # All http requests via ingress will be redirected on Ingress controller # only valid for Istio Gateway (ServiceMesh enabled) config: @@ -101,6 +109,10 @@ Ingress settings: - enable_all: true → enables Ingress configuration in each component - virtualhost.baseurl: "simpledemo.onap.org" → sets globally the URL for all Interfaces set by the components, resulting in e.g. "aai-api.simpledemo.onap.org", can be overwritten in the component via: ingress.baseurlOverride +- virtualhost.preaddr: "pre-" → sets globally a prefix for the Application name for all Interfaces set by the components, + resulting in e.g. "pre-aai-api.simpledemo.onap.org", can be overwritten in the component via: ingress.preaddrOverride +- virtualhost.postaddr: "-post" → sets globally a postfix for the Application name for all Interfaces set by the components, + resulting in e.g. "aai-api-post.simpledemo.onap.org", can be overwritten in the component via: ingress.postaddrOverride - config.ssl: redirect → sets in the Ingress globally the redirection of all Interfaces from http (port 80) to https (port 443) - config.tls.secret: "..." → (optional) overrides the default selfsigned SSL certificate with a certificate stored in the specified secret - namespace: istio-ingress → (optional) overrides the namespace of the ingress gateway which is used for the created SSL certificate diff --git a/docs/sections/guides/infra_guides/oom_base_optional_addons.rst b/docs/sections/guides/infra_guides/oom_base_optional_addons.rst index 5f81a363e9..b424c65c7d 100644 --- a/docs/sections/guides/infra_guides/oom_base_optional_addons.rst +++ b/docs/sections/guides/infra_guides/oom_base_optional_addons.rst @@ -128,7 +128,7 @@ Install Istio Gateway <recommended-istio-version> with the version defined in the :ref:`versions_table` table:: - > helm upgrade -i istio-ingressgateway istio/gateway -n istio-ingress + > helm upgrade -i istio-ingress istio/gateway -n istio-ingress --version <recommended-istio-version> --wait Kiali Installation diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index d8a944712a..7065338cf9 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -23,45 +23,87 @@ {{- define "ingress.config.host" -}} {{- $dot := default . .dot -}} {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- $preaddr := default "" $dot.Values.global.ingress.virtualhost.preaddr -}} +{{- $preaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $preaddr "parent" (default (dict) $dot.Values.ingress) "var" "preaddrOverride") -}} +{{- $postaddr := default "" $dot.Values.global.ingress.virtualhost.postaddr -}} +{{- $postaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $postaddr "parent" (default (dict) $dot.Values.ingress) "var" "postaddrOverride") -}} {{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}} {{- $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}} -{{ printf "%s.%s" $baseaddr $burl }} +{{ printf "%s%s%s.%s" $preaddr $baseaddr $postaddr $burl }} {{- end -}} {{/* - Helper function to add the tls route + Istio Helper function to add the tls route */}} -{{- define "ingress.config.tls" -}} +{{- define "istio.config.tls_simple" -}} {{- $dot := default . .dot -}} -{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} + tls: {{- if $dot.Values.global.ingress.config }} -{{- if $dot.Values.global.ingress.config.ssl }} -{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }} +{{- if $dot.Values.global.ingress.config.tls }} + credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }} +{{- else }} + credentialName: "ingress-tls-secret" +{{- end }} +{{- else }} + credentialName: "ingress-tls-secret" +{{- end }} + mode: SIMPLE +{{- end -}} + +{{/* + Istio Helper function to add the tls route +*/}} +{{- define "istio.config.tls" -}} +{{- $dot := default . .dot -}} +{{- $service := (required "'service' param, set to the specific service, is required." .service) -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- if $service.exposedPort }} +{{- if $service.exposedProtocol }} +{{- if eq $service.exposedProtocol "TLS" }} + {{ include "istio.config.tls_simple" (dict "dot" $dot ) }} +{{- end }} +{{- end }} +{{- else }} +{{- if $dot.Values.global.ingress.config }} +{{- if $dot.Values.global.ingress.config.ssl }} +{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }} tls: httpsRedirect: true - port: number: 443 name: https protocol: HTTPS - tls: -{{- if $dot.Values.global.ingress.config }} -{{- if $dot.Values.global.ingress.config.tls }} - credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }} -{{- else }} - credentialName: "ingress-tls-secret" -{{- end }} -{{- else }} - credentialName: "ingress-tls-secret" -{{- end }} - mode: SIMPLE + {{ include "istio.config.tls_simple" (dict "dot" $dot ) }} hosts: - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} +{{- end }} {{- end }} {{- end }} {{- end }} {{- end -}} {{/* + Istio Helper function to add the external port of the service +*/}} +{{- define "istio.config.port" -}} +{{- $dot := default . .dot -}} +{{- if .exposedPort }} + number: {{ .exposedPort }} +{{- if .exposedProtocol }} + name: {{ .baseaddr }} + protocol: {{ .exposedProtocol }} +{{- else }} + name: http + protocol: HTTP +{{- end -}} +{{- else }} + number: 80 + name: http + protocol: HTTP +{{- end -}} +{{- end -}} + +{{/* Helper function to add the route to the service */}} {{- define "ingress.config.port" -}} @@ -88,7 +130,7 @@ {{- end -}} {{/* - Helper function to add the route to the service + Istio Helper function to add the route to the service */}} {{- define "istio.config.route" -}} {{- $dot := default . .dot -}} @@ -196,15 +238,13 @@ metadata: name: {{ $baseaddr }}-gateway spec: selector: - istio: ingressgateway # use Istio default gateway implementation + istio: ingress # use Istio default gateway implementation servers: - port: - number: 80 - name: http - protocol: HTTP + {{- include "istio.config.port" . }} hosts: - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{ include "ingress.config.tls" (dict "dot" $dot "baseaddr" $baseaddr) }} + {{- include "istio.config.tls" (dict "dot" $dot "service" . "baseaddr" $baseaddr) }} --- apiVersion: networking.istio.io/v1beta1 kind: VirtualService diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml index 6e156023ee..2dfab060ff 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml @@ -22,6 +22,16 @@ global: # enable all component's Ingress interfaces enable_all: true # All http requests via ingress will be redirected + virtualhost: + # Default Ingress base URL + # can be overwritten in component by setting ingress.baseurlOverride + baseurl: "simpledemo.onap.org" + # prefix for baseaddr + # can be overwritten in component by setting ingress.preaddrOverride + preaddr: "" + # postfix for baseaddr + # can be overwritten in component by setting ingress.postaddrOverride + postaddr: "" config: ssl: "redirect" # you can set an own Secret containing a certificate diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 15097edcf2..fe14c032d6 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -150,11 +150,23 @@ global: enabled: false # enable all component's Ingress interfaces enable_all: false - # default Ingress base URL - # can be overwritten in component vy setting ingress.baseurlOverride + + # default Ingress base URL and preAddr- and postAddr settings + # Ingress URLs result: + # <preaddr><component.ingress.service.baseaddr><postaddr>.<baseurl> virtualhost: + # Default Ingress base URL + # can be overwritten in component by setting ingress.baseurlOverride baseurl: "simpledemo.onap.org" - # All http requests via ingress will be redirected on Ingress controller + # prefix for baseaddr + # can be overwritten in component by setting ingress.preaddrOverride + preaddr: "" + # postfix for baseaddr + # can be overwritten in component by setting ingress.postaddrOverride + postaddr: "" + + # All http (port 80) requests via ingress will be redirected + # to port 443 on Ingress controller # only valid for Istio Gateway (ServiceMesh enabled) config: ssl: "redirect" |