diff options
Diffstat (limited to 'kubernetes/common')
| -rw-r--r-- | kubernetes/common/common/Chart.yaml | 2 | ||||
| -rw-r--r-- | kubernetes/common/common/templates/_dmaapProvisioning.tpl | 126 | ||||
| -rw-r--r-- | kubernetes/common/common/templates/_ingress.tpl | 563 | ||||
| -rw-r--r-- | kubernetes/common/repositoryGenerator/templates/_repository.tpl | 4 | ||||
| -rw-r--r-- | kubernetes/common/repositoryGenerator/values.yaml | 4 |
5 files changed, 518 insertions, 181 deletions
diff --git a/kubernetes/common/common/Chart.yaml b/kubernetes/common/common/Chart.yaml index f66a0c6bb9..e134fe8048 100644 --- a/kubernetes/common/common/Chart.yaml +++ b/kubernetes/common/common/Chart.yaml @@ -16,4 +16,4 @@ apiVersion: v2 description: Common templates for inclusion in other charts name: common -version: 13.0.0 +version: 13.0.1 diff --git a/kubernetes/common/common/templates/_dmaapProvisioning.tpl b/kubernetes/common/common/templates/_dmaapProvisioning.tpl index fae16ff7eb..3cf5bf1207 100644 --- a/kubernetes/common/common/templates/_dmaapProvisioning.tpl +++ b/kubernetes/common/common/templates/_dmaapProvisioning.tpl @@ -1,7 +1,7 @@ {{/* ################################################################################ # Copyright (C) 2021 Nordix Foundation. # -# Copyright (c) 2022 J. F. Lucas. All rights reserved. # +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # # # # Licensed under the Apache License, Version 2.0 (the "License"); # # you may not use this file except in compliance with the License. # @@ -19,51 +19,54 @@ {{/* This template generates a Kubernetes init containers common template to enable applications to provision - DMaaP feeds (on Data Router), with associated authorization. - DMaap Bus Controller endpoints are used to provision: - - - Feed on DR, with associated user authentication. + DMaaP feeds (on Data Router) for DCAE microservices, with associated authorization. + DMaap Data Router (DR) endpoints are used to provision: + - Feeds on DR, with associated user authentication. + - Subscribers to feeds on DR, to provide DR with username, password, and URL needed to deliver + files to subscribers. common.dmaap.provisioning.initContainer: - This template make use of Dmaap Bus Controller docker image to create resources on Dmaap Data Router - microservice, with the help of dbc-client.sh script it makes use of Bus Controller API to create Feeds. - If the resource creation is successful via script response is logged back at particular location with - appropriate naming convention. - - More details can be found at : - (https://wiki.onap.org/pages/viewpage.action?pageId=103417564) + This template creates an initContainer with some associated volumes. The initContainer + (oom/kubernetes/dmaap-datarouter/drprov-client) runs a script (drprov-client.sh) that uses the + DR provisioning API to create the feeds and subscribers needed by a microservice. The script + updates the microservice's configuration to supply information needed to access the feeds. The + configuration information comes from two volumes that are created by the dcaegen2-services-common + templates. + - app-config-input: comes from a configMap generated from the microservice's values.yaml file. + It may contain references to environment variables as placeholders for feed information that + will become available after feeds are provisioned. + - app-config: this template will copy the configuration file from the app-config-input volume, + replaced the environment variable references with the actual values for feed information, based + on data returned by the DR provisioning API. The template directly references data in .Values, and indirectly (through its use of templates from the ONAP "common" collection) references data in .Release. - Parameter for _dmaapProvisioning to be defined in values.yaml + Parameters for _dmaapProvisioning to be defined in values.yaml: + # DataRouter Feed Configuration + # (Note that DR configures publishers as part of the feed.) drFeedConfig: - feedName: bulk_pm_feed - owner: dcaecm feedVersion: 0.0 - asprClassification: unclassified + classification: unclassified feedDescription: DFC Feed Creation - - # DataRouter Publisher Configuration - drPubConfig: - - feedName: bulk_pm_feed - dcaeLocationName: loc00 + publisher: + username: xyz + password: xyz # DataRouter Subscriber Configuration drSubConfig: - feedName: bulk_pm_feed + feedVersion: 0.0 decompress: True - dcaeLocationName: loc00 privilegedSubscriber: True deliveryURL: https://dcae-pm-mapper:8443/delivery - # ConfigMap Configuration for DR Feed, Dr_Publisher, Dr_Subscriber + # ConfigMap Configuration for DR Feed, Dr_Subscriber volumes: - name: feeds-config path: /opt/app/config/feeds - - name: drpub-config - path: /opt/app/config/dr_pubs - name: drsub-config path: /opt/app/config/dr_subs @@ -76,8 +79,10 @@ {{- define "common.dmaap.provisioning._volumeMounts" -}} {{- $dot := default . .dot -}} -- mountPath: /opt/app/config/cache - name: dbc-response-cache +- mountPath: /config-input + name: app-config-input +- mountPath: /config + name: app-config {{- range $name, $volume := $dot.Values.volumes }} - name: {{ $volume.name }} mountPath: {{ $volume.path }} @@ -86,8 +91,6 @@ {{- define "common.dmaap.provisioning._volumes" -}} {{- $dot := default . .dot -}} -- name: dbc-response-cache - emptyDir: {} {{- range $name, $volume := $dot.Values.volumes }} - name: {{ $volume.name }} configMap: @@ -98,20 +101,14 @@ {{- define "common.dmaap.provisioning.initContainer" -}} {{- $dot := default . .dot -}} -{{- $drFeedConfig := default $dot.Values.drFeedConfig .drFeedConfig -}} -{{- if $drFeedConfig -}} +{{- $drNeedProvisioning := or $dot.Values.drFeedConfig $dot.Values.drSubConfig -}} +{{- if $drNeedProvisioning -}} - name: {{ include "common.name" $dot }}-init-dmaap-provisioning - image: {{ include "repositoryGenerator.image.dbcClient" $dot }} + image: {{ include "repositoryGenerator.image.drProvClient" $dot }} imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} env: - - name: PROTO - value: "http" - - name: PORT - value: "8080" - - name: RESP_CACHE - value: /opt/app/config/cache - - name: REQUESTID - value: "{{ include "common.name" $dot }}-dmaap-provisioning" + - name: ONBEHALFHDR + value: "X-DMAAP-DR-ON-BEHALF-OF: drprovcl" {{- range $cred := $dot.Values.credentials }} - name: {{ $cred.name }} {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $cred.uid "key" $cred.key) | nindent 4 }} @@ -119,56 +116,5 @@ volumeMounts: {{- include "common.dmaap.provisioning._volumeMounts" $dot | trim | nindent 2 }} resources: {{ include "common.resources" $dot | nindent 4 }} -- name: {{ include "common.name" $dot }}-init-merge-config - image: {{ include "repositoryGenerator.image.envsubst" $dot }} - imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} - command: - - /bin/sh - args: - - -c - - | - set -uex -o pipefail - if [ -d /opt/app/config/cache ]; then - cd /opt/app/config/cache - for file in $(ls feed*); do - NUM=$(echo "$file" | sed 's/feedConfig-\([0-9]\+\)-resp.json/\1/') - export DR_LOG_URL_"$NUM"="$(grep -o '"logURL":"[^"]*' "$file" | grep -w "feedlog" | cut -d '"' -f4)" - export DR_FILES_PUBLISHER_URL_"$NUM"="$(grep -o '"publishURL":"[^"]*' "$file" | cut -d '"' -f4)" - done - for file in $(ls drpub*); do - NUM=$(echo "$file" | sed 's/drpubConfig-\([0-9]\+\)-resp.json/\1/') - export DR_FILES_PUBLISHER_ID_"$NUM"="$(grep -o '"pubId":"[^"]*' "$file" | cut -d '"' -f4)" - done - for file in $(ls drsub*); do - NUM=$(echo "$file" | sed 's/drsubConfig-\([0-9]\+\)-resp.json/\1/') - export DR_FILES_SUBSCRIBER_ID_"$NUM"="$(grep -o '"subId":"[^"]*' "$file" | cut -d '"' -f4)" - done - for file in $(ls topics*); do - NUM=$(echo "$file" | sed 's/topicsConfig-\([0-9]\+\)-resp.json/\1/') - export MR_FILES_PUBLISHER_CLIENT_ID_"$NUM"="$(grep -o '"mrClientId":"[^"]*' "$file" | cut -d '"' -f4)" - done - else - echo "No Response logged for Dmaap BusController Http POST Request..!" - fi - cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done - env: - {{- range $cred := $dot.Values.credentials }} - - name: {{ $cred.name }} - {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $cred.uid "key" $cred.key) | nindent 4 }} - {{- end }} - volumeMounts: - - mountPath: /opt/app/config/cache - name: dbc-response-cache - - mountPath: /config-input - name: app-config-input - - mountPath: /config - name: app-config - resources: - limits: - cpu: 200m - memory: 250Mi - requests: - cpu: 100m - memory: 200Mi {{- end -}} {{- end -}}
\ No newline at end of file diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index db276d546c..968cb65a78 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -28,6 +28,171 @@ true {{- end -}} {{- end -}} +{{/* + Helper function to check, if Ingress is enabled +*/}} +{{- define "common.ingress._enabled" -}} +{{- $dot := default . .dot -}} +{{- if $dot.Values.ingress -}} +{{- if $dot.Values.global.ingress -}} +{{- if (default false $dot.Values.global.ingress.enabled) -}} +{{- if (default false $dot.Values.global.ingress.enable_all) -}} +true +{{- else -}} +{{- if $dot.Values.ingress.enabled -}} +true +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* + Helper function to check, if TLS redirect is enabled +*/}} +{{- define "common.ingress._tlsRedirect" -}} +{{- $dot := default . .dot -}} +{{- if $dot.Values.global.ingress.config }} +{{- if $dot.Values.global.ingress.config.ssl }} +{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }} +true +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* + Helper function to get the Ingress Provider (default is "ingress") +*/}} +{{- define "common.ingress._provider" -}} +{{- $dot := default . .dot -}} +{{- $provider := "ingress" -}} +{{- if $dot.Values.global.ingress -}} +{{- if $dot.Values.global.ingress.provider -}} +{{- if ne $dot.Values.global.ingress.provider "" -}} +{{ $provider = $dot.Values.global.ingress.provider }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $provider -}} +{{- end -}} + +{{/* + Helper function to get the Ingress Class (default is "nginx") +*/}} +{{- define "common.ingress._class" -}} +{{- $dot := default . .dot -}} +{{- $class := "nginx" -}} +{{- if $dot.Values.global.ingress -}} +{{- if $dot.Values.global.ingress.ingressClass -}} +{{- if ne $dot.Values.global.ingress.ingressClass "" -}} +{{ $class = $dot.Values.global.ingress.ingressClass }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $class -}} +{{- end -}} + +{{/* + Helper function to get the Ingress Selector (default is "ingress") +*/}} +{{- define "common.ingress._selector" -}} +{{- $dot := default . .dot -}} +{{- $selector := "ingress" -}} +{{- if $dot.Values.global.ingress -}} +{{- if $dot.Values.global.ingress.ingressSelector -}} +{{- if ne $dot.Values.global.ingress.ingressSelector "" -}} +{{ $selector = $dot.Values.global.ingress.ingressSelector }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $selector -}} +{{- end -}} + +{{/* + Helper function to get the common Gateway, if exists +*/}} +{{- define "common.ingress._commonGateway" -}} +{{- $dot := default . .dot -}} +{{- $gateway := "-" -}} +{{- if $dot.Values.global.ingress -}} +{{- if $dot.Values.global.ingress.commonGateway -}} +{{- if $dot.Values.global.ingress.commonGateway.name -}} +{{ $gateway = $dot.Values.global.ingress.commonGateway.name }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $gateway -}} +{{- end -}} + +{{/* + Helper function to get the common Gateway HTTP Listener name, if exists +*/}} +{{- define "common.ingress._gatewayHTTPListener" -}} +{{- $dot := default . .dot -}} +{{- $listener := "http-80" -}} +{{- if $dot.Values.global.ingress -}} +{{- if $dot.Values.global.ingress.commonGateway -}} +{{- if $dot.Values.global.ingress.commonGateway.name -}} +{{ $listener = $dot.Values.global.ingress.commonGateway.httpListener }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $listener -}} +{{- end -}} + +{{/* + Helper function to get the common Gateway HTTPS Listener name, if exists +*/}} +{{- define "common.ingress._gatewayHTTPSListener" -}} +{{- $dot := default . .dot -}} +{{- $listener := "https-443" -}} +{{- if $dot.Values.global.ingress -}} +{{- if $dot.Values.global.ingress.commonGateway -}} +{{- if $dot.Values.global.ingress.commonGateway.name -}} +{{ $listener = $dot.Values.global.ingress.commonGateway.httpsListener }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $listener -}} +{{- end -}} + +{{/* + Helper function to check the existance of an override value +*/}} +{{- define "common.ingress._overrideIfDefined" -}} + {{- $currValue := .currVal }} + {{- $parent := .parent }} + {{- $var := .var }} + {{- if $parent -}} + {{- if hasKey $parent $var }} + {{- default "" (index $parent $var) }} + {{- else -}} + {{- default "" $currValue -}} + {{- end -}} + {{- else -}} + {{- default "" $currValue }} + {{- end -}} +{{- end -}} + +{{/* + Helper function to get the protocol of the service +*/}} +{{- define "common.ingress._protocol" -}} +{{- $dot := default . .dot -}} +{{- $protocol := "http" -}} +{{- if $dot.tcpRoutes }} +{{- $protocol = "tcp" -}} +{{- end -}} +{{- if $dot.udpRoutes }} +{{- $protocol = "tcp" -}} +{{- end -}} +{{- if $dot.protocol }} +{{- $protocol = (lower $dot.protocol) -}} +{{- end -}} +{{- $protocol -}} +{{- end -}} {{/* Create the hostname as concatination <baseaddr>.<baseurl> @@ -121,6 +286,21 @@ true {{- end -}} {{/* + Create Port entry in the Gateway resource +*/}} +{{- define "istio.config.gatewayPort" -}} +{{- $dot := default . .dot -}} +{{- $service := (required "'service' param, set to the specific service, is required." .service) -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}} + - port: + {{- include "istio.config.port" (dict "dot" $service "baseaddr" $baseaddr "protocol" $protocol) }} + hosts: + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + {{- include "istio.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }} +{{- end -}} + +{{/* Helper function to add the route to the service */}} {{- define "ingress.config.port" -}} @@ -197,16 +377,17 @@ true Helper function to add ssl annotations */}} {{- define "ingress.config.annotations.ssl" -}} +{{- $class := include "common.ingress._class" (dict "dot" .) }} {{- if .Values.ingress.config -}} {{- if .Values.ingress.config.ssl -}} {{- if eq .Values.ingress.config.ssl "redirect" -}} -kubernetes.io/ingress.class: nginx -nginx.ingress.kubernetes.io/ssl-passthrough: "true" -nginx.ingress.kubernetes.io/ssl-redirect: "true" +kubernetes.io/ingress.class: {{ $class }} +{{ $class }}.ingress.kubernetes.io/ssl-passthrough: "true" +{{ $class }}.ingress.kubernetes.io/ssl-redirect: "true" {{- else if eq .Values.ingress.config.ssl "native" -}} -nginx.ingress.kubernetes.io/ssl-redirect: "true" +{{ $class }}.ingress.kubernetes.io/ssl-redirect: "true" {{- else if eq .Values.ingress.config.ssl "none" -}} -nginx.ingress.kubernetes.io/ssl-redirect: "false" +{{ $class }}.ingress.kubernetes.io/ssl-redirect: "false" {{- end -}} {{- end -}} {{- end -}} @@ -226,65 +407,16 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false" {{- end -}} {{/* - Helper function to check the existance of an override value -*/}} -{{- define "common.ingress._overrideIfDefined" -}} - {{- $currValue := .currVal }} - {{- $parent := .parent }} - {{- $var := .var }} - {{- if $parent -}} - {{- if hasKey $parent $var }} - {{- default "" (index $parent $var) }} - {{- else -}} - {{- default "" $currValue -}} - {{- end -}} - {{- else -}} - {{- default "" $currValue }} - {{- end -}} -{{- end -}} - -{{/* - Helper function to check, if Ingress is enabled -*/}} -{{- define "common.ingress._enabled" -}} -{{- $dot := default . .dot -}} -{{- if $dot.Values.ingress -}} -{{- if $dot.Values.global.ingress -}} -{{- if (default false $dot.Values.global.ingress.enabled) -}} -{{- if (default false $dot.Values.global.ingress.enable_all) -}} -true -{{- else -}} -{{- if $dot.Values.ingress.enabled -}} -true -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* - Create Port entry in the Gateway resource -*/}} -{{- define "istio.config.gatewayPort" -}} -{{- $dot := default . .dot -}} -{{- $service := (required "'service' param, set to the specific service, is required." .service) -}} -{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} -{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}} - - port: - {{- include "istio.config.port" (dict "dot" $service "baseaddr" $baseaddr "protocol" $protocol) }} - hosts: - - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{- include "istio.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }} -{{- end -}} - -{{/* Create Istio Ingress resources per defined service */}} {{- define "common.istioIngress" -}} {{- $dot := default . .dot -}} +{{- $selector := include "common.ingress._selector" (dict "dot" $dot) }} +{{- $gateway := include "common.ingress._commonGateway" (dict "dot" $dot) }} {{ range $dot.Values.ingress.service }} +{{ if or ( eq (include "common.ingress._protocol" (dict "dot" .)) "http" ) ( eq (include "common.ingress._protocol" (dict "dot" .)) "tcp" )}} {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }} +{{- if eq $gateway "-" }} --- apiVersion: networking.istio.io/v1beta1 kind: Gateway @@ -292,19 +424,20 @@ metadata: name: {{ $baseaddr }}-gateway spec: selector: - istio: ingress # use Istio default gateway implementation + istio: {{ $selector }} servers: -{{- if .tcpRoutes }} -{{ range .tcpRoutes }} +{{- if .tcpRoutes }} +{{ range .tcpRoutes }} {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }} -{{ end -}} -{{- else }} - {{- if .protocol }} +{{ end -}} +{{- else }} + {{- if .protocol }} {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" .protocol) | trim }} - {{- else }} + {{- else }} {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }} - {{ end }} -{{ end }} + {{ end }} +{{ end }} +{{ end }} --- apiVersion: networking.istio.io/v1beta1 kind: VirtualService @@ -314,7 +447,11 @@ spec: hosts: - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} gateways: +{{- if eq $gateway "-" }} - {{ $baseaddr }}-gateway +{{- else }} + - {{ $gateway }} +{{- end }} {{- if .tcpRoutes }} tcp: {{ range .tcpRoutes }} @@ -327,9 +464,253 @@ spec: {{- else }} http: {{ include "istio.config.route" (dict "dot" . "protocol" "http") | trim }} - {{ end }} -{{ end }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* + GW-API Helper function to add the tls route +*/}} +{{- define "gwapi.config.tls_simple" -}} +{{- $dot := default . .dot -}} + tls: +{{- if $dot.Values.global.ingress.config }} +{{- if $dot.Values.global.ingress.config.tls }} + certificateRefs: + - kind: Secret + group: "" + name: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }} +{{- else }} + certificateRefs: + - kind: Secret + group: "" + name: "ingress-tls-secret" +{{- end }} +{{- else }} + certificateRefs: + - kind: Secret + group: "" + name: "ingress-tls-secret" +{{- end }} + mode: Terminate +{{- end -}} + +{{/* + GW-API Helper function to add the tls route +*/}} +{{- define "gwapi.config.tls" -}} +{{- $dot := default . .dot -}} +{{- $service := (required "'service' param, set to the specific service, is required." .service) -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- if $service.exposedPort }} +{{- if $service.exposedProtocol }} +{{- if eq $service.exposedProtocol "TLS" }} + {{ include "gwapi.config.tls_simple" (dict "dot" $dot ) }} +{{- end }} +{{- end }} +{{- else }} +{{- if (include "common.ingress._tlsRedirect" (dict "dot" $dot)) }} + - name: HTTPS-443 + port: 443 + protocol: HTTPS + hostname: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + {{ include "gwapi.config.tls_simple" (dict "dot" $dot ) }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* + Create Listener entry in the Gateway resource +*/}} +{{- define "gwapi.config.listener" -}} +{{- $dot := default . .dot -}} +{{- $service := (required "'service' param, set to the specific service, is required." .service) -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}} +{{- $port := default 80 $service.exposedPort -}} + - name: {{ $protocol }}-{{ $port }} + port: {{ $port }} +{{- if $service.exposedProtocol }} + protocol: {{ upper $service.exposedProtocol }} +{{- else }} + protocol: HTTP +{{- end }} + hostname: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + allowedRoutes: + namespaces: + from: All +{{- if eq $service.protocol "tcp" }} + kinds: + - kind: TCPRoute +{{- else if eq $service.protocol "tcp" }} + kinds: + - kind: UDPRoute +{{- end }} + {{- include "gwapi.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }} +{{- end -}} + +{{/* + Create *Route entry for the Gateway-API +*/}} +{{- define "gwapi.config.route" -}} +{{- $dot := default . .dot -}} +{{- $service := (required "'service' param, set to the specific service, is required." .service) -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}} +{{- $gateway := include "common.ingress._commonGateway" (dict "dot" $dot) -}} +{{- $namespace := default "istio-ingress" $dot.Values.global.ingress.namespace -}} +{{- $path := default "/" $service.path -}} +{{- if eq $protocol "udp" -}} +--- +apiVersion: gateway.networking.k8s.io/v1alpha2 +kind: UDPRoute +metadata: + name: {{ $baseaddr }}-{{ $service.exposedPort }}-route +spec: + parentRefs: +{{- if eq $gateway "-" }} + - name: {{ $baseaddr }}-gateway +{{- else }} + - name: {{ $gateway }} +{{- end }} + namespace: {{ $namespace }} + sectionName: udp-{{ $service.exposedPort }} + rules: + - backendRefs: + - name: {{ $service.name }} + port: {{ $service.port }} +{{- else if eq $protocol "tcp" }} +--- +apiVersion: gateway.networking.k8s.io/v1alpha2 +kind: TCPRoute +metadata: + name: {{ $baseaddr }}-{{ $service.exposedPort }}-route +spec: + parentRefs: +{{- if eq $gateway "-" }} + - name: {{ $baseaddr }}-gateway +{{- else }} + - name: {{ $gateway }} +{{- end }} + namespace: {{ $namespace }} + sectionName: tcp-{{ $service.exposedPort }} + rules: + - backendRefs: + - name: {{ $service.name }} + port: {{ $service.port }} +{{- else if eq $protocol "http" }} +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: HTTPRoute +metadata: + name: {{ $baseaddr }}-http-route +spec: + parentRefs: +{{- if eq $gateway "-" }} + - name: {{ $baseaddr }}-gateway +{{- else }} + - name: {{ $gateway }} +{{- end }} + namespace: {{ $namespace }} +{{- if (include "common.ingress._tlsRedirect" (dict "dot" $dot)) }} + sectionName: {{ include "common.ingress._gatewayHTTPSListener" (dict "dot" $dot) }} +{{- else }} + sectionName: {{ include "common.ingress._gatewayHTTPListener" (dict "dot" $dot) }} +{{- end }} + hostnames: + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + rules: + - backendRefs: + - name: {{ $service.name }} + port: {{ $service.port }} + matches: + - path: + type: PathPrefix + value: {{ $path }} +{{- if (include "common.ingress._tlsRedirect" (dict "dot" $dot)) }} +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: HTTPRoute +metadata: + name: {{ $baseaddr }}-redirect-route +spec: + parentRefs: +{{- if eq $gateway "-" }} + - name: {{ $baseaddr }}-gateway +{{- else }} + - name: {{ $gateway }} +{{- end }} + namespace: {{ $namespace }} + sectionName: {{ include "common.ingress._gatewayHTTPListener" (dict "dot" $dot) }} + hostnames: + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + rules: + - filters: + - type: RequestRedirect + requestRedirect: + scheme: https + statusCode: 301 + port: 443 + matches: + - path: + type: PathPrefix + value: {{ $path }} +{{- end }} +{{- end }} {{- end -}} + +{{/* + Create GW-API Ingress resources per defined service +*/}} +{{- define "common.gwapiIngress" -}} +{{- $dot := default . .dot -}} +{{- $selector := include "common.ingress._selector" (dict "dot" $dot) }} +{{- $gateway := include "common.ingress._commonGateway" (dict "dot" $dot) }} +{{ range $dot.Values.ingress.service }} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }} +{{- if eq $gateway "-" }} +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: Gateway +metadata: + name: {{ $baseaddr }}-gateway +spec: + gatewayClassName: {{ $dot.Values.global.serviceMesh.engine }} + listeners: +{{- if .tcpRoutes }} +{{ range .tcpRoutes }} + {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }} +{{- end -}} +{{- else if .udpRoutes }} +{{ range .udpRoutes }} + {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "udp") | trim }} +{{- end -}} +{{- else }} +{{- if .protocol }} + {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" (lower .protocol)) | trim }} +{{- else }} + {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }} +{{- end }} +{{- end }} +{{- end }} +{{- if .tcpRoutes }} +{{ range .tcpRoutes }} +{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }} +{{- end -}} +{{- else if .udpRoutes }} +{{ range .udpRoutes }} +{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "udp") | trim }} +{{- end -}} +{{- else }} +{{- if .protocol }} +{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" (lower .protocol)) | trim }} +{{- else }} +{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }} +{{- end }} +{{- end }} +{{- end }} {{- end -}} {{/* @@ -337,6 +718,9 @@ spec: */}} {{- define "common.nginxIngress" -}} {{- $dot := default . .dot -}} +{{ range $dot.Values.ingress.service }} +{{ if eq (include "common.ingress._protocol" (dict "dot" .)) "http" }} +{{ $baseaddr := required "baseaddr" .baseaddr }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -350,21 +734,21 @@ metadata: heritage: {{ $dot.Release.Service }} spec: rules: - {{ include "ingress.config.port" $dot | trim }} -{{- if $dot.Values.ingress.tls }} + {{ include "ingress.config.port" . | trim }} +{{- if $dot.Values.ingress.tls }} tls: {{ toYaml $dot.Values.ingress.tls | indent 4 }} -{{- end -}} -{{- if $dot.Values.ingress.config -}} -{{- if $dot.Values.ingress.config.tls }} +{{- end -}} +{{- if $dot.Values.ingress.config -}} +{{- if $dot.Values.ingress.config.tls }} tls: - hosts: - {{- range $dot.Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} - - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{- end }} + - {{ include "ingress.config.host" (dict "dot" . "baseaddr" $baseaddr) }} secretName: {{ required "secret" (tpl (default "" $dot.Values.ingress.config.tls.secret) $dot) }} -{{- end -}} -{{- end -}} +{{- end }} +{{- end }} +{{- end }} +{{- end }} {{- end -}} {{/* @@ -381,22 +765,29 @@ spec: | true | true | any | ingress | | true | false | true | ingress | - If ServiceMesh (Istio) is enabled the respective resources are created: - - Gateway + If ServiceMesh (Ingress-Provider: Istio) is enabled the respective resources + are created: + - Gateway (optional) - VirtualService + If ServiceMesh (Ingress-Provider: GatewayAPI) is enabled the respective resources + are created: + - Gateway (optional) + - HTTPRoute, TCPRoute, UDPRoute (depending) + If ServiceMesh is disabled the standard Ingress resource is creates: - Ingress */}} {{- define "common.ingress" -}} {{- $dot := default . .dot -}} +{{- $provider := include "common.ingress._provider" (dict "dot" $dot) -}} {{- if (include "common.ingress._enabled" (dict "dot" $dot)) }} -{{- if (include "common.onServiceMesh" .) }} -{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }} -{{ include "common.istioIngress" (dict "dot" $dot) }} -{{- end -}} -{{- else -}} +{{- if eq $provider "ingress" -}} {{ include "common.nginxIngress" (dict "dot" $dot) }} +{{- else if eq $provider "istio" -}} +{{ include "common.istioIngress" (dict "dot" $dot) }} +{{- else if eq $provider "gw-api" -}} +{{ include "common.gwapiIngress" (dict "dot" $dot) }} {{- end -}} {{- end -}} {{- end -}} diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl index 09a799e713..1da838a5b9 100644 --- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl +++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl @@ -147,8 +147,8 @@ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "readinessImage") .) }} {{- end -}} -{{- define "repositoryGenerator.image.dbcClient" -}} - {{- include "repositoryGenerator.image._helper" (merge (dict "image" "dbcClientImage") .) }} +{{- define "repositoryGenerator.image.drProvClient" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "drProvClientImage") .) }} {{- end -}} {{- define "repositoryGenerator.image.quitQuit" -}} diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index b89c2b2bf6..2c94c29b15 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -41,7 +41,7 @@ global: postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 readinessImage: onap/oom/readiness:3.0.1 dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 - dbcClientImage: onap/dmaap/dbc-client:2.0.11 + drProvClientImage: onap/dmaap/datarouter-prov-client:2.1.14 quitQuitImage: onap/oom/readiness:4.1.0 # Default credentials @@ -75,5 +75,5 @@ imageRepoMapping: postgresImage: dockerHubRepository readinessImage: repository dcaePolicySyncImage: repository - dbcClientImage: repository + drProvClientImage: repository quitQuitImage: repository |