3 files changed, 88 insertions, 26 deletions

diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl
index d8a944712a..7065338cf9 100644
--- a/kubernetes/common/common/templates/_ingress.tpl
+++ b/kubernetes/common/common/templates/_ingress.tpl
@@ -23,45 +23,87 @@
 {{- define "ingress.config.host" -}}
 {{-   $dot := default . .dot -}}
 {{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{-   $preaddr := default "" $dot.Values.global.ingress.virtualhost.preaddr -}}
+{{-   $preaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $preaddr "parent" (default (dict) $dot.Values.ingress) "var" "preaddrOverride") -}}
+{{-   $postaddr := default "" $dot.Values.global.ingress.virtualhost.postaddr -}}
+{{-   $postaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $postaddr "parent" (default (dict) $dot.Values.ingress) "var" "postaddrOverride") -}}
 {{-   $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
 {{-   $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}}
-{{ printf "%s.%s" $baseaddr $burl }}
+{{ printf "%s%s%s.%s" $preaddr $baseaddr $postaddr $burl }}
 {{- end -}}
 
 {{/*
-  Helper function to add the tls route
+  Istio Helper function to add the tls route
 */}}
-{{- define "ingress.config.tls" -}}
+{{- define "istio.config.tls_simple" -}}
 {{-   $dot := default . .dot -}}
-{{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+    tls:
 {{-   if $dot.Values.global.ingress.config }}
-{{-     if $dot.Values.global.ingress.config.ssl }}
-{{-       if eq $dot.Values.global.ingress.config.ssl "redirect" }}
+{{-     if $dot.Values.global.ingress.config.tls }}
+      credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
+{{-     else }}
+      credentialName: "ingress-tls-secret"
+{{-     end }}
+{{-   else }}
+      credentialName: "ingress-tls-secret"
+{{-   end }}
+      mode: SIMPLE
+{{- end -}}
+
+{{/*
+  Istio Helper function to add the tls route
+*/}}
+{{- define "istio.config.tls" -}}
+{{-   $dot := default . .dot -}}
+{{-   $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{-   if $service.exposedPort }}
+{{-     if $service.exposedProtocol }}
+{{-       if eq $service.exposedProtocol "TLS" }}
+    {{ include "istio.config.tls_simple" (dict "dot" $dot ) }}
+{{-       end }}
+{{-     end }}
+{{-   else }}
+{{-     if $dot.Values.global.ingress.config }}
+{{-       if $dot.Values.global.ingress.config.ssl }}
+{{-         if eq $dot.Values.global.ingress.config.ssl "redirect" }}
     tls:
       httpsRedirect: true
   - port:
       number: 443
       name: https
       protocol: HTTPS
-    tls:
-{{-         if $dot.Values.global.ingress.config }}
-{{-           if $dot.Values.global.ingress.config.tls }}
-      credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
-{{-           else }}
-      credentialName: "ingress-tls-secret"
-{{-           end }}
-{{-         else }}
-      credentialName: "ingress-tls-secret"
-{{-         end }}
-      mode: SIMPLE
+    {{ include "istio.config.tls_simple" (dict "dot" $dot ) }}
     hosts:
     - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+{{-         end }}
 {{-       end }}
 {{-     end }}
 {{-   end }}
 {{- end -}}
 
 {{/*
+  Istio Helper function to add the external port of the service
+*/}}
+{{- define "istio.config.port" -}}
+{{-   $dot := default . .dot -}}
+{{-   if .exposedPort }}
+      number: {{ .exposedPort }}
+{{-     if .exposedProtocol }}
+      name: {{ .baseaddr }}
+      protocol: {{ .exposedProtocol }}
+{{-     else }}
+      name: http
+      protocol: HTTP
+{{-     end -}}
+{{-   else }}
+      number: 80
+      name: http
+      protocol: HTTP
+{{-   end -}}
+{{- end -}}
+
+{{/*
   Helper function to add the route to the service
 */}}
 {{- define "ingress.config.port" -}}
@@ -88,7 +130,7 @@
 {{- end -}}
 
 {{/*
-  Helper function to add the route to the service
+  Istio Helper function to add the route to the service
 */}}
 {{- define "istio.config.route" -}}
 {{-   $dot := default . .dot -}}
@@ -196,15 +238,13 @@ metadata:
   name: {{ $baseaddr }}-gateway
 spec:
   selector:
-    istio: ingressgateway # use Istio default gateway implementation
+    istio: ingress # use Istio default gateway implementation
   servers:
   - port:
-      number: 80
-      name: http
-      protocol: HTTP
+      {{- include "istio.config.port" . }}
     hosts:
     - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
-    {{ include "ingress.config.tls" (dict "dot" $dot "baseaddr" $baseaddr) }}
+    {{- include "istio.config.tls" (dict "dot" $dot "service" . "baseaddr" $baseaddr) }}
 ---
 apiVersion: networking.istio.io/v1beta1
 kind: VirtualService
diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
index 6e156023ee..2dfab060ff 100644
--- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
@@ -22,6 +22,16 @@ global:
     # enable all component's Ingress interfaces
     enable_all: true
     # All http requests via ingress will be redirected
+    virtualhost:
+      # Default Ingress base URL
+      # can be overwritten in component by setting ingress.baseurlOverride
+      baseurl: "simpledemo.onap.org"
+      # prefix for baseaddr
+      # can be overwritten in component by setting ingress.preaddrOverride
+      preaddr: ""
+      # postfix for baseaddr
+      # can be overwritten in component by setting ingress.postaddrOverride
+      postaddr: ""
     config:
       ssl: "redirect"
     # you can set an own Secret containing a certificate
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 15097edcf2..fe14c032d6 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -150,11 +150,23 @@ global:
     enabled: false
     # enable all component's Ingress interfaces
     enable_all: false
-    # default Ingress base URL
-    # can be overwritten in component vy setting ingress.baseurlOverride
+
+    # default Ingress base URL and preAddr- and postAddr settings
+    # Ingress URLs result:
+    # <preaddr><component.ingress.service.baseaddr><postaddr>.<baseurl>
     virtualhost:
+      # Default Ingress base URL
+      # can be overwritten in component by setting ingress.baseurlOverride
       baseurl: "simpledemo.onap.org"
-    # All http requests via ingress will be redirected on Ingress controller
+      # prefix for baseaddr
+      # can be overwritten in component by setting ingress.preaddrOverride
+      preaddr: ""
+      # postfix for baseaddr
+      # can be overwritten in component by setting ingress.postaddrOverride
+      postaddr: ""
+
+    # All http (port 80) requests via ingress will be redirected
+    # to port 443 on Ingress controller
     # only valid for Istio Gateway (ServiceMesh enabled)
     config:
       ssl: "redirect"