From 92cab4995fdd00bc4df6b702fe14b059def5abc4 Mon Sep 17 00:00:00 2001
From: Andreas Geissler <andreas-geissler@telekom.de>
Date: Thu, 15 Dec 2022 09:37:42 +0100
Subject: [COMMON] Add pre/postfix and customized port option for Istio Ingress

Add new options for the created Ingress URLs (preaddr, postaddr)
and allow to create Ingress configurations using customized ports
Correction added to the installation of the Ingress Gateway.

Issue-ID: OOM-3084

Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: Ib31050c169799409c6e968adce7ff41e215e3ff9
---
 kubernetes/common/common/templates/_ingress.tpl    | 86 ++++++++++++++++------
 .../overrides/onap-all-ingress-istio.yaml          | 10 +++
 kubernetes/onap/values.yaml                        | 18 ++++-
 3 files changed, 88 insertions(+), 26 deletions(-)

(limited to 'kubernetes')

diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl
index d8a944712a..7065338cf9 100644
--- a/kubernetes/common/common/templates/_ingress.tpl
+++ b/kubernetes/common/common/templates/_ingress.tpl
@@ -23,44 +23,86 @@
 {{- define "ingress.config.host" -}}
 {{-   $dot := default . .dot -}}
 {{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{-   $preaddr := default "" $dot.Values.global.ingress.virtualhost.preaddr -}}
+{{-   $preaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $preaddr "parent" (default (dict) $dot.Values.ingress) "var" "preaddrOverride") -}}
+{{-   $postaddr := default "" $dot.Values.global.ingress.virtualhost.postaddr -}}
+{{-   $postaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $postaddr "parent" (default (dict) $dot.Values.ingress) "var" "postaddrOverride") -}}
 {{-   $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
 {{-   $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}}
-{{ printf "%s.%s" $baseaddr $burl }}
+{{ printf "%s%s%s.%s" $preaddr $baseaddr $postaddr $burl }}
 {{- end -}}
 
 {{/*
-  Helper function to add the tls route
+  Istio Helper function to add the tls route
 */}}
-{{- define "ingress.config.tls" -}}
+{{- define "istio.config.tls_simple" -}}
 {{-   $dot := default . .dot -}}
-{{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+    tls:
 {{-   if $dot.Values.global.ingress.config }}
-{{-     if $dot.Values.global.ingress.config.ssl }}
-{{-       if eq $dot.Values.global.ingress.config.ssl "redirect" }}
+{{-     if $dot.Values.global.ingress.config.tls }}
+      credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
+{{-     else }}
+      credentialName: "ingress-tls-secret"
+{{-     end }}
+{{-   else }}
+      credentialName: "ingress-tls-secret"
+{{-   end }}
+      mode: SIMPLE
+{{- end -}}
+
+{{/*
+  Istio Helper function to add the tls route
+*/}}
+{{- define "istio.config.tls" -}}
+{{-   $dot := default . .dot -}}
+{{-   $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{-   if $service.exposedPort }}
+{{-     if $service.exposedProtocol }}
+{{-       if eq $service.exposedProtocol "TLS" }}
+    {{ include "istio.config.tls_simple" (dict "dot" $dot ) }}
+{{-       end }}
+{{-     end }}
+{{-   else }}
+{{-     if $dot.Values.global.ingress.config }}
+{{-       if $dot.Values.global.ingress.config.ssl }}
+{{-         if eq $dot.Values.global.ingress.config.ssl "redirect" }}
     tls:
       httpsRedirect: true
   - port:
       number: 443
       name: https
       protocol: HTTPS
-    tls:
-{{-         if $dot.Values.global.ingress.config }}
-{{-           if $dot.Values.global.ingress.config.tls }}
-      credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
-{{-           else }}
-      credentialName: "ingress-tls-secret"
-{{-           end }}
-{{-         else }}
-      credentialName: "ingress-tls-secret"
-{{-         end }}
-      mode: SIMPLE
+    {{ include "istio.config.tls_simple" (dict "dot" $dot ) }}
     hosts:
     - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+{{-         end }}
 {{-       end }}
 {{-     end }}
 {{-   end }}
 {{- end -}}
 
+{{/*
+  Istio Helper function to add the external port of the service
+*/}}
+{{- define "istio.config.port" -}}
+{{-   $dot := default . .dot -}}
+{{-   if .exposedPort }}
+      number: {{ .exposedPort }}
+{{-     if .exposedProtocol }}
+      name: {{ .baseaddr }}
+      protocol: {{ .exposedProtocol }}
+{{-     else }}
+      name: http
+      protocol: HTTP
+{{-     end -}}
+{{-   else }}
+      number: 80
+      name: http
+      protocol: HTTP
+{{-   end -}}
+{{- end -}}
+
 {{/*
   Helper function to add the route to the service
 */}}
@@ -88,7 +130,7 @@
 {{- end -}}
 
 {{/*
-  Helper function to add the route to the service
+  Istio Helper function to add the route to the service
 */}}
 {{- define "istio.config.route" -}}
 {{-   $dot := default . .dot -}}
@@ -196,15 +238,13 @@ metadata:
   name: {{ $baseaddr }}-gateway
 spec:
   selector:
-    istio: ingressgateway # use Istio default gateway implementation
+    istio: ingress # use Istio default gateway implementation
   servers:
   - port:
-      number: 80
-      name: http
-      protocol: HTTP
+      {{- include "istio.config.port" . }}
     hosts:
     - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
-    {{ include "ingress.config.tls" (dict "dot" $dot "baseaddr" $baseaddr) }}
+    {{- include "istio.config.tls" (dict "dot" $dot "service" . "baseaddr" $baseaddr) }}
 ---
 apiVersion: networking.istio.io/v1beta1
 kind: VirtualService
diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
index 6e156023ee..2dfab060ff 100644
--- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
@@ -22,6 +22,16 @@ global:
     # enable all component's Ingress interfaces
     enable_all: true
     # All http requests via ingress will be redirected
+    virtualhost:
+      # Default Ingress base URL
+      # can be overwritten in component by setting ingress.baseurlOverride
+      baseurl: "simpledemo.onap.org"
+      # prefix for baseaddr
+      # can be overwritten in component by setting ingress.preaddrOverride
+      preaddr: ""
+      # postfix for baseaddr
+      # can be overwritten in component by setting ingress.postaddrOverride
+      postaddr: ""
     config:
       ssl: "redirect"
     # you can set an own Secret containing a certificate
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 15097edcf2..fe14c032d6 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -150,11 +150,23 @@ global:
     enabled: false
     # enable all component's Ingress interfaces
     enable_all: false
-    # default Ingress base URL
-    # can be overwritten in component vy setting ingress.baseurlOverride
+
+    # default Ingress base URL and preAddr- and postAddr settings
+    # Ingress URLs result:
+    # <preaddr><component.ingress.service.baseaddr><postaddr>.<baseurl>
     virtualhost:
+      # Default Ingress base URL
+      # can be overwritten in component by setting ingress.baseurlOverride
       baseurl: "simpledemo.onap.org"
-    # All http requests via ingress will be redirected on Ingress controller
+      # prefix for baseaddr
+      # can be overwritten in component by setting ingress.preaddrOverride
+      preaddr: ""
+      # postfix for baseaddr
+      # can be overwritten in component by setting ingress.postaddrOverride
+      postaddr: ""
+
+    # All http (port 80) requests via ingress will be redirected
+    # to port 443 on Ingress controller
     # only valid for Istio Gateway (ServiceMesh enabled)
     config:
       ssl: "redirect"
-- 
cgit 1.2.3-korg