{{/* # Copyright © 2019-2021 Orange, Samsung # Copyright © 2022 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. */}} {{/* Helper function to check, if Ingress is globally enabled */}} {{- define "common.ingressEnabled" -}} {{- $dot := default . .dot -}} {{- if $dot.Values.ingress -}} {{- if $dot.Values.global.ingress -}} {{- if (default false $dot.Values.global.ingress.enabled) -}} true {{- end -}} {{- end -}} {{- end -}} {{- end -}} {{/* Create the hostname as concatination . - baseaddr: from component values: ingress.service.baseaddr - baseurl: from values: global.ingress.virtualhost.baseurl which van be overwritten in the component via: ingress.baseurlOverride */}} {{- define "ingress.config.host" -}} {{- $dot := default . .dot -}} {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} {{- $preaddr := default "" $dot.Values.global.ingress.virtualhost.preaddr -}} {{- $preaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $preaddr "parent" (default (dict) $dot.Values.ingress) "var" "preaddrOverride") -}} {{- $postaddr := default "" $dot.Values.global.ingress.virtualhost.postaddr -}} {{- $postaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $postaddr "parent" (default (dict) $dot.Values.ingress) "var" "postaddrOverride") -}} {{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}} {{- $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}} {{ printf "%s%s%s.%s" $preaddr $baseaddr $postaddr $burl }} {{- end -}} {{/* Istio Helper function to add the tls route */}} {{- define "istio.config.tls_simple" -}} {{- $dot := default . .dot -}} tls: {{- if $dot.Values.global.ingress.config }} {{- if $dot.Values.global.ingress.config.tls }} credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }} {{- else }} credentialName: "ingress-tls-secret" {{- end }} {{- else }} credentialName: "ingress-tls-secret" {{- end }} mode: SIMPLE {{- end -}} {{/* Istio Helper function to add the tls route */}} {{- define "istio.config.tls" -}} {{- $dot := default . .dot -}} {{- $service := (required "'service' param, set to the specific service, is required." .service) -}} {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} {{- if $service.exposedPort }} {{- if $service.exposedProtocol }} {{- if eq $service.exposedProtocol "TLS" }} {{ include "istio.config.tls_simple" (dict "dot" $dot ) }} {{- end }} {{- end }} {{- else }} {{- if $dot.Values.global.ingress.config }} {{- if $dot.Values.global.ingress.config.ssl }} {{- if eq $dot.Values.global.ingress.config.ssl "redirect" }} tls: httpsRedirect: true - port: number: 443 name: https protocol: HTTPS {{ include "istio.config.tls_simple" (dict "dot" $dot ) }} hosts: - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} {{- end }} {{- end }} {{- end }} {{- end }} {{- end -}} {{/* Istio Helper function to add the external port of the service */}} {{- define "istio.config.port" -}} {{- $dot := default . .dot -}} {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} {{- $protocol := (required "'protocol' param, set to the name of the port, is required." .protocol) -}} {{- if $dot.exposedPort }} number: {{ $dot.exposedPort }} {{- if $dot.exposedProtocol }} name: {{ $protocol }}-{{ $dot.exposedPort }} protocol: {{ $dot.exposedProtocol }} {{- else }} name: {{ $protocol }} protocol: HTTP {{- end -}} {{- else }} number: 80 name: {{ $protocol }} protocol: HTTP {{- end -}} {{- end -}} {{/* Helper function to add the route to the service */}} {{- define "ingress.config.port" -}} {{- $dot := default . .dot -}} {{ range .Values.ingress.service }} {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }} - host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} http: paths: - backend: service: name: {{ .name }} port: {{- if kindIs "string" .port }} name: {{ .port }} {{- else }} number: {{ .port }} {{- end }} {{- if .path }} path: {{ .path }} {{- end }} pathType: ImplementationSpecific {{- end }} {{- end -}} {{/* Istio Helper function to add the route to the service */}} {{- define "istio.config.route" -}} {{- $dot := default . .dot -}} {{- $protocol := (required "'protocol' param, is required." .protocol) -}} {{- if eq $protocol "tcp" }} - match: - port: {{ $dot.exposedPort }} route: - destination: port: {{- if $dot.plain_port }} {{- if kindIs "string" $dot.plain_port }} name: {{ $dot.plain_port }} {{- else }} number: {{ $dot.plain_port }} {{- end }} {{- else }} {{- if kindIs "string" $dot.port }} name: {{ $dot.port }} {{- else }} number: {{ $dot.port }} {{- end }} {{- end }} host: {{ $dot.name }} {{- else if eq $protocol "http" }} - route: - destination: port: {{- if $dot.plain_port }} {{- if kindIs "string" $dot.plain_port }} name: {{ $dot.plain_port }} {{- else }} number: {{ $dot.plain_port }} {{- end }} {{- else }} {{- if kindIs "string" $dot.port }} name: {{ $dot.port }} {{- else }} number: {{ $dot.port }} {{- end }} {{- end }} host: {{ $dot.name }} {{- end -}} {{- end -}} {{/* Helper function to add ssl annotations */}} {{- define "ingress.config.annotations.ssl" -}} {{- if .Values.ingress.config -}} {{- if .Values.ingress.config.ssl -}} {{- if eq .Values.ingress.config.ssl "redirect" -}} kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" {{- else if eq .Values.ingress.config.ssl "native" -}} nginx.ingress.kubernetes.io/ssl-redirect: "true" {{- else if eq .Values.ingress.config.ssl "none" -}} nginx.ingress.kubernetes.io/ssl-redirect: "false" {{- end -}} {{- end -}} {{- end -}} {{- end -}} {{/* Helper function to add annotations */}} {{- define "ingress.config.annotations" -}} {{- if .Values.ingress -}} {{- if .Values.ingress.annotations -}} {{ toYaml .Values.ingress.annotations | indent 4 | trim }} {{- end -}} {{- end -}} {{ include "ingress.config.annotations.ssl" . | indent 4 | trim }} {{- end -}} {{/* Helper function to check the existance of an override value */}} {{- define "common.ingress._overrideIfDefined" -}} {{- $currValue := .currVal }} {{- $parent := .parent }} {{- $var := .var }} {{- if $parent -}} {{- if hasKey $parent $var }} {{- default "" (index $parent $var) }} {{- else -}} {{- default "" $currValue -}} {{- end -}} {{- else -}} {{- default "" $currValue }} {{- end -}} {{- end -}} {{/* Helper function to check, if Ingress is enabled */}} {{- define "common.ingress._enabled" -}} {{- $dot := default . .dot -}} {{- if $dot.Values.ingress -}} {{- if $dot.Values.global.ingress -}} {{- if (default false $dot.Values.global.ingress.enabled) -}} {{- if (default false $dot.Values.global.ingress.enable_all) -}} true {{- else -}} {{- if $dot.Values.ingress.enabled -}} true {{- end -}} {{- end -}} {{- end -}} {{- end -}} {{- end -}} {{- end -}} {{/* Create Port entry in the Gateway resource */}} {{- define "istio.config.gatewayPort" -}} {{- $dot := default . .dot -}} {{- $service := (required "'service' param, set to the specific service, is required." .service) -}} {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} {{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}} - port: {{- include "istio.config.port" (dict "dot" $service "baseaddr" $baseaddr "protocol" $protocol) }} hosts: - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} {{- include "istio.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }} {{- end -}} {{/* Create Istio Ingress resources per defined service */}} {{- define "common.istioIngress" -}} {{- $dot := default . .dot -}} {{ range $dot.Values.ingress.service }} {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }} --- apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: name: {{ $baseaddr }}-gateway spec: selector: istio: ingress # use Istio default gateway implementation servers: {{- if .tcpRoutes }} {{ range .tcpRoutes }} {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }} {{ end -}} {{- else }} {{- if .protocol }} {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" .protocol) | trim }} {{- else }} {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }} {{ end }} {{ end }} --- apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: {{ $baseaddr }}-service spec: hosts: - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} gateways: - {{ $baseaddr }}-gateway {{- if .tcpRoutes }} tcp: {{ range .tcpRoutes }} {{ include "istio.config.route" (dict "dot" . "protocol" "tcp") | trim }} {{ end -}} {{- else }} {{- if .protocol }} {{ .protocol }}: {{ include "istio.config.route" (dict "dot" . "protocol" .protocol) | trim }} {{- else }} http: {{ include "istio.config.route" (dict "dot" . "protocol" "http") | trim }} {{ end }} {{ end }} {{- end -}} {{- end -}} {{/* Create default Ingress resource */}} {{- define "common.nginxIngress" -}} {{- $dot := default . .dot -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "common.fullname" $dot }}-ingress annotations: {{ include "ingress.config.annotations" $dot }} labels: app: {{ $dot.Chart.Name }} chart: {{ $dot.Chart.Name }}-{{ $dot.Chart.Version | replace "+" "_" }} release: {{ include "common.release" $dot }} heritage: {{ $dot.Release.Service }} spec: rules: {{ include "ingress.config.port" $dot | trim }} {{- if $dot.Values.ingress.tls }} tls: {{ toYaml $dot.Values.ingress.tls | indent 4 }} {{- end -}} {{- if $dot.Values.ingress.config -}} {{- if $dot.Values.ingress.config.tls }} tls: - hosts: {{- range $dot.Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} {{- end }} secretName: {{ required "secret" (tpl (default "" $dot.Values.ingress.config.tls.secret) $dot) }} {{- end -}} {{- end -}} {{- end -}} {{/* Create ingress template Will create ingress template depending on the following values: - .Values.global.ingress.enabled : enables Ingress globally - .Values.global.ingress.enable_all : override default Ingress for all charts - .Values.ingress.enabled : sets Ingress per chart basis | global.ingress.enabled | global.ingress.enable_all |ingress.enabled | result | |------------------------|---------------------------|----------------|------------| | false | any | any | no ingress | | true | false | false | no ingress | | true | true | any | ingress | | true | false | true | ingress | If ServiceMesh (Istio) is enabled the respective resources are created: - Gateway - VirtualService If ServiceMesh is disabled the standard Ingress resource is creates: - Ingress */}} {{- define "common.ingress" -}} {{- $dot := default . .dot -}} {{- if (include "common.ingress._enabled" (dict "dot" $dot)) }} {{- if (include "common.onServiceMesh" .) }} {{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }} {{ include "common.istioIngress" (dict "dot" $dot) }} {{- end -}} {{- else -}} {{ include "common.nginxIngress" (dict "dot" $dot) }} {{- end -}} {{- end -}} {{- end -}}