2 # Copyright © 2019-2021 Orange, Samsung
3 # Copyright © 2022 Deutsche Telekom
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
18 Create the hostname as concatination <baseaddr>.<baseurl>
19 - baseaddr: from component values: ingress.service.baseaddr
20 - baseurl: from values: global.ingress.virtualhost.baseurl
21 which van be overwritten in the component via: ingress.baseurlOverride
23 {{- define "ingress.config.host" -}}
24 {{- $dot := default . .dot -}}
25 {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
26 {{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
27 {{- $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}}
28 {{ printf "%s.%s" $baseaddr $burl }}
32 Helper function to add the tls route
34 {{- define "ingress.config.tls" -}}
35 {{- $dot := default . .dot -}}
36 {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
37 {{- if $dot.Values.global.ingress.config }}
38 {{- if $dot.Values.global.ingress.config.ssl }}
39 {{- if eq $dot.Values.global.ingress.config.ssl "redirect" }}
47 {{- if $dot.Values.global.ingress.config }}
48 {{- if $dot.Values.global.ingress.config.tls }}
49 credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
51 credentialName: "ingress-tls-secret"
54 credentialName: "ingress-tls-secret"
58 - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
65 Helper function to add the route to the service
67 {{- define "ingress.config.port" -}}
68 {{- $dot := default . .dot -}}
69 {{ range .Values.ingress.service }}
70 {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
71 - host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
78 {{- if kindIs "string" .port }}
86 pathType: ImplementationSpecific
91 Helper function to add the route to the service
93 {{- define "istio.config.route" -}}
94 {{- $dot := default . .dot -}}
100 {{- if kindIs "string" .plain_port }}
101 name: {{ .plain_port }}
103 number: {{ .plain_port }}
106 {{- if kindIs "string" .port }}
116 Helper function to add ssl annotations
118 {{- define "ingress.config.annotations.ssl" -}}
119 {{- if .Values.ingress.config -}}
120 {{- if .Values.ingress.config.ssl -}}
121 {{- if eq .Values.ingress.config.ssl "redirect" -}}
122 kubernetes.io/ingress.class: nginx
123 nginx.ingress.kubernetes.io/ssl-passthrough: "true"
124 nginx.ingress.kubernetes.io/ssl-redirect: "true"
125 {{- else if eq .Values.ingress.config.ssl "native" -}}
126 nginx.ingress.kubernetes.io/ssl-redirect: "true"
127 {{- else if eq .Values.ingress.config.ssl "none" -}}
128 nginx.ingress.kubernetes.io/ssl-redirect: "false"
136 Helper function to add annotations
138 {{- define "ingress.config.annotations" -}}
139 {{- if .Values.ingress -}}
140 {{- if .Values.ingress.annotations -}}
141 {{ toYaml .Values.ingress.annotations | indent 4 | trim }}
144 {{ include "ingress.config.annotations.ssl" . | indent 4 | trim }}
148 Helper function to check the existance of an override value
150 {{- define "common.ingress._overrideIfDefined" -}}
151 {{- $currValue := .currVal }}
152 {{- $parent := .parent }}
155 {{- if hasKey $parent $var }}
156 {{- default "" (index $parent $var) }}
158 {{- default "" $currValue -}}
161 {{- default "" $currValue }}
166 Helper function to check, if Ingress is enabled
168 {{- define "common.ingress._enabled" -}}
169 {{- $dot := default . .dot -}}
170 {{- if $dot.Values.ingress -}}
171 {{- if $dot.Values.global.ingress -}}
172 {{- if (default false $dot.Values.global.ingress.enabled) -}}
173 {{- if (default false $dot.Values.global.ingress.enable_all) -}}
176 {{- if $dot.Values.ingress.enabled -}}
186 Create Istio Ingress resources per defined service
188 {{- define "common.istioIngress" -}}
189 {{- $dot := default . .dot -}}
190 {{ range $dot.Values.ingress.service }}
191 {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
193 apiVersion: networking.istio.io/v1beta1
196 name: {{ $baseaddr }}-gateway
199 istio: ingressgateway # use Istio default gateway implementation
206 - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
207 {{ include "ingress.config.tls" (dict "dot" $dot "baseaddr" $baseaddr) }}
209 apiVersion: networking.istio.io/v1beta1
212 name: {{ $baseaddr }}-service
215 - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
217 - {{ $baseaddr }}-gateway
218 {{ include "istio.config.route" . | trim }}
223 Create default Ingress resource
225 {{- define "common.nginxIngress" -}}
226 {{- $dot := default . .dot -}}
227 apiVersion: networking.k8s.io/v1
230 name: {{ include "common.fullname" $dot }}-ingress
232 {{ include "ingress.config.annotations" $dot }}
234 app: {{ $dot.Chart.Name }}
235 chart: {{ $dot.Chart.Name }}-{{ $dot.Chart.Version | replace "+" "_" }}
236 release: {{ include "common.release" $dot }}
237 heritage: {{ $dot.Release.Service }}
240 {{ include "ingress.config.port" $dot | trim }}
241 {{- if $dot.Values.ingress.tls }}
243 {{ toYaml $dot.Values.ingress.tls | indent 4 }}
245 {{- if $dot.Values.ingress.config -}}
246 {{- if $dot.Values.ingress.config.tls -}}
249 {{- range $dot.Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
250 - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
252 secretName: {{ required "secret" (tpl (default "" $dot.Values.ingress.config.tls.secret) $dot) }}
258 Create ingress template
259 Will create ingress template depending on the following values:
260 - .Values.global.ingress.enabled : enables Ingress globally
261 - .Values.global.ingress.enable_all : override default Ingress for all charts
262 - .Values.ingress.enabled : sets Ingress per chart basis
264 | global.ingress.enabled | global.ingress.enable_all |ingress.enabled | result |
265 |------------------------|---------------------------|----------------|------------|
266 | false | any | any | no ingress |
267 | true | false | false | no ingress |
268 | true | true | any | ingress |
269 | true | false | true | ingress |
271 If ServiceMesh (Istio) is enabled the respective resources are created:
275 If ServiceMesh is disabled the standard Ingress resource is creates:
278 {{- define "common.ingress" -}}
279 {{- $dot := default . .dot -}}
280 {{- if (include "common.ingress._enabled" (dict "dot" $dot)) }}
281 {{- if (include "common.onServiceMesh" .) }}
282 {{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }}
283 {{ include "common.istioIngress" (dict "dot" $dot) }}
286 {{ include "common.nginxIngress" (dict "dot" $dot) }}