2 # Copyright © 2019-2021 Orange, Samsung
3 # Copyright © 2022 Deutsche Telekom
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
18 Helper function to check, if Ingress is globally enabled
20 {{- define "common.ingressEnabled" -}}
21 {{- $dot := default . .dot -}}
22 {{- if $dot.Values.ingress -}}
23 {{- if $dot.Values.global.ingress -}}
24 {{- if (default false $dot.Values.global.ingress.enabled) -}}
33 Create the hostname as concatination <baseaddr>.<baseurl>
34 - baseaddr: from component values: ingress.service.baseaddr
35 - baseurl: from values: global.ingress.virtualhost.baseurl
36 which van be overwritten in the component via: ingress.baseurlOverride
38 {{- define "ingress.config.host" -}}
39 {{- $dot := default . .dot -}}
40 {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
41 {{- $preaddr := default "" $dot.Values.global.ingress.virtualhost.preaddr -}}
42 {{- $preaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $preaddr "parent" (default (dict) $dot.Values.ingress) "var" "preaddrOverride") -}}
43 {{- $postaddr := default "" $dot.Values.global.ingress.virtualhost.postaddr -}}
44 {{- $postaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $postaddr "parent" (default (dict) $dot.Values.ingress) "var" "postaddrOverride") -}}
45 {{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
46 {{- $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}}
47 {{ printf "%s%s%s.%s" $preaddr $baseaddr $postaddr $burl }}
51 Istio Helper function to add the tls route
53 {{- define "istio.config.tls_simple" -}}
54 {{- $dot := default . .dot -}}
56 {{- if $dot.Values.global.ingress.config }}
57 {{- if $dot.Values.global.ingress.config.tls }}
58 credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
60 credentialName: "ingress-tls-secret"
63 credentialName: "ingress-tls-secret"
69 Istio Helper function to add the tls route
71 {{- define "istio.config.tls" -}}
72 {{- $dot := default . .dot -}}
73 {{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
74 {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
75 {{- if $service.exposedPort }}
76 {{- if $service.exposedProtocol }}
77 {{- if eq $service.exposedProtocol "TLS" }}
78 {{ include "istio.config.tls_simple" (dict "dot" $dot ) }}
82 {{- if $dot.Values.global.ingress.config }}
83 {{- if $dot.Values.global.ingress.config.ssl }}
84 {{- if eq $dot.Values.global.ingress.config.ssl "redirect" }}
91 {{ include "istio.config.tls_simple" (dict "dot" $dot ) }}
93 - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
101 Istio Helper function to add the external port of the service
103 {{- define "istio.config.port" -}}
104 {{- $dot := default . .dot -}}
105 {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
106 {{- $protocol := (required "'protocol' param, set to the name of the port, is required." .protocol) -}}
107 {{- if $dot.exposedPort }}
108 number: {{ $dot.exposedPort }}
109 {{- if $dot.exposedProtocol }}
110 name: {{ $protocol }}-{{ $dot.exposedPort }}
111 protocol: {{ $dot.exposedProtocol }}
113 name: {{ $protocol }}
118 name: {{ $protocol }}
124 Helper function to add the route to the service
126 {{- define "ingress.config.port" -}}
127 {{- $dot := default . .dot -}}
128 {{ range .Values.ingress.service }}
129 {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
130 - host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
137 {{- if kindIs "string" .port }}
145 pathType: ImplementationSpecific
150 Istio Helper function to add the route to the service
152 {{- define "istio.config.route" -}}
153 {{- $dot := default . .dot -}}
154 {{- $protocol := (required "'protocol' param, is required." .protocol) -}}
155 {{- if eq $protocol "tcp" }}
157 - port: {{ $dot.exposedPort }}
161 {{- if $dot.plain_port }}
162 {{- if kindIs "string" $dot.plain_port }}
163 name: {{ $dot.plain_port }}
165 number: {{ $dot.plain_port }}
168 {{- if kindIs "string" $dot.port }}
169 name: {{ $dot.port }}
171 number: {{ $dot.port }}
174 host: {{ $dot.name }}
175 {{- else if eq $protocol "http" }}
179 {{- if $dot.plain_port }}
180 {{- if kindIs "string" $dot.plain_port }}
181 name: {{ $dot.plain_port }}
183 number: {{ $dot.plain_port }}
186 {{- if kindIs "string" $dot.port }}
187 name: {{ $dot.port }}
189 number: {{ $dot.port }}
192 host: {{ $dot.name }}
197 Helper function to add ssl annotations
199 {{- define "ingress.config.annotations.ssl" -}}
200 {{- if .Values.ingress.config -}}
201 {{- if .Values.ingress.config.ssl -}}
202 {{- if eq .Values.ingress.config.ssl "redirect" -}}
203 kubernetes.io/ingress.class: nginx
204 nginx.ingress.kubernetes.io/ssl-passthrough: "true"
205 nginx.ingress.kubernetes.io/ssl-redirect: "true"
206 {{- else if eq .Values.ingress.config.ssl "native" -}}
207 nginx.ingress.kubernetes.io/ssl-redirect: "true"
208 {{- else if eq .Values.ingress.config.ssl "none" -}}
209 nginx.ingress.kubernetes.io/ssl-redirect: "false"
217 Helper function to add annotations
219 {{- define "ingress.config.annotations" -}}
220 {{- if .Values.ingress -}}
221 {{- if .Values.ingress.annotations -}}
222 {{ toYaml .Values.ingress.annotations | indent 4 | trim }}
225 {{ include "ingress.config.annotations.ssl" . | indent 4 | trim }}
229 Helper function to check the existance of an override value
231 {{- define "common.ingress._overrideIfDefined" -}}
232 {{- $currValue := .currVal }}
233 {{- $parent := .parent }}
236 {{- if hasKey $parent $var }}
237 {{- default "" (index $parent $var) }}
239 {{- default "" $currValue -}}
242 {{- default "" $currValue }}
247 Helper function to check, if Ingress is enabled
249 {{- define "common.ingress._enabled" -}}
250 {{- $dot := default . .dot -}}
251 {{- if $dot.Values.ingress -}}
252 {{- if $dot.Values.global.ingress -}}
253 {{- if (default false $dot.Values.global.ingress.enabled) -}}
254 {{- if (default false $dot.Values.global.ingress.enable_all) -}}
257 {{- if $dot.Values.ingress.enabled -}}
267 Create Port entry in the Gateway resource
269 {{- define "istio.config.gatewayPort" -}}
270 {{- $dot := default . .dot -}}
271 {{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
272 {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
273 {{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}}
275 {{- include "istio.config.port" (dict "dot" $service "baseaddr" $baseaddr "protocol" $protocol) }}
277 - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
278 {{- include "istio.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }}
282 Create Istio Ingress resources per defined service
284 {{- define "common.istioIngress" -}}
285 {{- $dot := default . .dot -}}
286 {{ range $dot.Values.ingress.service }}
287 {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
289 apiVersion: networking.istio.io/v1beta1
292 name: {{ $baseaddr }}-gateway
295 istio: ingress # use Istio default gateway implementation
298 {{ range .tcpRoutes }}
299 {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }}
303 {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" .protocol) | trim }}
305 {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }}
309 apiVersion: networking.istio.io/v1beta1
312 name: {{ $baseaddr }}-service
315 - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
317 - {{ $baseaddr }}-gateway
320 {{ range .tcpRoutes }}
321 {{ include "istio.config.route" (dict "dot" . "protocol" "tcp") | trim }}
326 {{ include "istio.config.route" (dict "dot" . "protocol" .protocol) | trim }}
329 {{ include "istio.config.route" (dict "dot" . "protocol" "http") | trim }}
336 Create default Ingress resource
338 {{- define "common.nginxIngress" -}}
339 {{- $dot := default . .dot -}}
340 apiVersion: networking.k8s.io/v1
343 name: {{ include "common.fullname" $dot }}-ingress
345 {{ include "ingress.config.annotations" $dot }}
347 app: {{ $dot.Chart.Name }}
348 chart: {{ $dot.Chart.Name }}-{{ $dot.Chart.Version | replace "+" "_" }}
349 release: {{ include "common.release" $dot }}
350 heritage: {{ $dot.Release.Service }}
353 {{ include "ingress.config.port" $dot | trim }}
354 {{- if $dot.Values.ingress.tls }}
356 {{ toYaml $dot.Values.ingress.tls | indent 4 }}
358 {{- if $dot.Values.ingress.config -}}
359 {{- if $dot.Values.ingress.config.tls }}
362 {{- range $dot.Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
363 - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
365 secretName: {{ required "secret" (tpl (default "" $dot.Values.ingress.config.tls.secret) $dot) }}
371 Create ingress template
372 Will create ingress template depending on the following values:
373 - .Values.global.ingress.enabled : enables Ingress globally
374 - .Values.global.ingress.enable_all : override default Ingress for all charts
375 - .Values.ingress.enabled : sets Ingress per chart basis
377 | global.ingress.enabled | global.ingress.enable_all |ingress.enabled | result |
378 |------------------------|---------------------------|----------------|------------|
379 | false | any | any | no ingress |
380 | true | false | false | no ingress |
381 | true | true | any | ingress |
382 | true | false | true | ingress |
384 If ServiceMesh (Istio) is enabled the respective resources are created:
388 If ServiceMesh is disabled the standard Ingress resource is creates:
391 {{- define "common.ingress" -}}
392 {{- $dot := default . .dot -}}
393 {{- if (include "common.ingress._enabled" (dict "dot" $dot)) }}
394 {{- if (include "common.onServiceMesh" .) }}
395 {{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }}
396 {{ include "common.istioIngress" (dict "dot" $dot) }}
399 {{ include "common.nginxIngress" (dict "dot" $dot) }}