2 # Copyright © 2019-2021 Orange, Samsung
3 # Copyright © 2022 Deutsche Telekom
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
18 Helper function to check, if Ingress is globally enabled
20 {{- define "common.ingressEnabled" -}}
21 {{- $dot := default . .dot -}}
22 {{- if $dot.Values.ingress -}}
23 {{- if $dot.Values.global.ingress -}}
24 {{- if (default false $dot.Values.global.ingress.enabled) -}}
33 Create the hostname as concatination <baseaddr>.<baseurl>
34 - baseaddr: from component values: ingress.service.baseaddr
35 - baseurl: from values: global.ingress.virtualhost.baseurl
36 which van be overwritten in the component via: ingress.baseurlOverride
38 {{- define "ingress.config.host" -}}
39 {{- $dot := default . .dot -}}
40 {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
41 {{- $preaddr := default "" $dot.Values.global.ingress.virtualhost.preaddr -}}
42 {{- $preaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $preaddr "parent" (default (dict) $dot.Values.ingress) "var" "preaddrOverride") -}}
43 {{- $postaddr := default "" $dot.Values.global.ingress.virtualhost.postaddr -}}
44 {{- $postaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $postaddr "parent" (default (dict) $dot.Values.ingress) "var" "postaddrOverride") -}}
45 {{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
46 {{- $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}}
47 {{ printf "%s%s%s.%s" $preaddr $baseaddr $postaddr $burl }}
51 Istio Helper function to add the tls route
53 {{- define "istio.config.tls_simple" -}}
54 {{- $dot := default . .dot -}}
56 {{- if $dot.Values.global.ingress.config }}
57 {{- if $dot.Values.global.ingress.config.tls }}
58 credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
60 credentialName: "ingress-tls-secret"
63 credentialName: "ingress-tls-secret"
69 Istio Helper function to add the tls route
71 {{- define "istio.config.tls" -}}
72 {{- $dot := default . .dot -}}
73 {{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
74 {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
75 {{- if $service.exposedPort }}
76 {{- if $service.exposedProtocol }}
77 {{- if eq $service.exposedProtocol "TLS" }}
78 {{ include "istio.config.tls_simple" (dict "dot" $dot ) }}
82 {{- if $dot.Values.global.ingress.config }}
83 {{- if $dot.Values.global.ingress.config.ssl }}
84 {{- if eq $dot.Values.global.ingress.config.ssl "redirect" }}
91 {{ include "istio.config.tls_simple" (dict "dot" $dot ) }}
93 - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
101 Istio Helper function to add the external port of the service
103 {{- define "istio.config.port" -}}
104 {{- $dot := default . .dot -}}
105 {{- if .exposedPort }}
106 number: {{ .exposedPort }}
107 {{- if .exposedProtocol }}
108 name: {{ .baseaddr }}
109 protocol: {{ .exposedProtocol }}
122 Helper function to add the route to the service
124 {{- define "ingress.config.port" -}}
125 {{- $dot := default . .dot -}}
126 {{ range .Values.ingress.service }}
127 {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
128 - host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
135 {{- if kindIs "string" .port }}
143 pathType: ImplementationSpecific
148 Istio Helper function to add the route to the service
150 {{- define "istio.config.route" -}}
151 {{- $dot := default . .dot -}}
156 {{- if .plain_port }}
157 {{- if kindIs "string" .plain_port }}
158 name: {{ .plain_port }}
160 number: {{ .plain_port }}
163 {{- if kindIs "string" .port }}
173 Helper function to add ssl annotations
175 {{- define "ingress.config.annotations.ssl" -}}
176 {{- if .Values.ingress.config -}}
177 {{- if .Values.ingress.config.ssl -}}
178 {{- if eq .Values.ingress.config.ssl "redirect" -}}
179 kubernetes.io/ingress.class: nginx
180 nginx.ingress.kubernetes.io/ssl-passthrough: "true"
181 nginx.ingress.kubernetes.io/ssl-redirect: "true"
182 {{- else if eq .Values.ingress.config.ssl "native" -}}
183 nginx.ingress.kubernetes.io/ssl-redirect: "true"
184 {{- else if eq .Values.ingress.config.ssl "none" -}}
185 nginx.ingress.kubernetes.io/ssl-redirect: "false"
193 Helper function to add annotations
195 {{- define "ingress.config.annotations" -}}
196 {{- if .Values.ingress -}}
197 {{- if .Values.ingress.annotations -}}
198 {{ toYaml .Values.ingress.annotations | indent 4 | trim }}
201 {{ include "ingress.config.annotations.ssl" . | indent 4 | trim }}
205 Helper function to check the existance of an override value
207 {{- define "common.ingress._overrideIfDefined" -}}
208 {{- $currValue := .currVal }}
209 {{- $parent := .parent }}
212 {{- if hasKey $parent $var }}
213 {{- default "" (index $parent $var) }}
215 {{- default "" $currValue -}}
218 {{- default "" $currValue }}
223 Helper function to check, if Ingress is enabled
225 {{- define "common.ingress._enabled" -}}
226 {{- $dot := default . .dot -}}
227 {{- if $dot.Values.ingress -}}
228 {{- if $dot.Values.global.ingress -}}
229 {{- if (default false $dot.Values.global.ingress.enabled) -}}
230 {{- if (default false $dot.Values.global.ingress.enable_all) -}}
233 {{- if $dot.Values.ingress.enabled -}}
243 Create Istio Ingress resources per defined service
245 {{- define "common.istioIngress" -}}
246 {{- $dot := default . .dot -}}
247 {{ range $dot.Values.ingress.service }}
248 {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
250 apiVersion: networking.istio.io/v1beta1
253 name: {{ $baseaddr }}-gateway
256 istio: ingress # use Istio default gateway implementation
259 {{- include "istio.config.port" . }}
261 - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
262 {{- include "istio.config.tls" (dict "dot" $dot "service" . "baseaddr" $baseaddr) }}
264 apiVersion: networking.istio.io/v1beta1
267 name: {{ $baseaddr }}-service
270 - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
272 - {{ $baseaddr }}-gateway
273 {{ include "istio.config.route" . | trim }}
278 Create default Ingress resource
280 {{- define "common.nginxIngress" -}}
281 {{- $dot := default . .dot -}}
282 apiVersion: networking.k8s.io/v1
285 name: {{ include "common.fullname" $dot }}-ingress
287 {{ include "ingress.config.annotations" $dot }}
289 app: {{ $dot.Chart.Name }}
290 chart: {{ $dot.Chart.Name }}-{{ $dot.Chart.Version | replace "+" "_" }}
291 release: {{ include "common.release" $dot }}
292 heritage: {{ $dot.Release.Service }}
295 {{ include "ingress.config.port" $dot | trim }}
296 {{- if $dot.Values.ingress.tls }}
298 {{ toYaml $dot.Values.ingress.tls | indent 4 }}
300 {{- if $dot.Values.ingress.config -}}
301 {{- if $dot.Values.ingress.config.tls -}}
304 {{- range $dot.Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
305 - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
307 secretName: {{ required "secret" (tpl (default "" $dot.Values.ingress.config.tls.secret) $dot) }}
313 Create ingress template
314 Will create ingress template depending on the following values:
315 - .Values.global.ingress.enabled : enables Ingress globally
316 - .Values.global.ingress.enable_all : override default Ingress for all charts
317 - .Values.ingress.enabled : sets Ingress per chart basis
319 | global.ingress.enabled | global.ingress.enable_all |ingress.enabled | result |
320 |------------------------|---------------------------|----------------|------------|
321 | false | any | any | no ingress |
322 | true | false | false | no ingress |
323 | true | true | any | ingress |
324 | true | false | true | ingress |
326 If ServiceMesh (Istio) is enabled the respective resources are created:
330 If ServiceMesh is disabled the standard Ingress resource is creates:
333 {{- define "common.ingress" -}}
334 {{- $dot := default . .dot -}}
335 {{- if (include "common.ingress._enabled" (dict "dot" $dot)) }}
336 {{- if (include "common.onServiceMesh" .) }}
337 {{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }}
338 {{ include "common.istioIngress" (dict "dot" $dot) }}
341 {{ include "common.nginxIngress" (dict "dot" $dot) }}