# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
+{{/*
+ Helper function to check, if Ingress is globally enabled
+*/}}
+{{- define "common.ingressEnabled" -}}
+{{- $dot := default . .dot -}}
+{{- if $dot.Values.ingress -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if (default false $dot.Values.global.ingress.enabled) -}}
+true
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+
{{/*
Create the hostname as concatination <baseaddr>.<baseurl>
- baseaddr: from component values: ingress.service.baseaddr
{{- define "ingress.config.host" -}}
{{- $dot := default . .dot -}}
{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $preaddr := default "" $dot.Values.global.ingress.virtualhost.preaddr -}}
+{{- $preaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $preaddr "parent" (default (dict) $dot.Values.ingress) "var" "preaddrOverride") -}}
+{{- $postaddr := default "" $dot.Values.global.ingress.virtualhost.postaddr -}}
+{{- $postaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $postaddr "parent" (default (dict) $dot.Values.ingress) "var" "postaddrOverride") -}}
{{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
{{- $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}}
-{{ printf "%s.%s" $baseaddr $burl }}
+{{ printf "%s%s%s.%s" $preaddr $baseaddr $postaddr $burl }}
{{- end -}}
{{/*
- Helper function to add the tls route
+ Istio Helper function to add the tls route
*/}}
-{{- define "ingress.config.tls" -}}
+{{- define "istio.config.tls_simple" -}}
{{- $dot := default . .dot -}}
-{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+ tls:
{{- if $dot.Values.global.ingress.config }}
-{{- if $dot.Values.global.ingress.config.ssl }}
-{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }}
+{{- if $dot.Values.global.ingress.config.tls }}
+ credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
+{{- else }}
+ credentialName: "ingress-tls-secret"
+{{- end }}
+{{- else }}
+ credentialName: "ingress-tls-secret"
+{{- end }}
+ mode: SIMPLE
+{{- end -}}
+
+{{/*
+ Istio Helper function to add the tls route
+*/}}
+{{- define "istio.config.tls" -}}
+{{- $dot := default . .dot -}}
+{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- if $service.exposedPort }}
+{{- if $service.exposedProtocol }}
+{{- if eq $service.exposedProtocol "TLS" }}
+ {{ include "istio.config.tls_simple" (dict "dot" $dot ) }}
+{{- end }}
+{{- end }}
+{{- else }}
+{{- if $dot.Values.global.ingress.config }}
+{{- if $dot.Values.global.ingress.config.ssl }}
+{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }}
tls:
httpsRedirect: true
- port:
number: 443
name: https
protocol: HTTPS
- tls:
-{{- if $dot.Values.global.ingress.config }}
-{{- if $dot.Values.global.ingress.config.tls }}
- credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
-{{- else }}
- credentialName: "ingress-tls-secret"
-{{- end }}
-{{- else }}
- credentialName: "ingress-tls-secret"
-{{- end }}
- mode: SIMPLE
+ {{ include "istio.config.tls_simple" (dict "dot" $dot ) }}
hosts:
- {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}
+{{/*
+ Istio Helper function to add the external port of the service
+*/}}
+{{- define "istio.config.port" -}}
+{{- $dot := default . .dot -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $protocol := (required "'protocol' param, set to the name of the port, is required." .protocol) -}}
+{{- if $dot.exposedPort }}
+ number: {{ $dot.exposedPort }}
+{{- if $dot.exposedProtocol }}
+ name: {{ $protocol }}-{{ $dot.exposedPort }}
+ protocol: {{ $dot.exposedProtocol }}
+{{- else }}
+ name: {{ $protocol }}
+ protocol: HTTP
+{{- end -}}
+{{- else }}
+ number: 80
+ name: {{ $protocol }}
+ protocol: HTTP
+{{- end -}}
+{{- end -}}
+
{{/*
Helper function to add the route to the service
*/}}
{{- end -}}
{{/*
- Helper function to add the route to the service
+ Istio Helper function to add the route to the service
*/}}
{{- define "istio.config.route" -}}
-{{- $dot := default . .dot -}}
- http:
+{{- $dot := default . .dot -}}
+{{- $protocol := (required "'protocol' param, is required." .protocol) -}}
+{{- if eq $protocol "tcp" }}
+ - match:
+ - port: {{ $dot.exposedPort }}
+ route:
+ - destination:
+ port:
+ {{- if $dot.plain_port }}
+ {{- if kindIs "string" $dot.plain_port }}
+ name: {{ $dot.plain_port }}
+ {{- else }}
+ number: {{ $dot.plain_port }}
+ {{- end }}
+ {{- else }}
+ {{- if kindIs "string" $dot.port }}
+ name: {{ $dot.port }}
+ {{- else }}
+ number: {{ $dot.port }}
+ {{- end }}
+ {{- end }}
+ host: {{ $dot.name }}
+{{- else if eq $protocol "http" }}
- route:
- destination:
port:
- {{- if .plain_port }}
- {{- if kindIs "string" .plain_port }}
- name: {{ .plain_port }}
+ {{- if $dot.plain_port }}
+ {{- if kindIs "string" $dot.plain_port }}
+ name: {{ $dot.plain_port }}
{{- else }}
- number: {{ .plain_port }}
+ number: {{ $dot.plain_port }}
{{- end }}
{{- else }}
- {{- if kindIs "string" .port }}
- name: {{ .port }}
+ {{- if kindIs "string" $dot.port }}
+ name: {{ $dot.port }}
{{- else }}
- number: {{ .port }}
+ number: {{ $dot.port }}
{{- end }}
{{- end }}
- host: {{ .name }}
+ host: {{ $dot.name }}
+{{- end -}}
{{- end -}}
{{/*
{{- end -}}
{{- end -}}
+{{/*
+ Create Port entry in the Gateway resource
+*/}}
+{{- define "istio.config.gatewayPort" -}}
+{{- $dot := default . .dot -}}
+{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}}
+ - port:
+ {{- include "istio.config.port" (dict "dot" $service "baseaddr" $baseaddr "protocol" $protocol) }}
+ hosts:
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ {{- include "istio.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }}
+{{- end -}}
+
{{/*
Create Istio Ingress resources per defined service
*/}}
{{- define "common.istioIngress" -}}
-{{- $dot := default . .dot -}}
-{{ range $dot.Values.ingress.service }}
-{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
+{{- $dot := default . .dot -}}
+{{ range $dot.Values.ingress.service }}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
name: {{ $baseaddr }}-gateway
spec:
selector:
- istio: ingressgateway # use Istio default gateway implementation
+ istio: ingress # use Istio default gateway implementation
servers:
- - port:
- number: 80
- name: http
- protocol: HTTP
- hosts:
- - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{ include "ingress.config.tls" (dict "dot" $dot "baseaddr" $baseaddr) }}
+{{- if .tcpRoutes }}
+{{ range .tcpRoutes }}
+ {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }}
+{{ end -}}
+{{- else }}
+ {{- if .protocol }}
+ {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" .protocol) | trim }}
+ {{- else }}
+ {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }}
+ {{ end }}
+{{ end }}
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
- {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
gateways:
- {{ $baseaddr }}-gateway
- {{ include "istio.config.route" . | trim }}
-{{- end -}}
+{{- if .tcpRoutes }}
+ tcp:
+{{ range .tcpRoutes }}
+ {{ include "istio.config.route" (dict "dot" . "protocol" "tcp") | trim }}
+{{ end -}}
+{{- else }}
+ {{- if .protocol }}
+ {{ .protocol }}:
+ {{ include "istio.config.route" (dict "dot" . "protocol" .protocol) | trim }}
+ {{- else }}
+ http:
+ {{ include "istio.config.route" (dict "dot" . "protocol" "http") | trim }}
+ {{ end }}
+{{ end }}
+{{- end -}}
{{- end -}}
{{/*
{{ toYaml $dot.Values.ingress.tls | indent 4 }}
{{- end -}}
{{- if $dot.Values.ingress.config -}}
-{{- if $dot.Values.ingress.config.tls -}}
+{{- if $dot.Values.ingress.config.tls }}
tls:
- hosts:
{{- range $dot.Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
Code Review / oom.git / blobdiff