X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fcommon%2Fcommon%2Ftemplates%2F_ingress.tpl;h=4fc2e4b1c9e384b7812483980a4042e4564a2629;hb=7e3421290b2e55c3abbfacb7a2e0377425029f5a;hp=49d7eeb415ab96810285df2cbb063a61cdf6a19f;hpb=b50a6f8961ede94b0851414212d1f38d408dbfde;p=oom.git diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index 49d7eeb415..4fc2e4b1c9 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -1,17 +1,85 @@ +{{/* +# Copyright © 2019-2021 Orange, Samsung +# Copyright © 2022 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- define "ingress.config.host" -}} +{{- $dot := default . .dot -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}} +{{ printf "%s.%s" $baseaddr $burl }} +{{- end -}} + {{- define "ingress.config.port" -}} -{{- if .Values.ingress -}} -{{- if .Values.ingress.service -}} -{{- range .Values.ingress.service }} - - path: {{ .path }} - backend: - serviceName: {{ .name }} - servicePort: {{ .port }} +{{- $dot := default . .dot -}} +{{ range .Values.ingress.service }} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }} + - host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + http: + paths: + - backend: + service: + name: {{ .name }} + port: + {{- if kindIs "string" .port }} + name: {{ .port }} + {{- else }} + number: {{ .port }} + {{- end }} + {{- if .path }} + path: {{ .path }} + {{- end }} + pathType: ImplementationSpecific +{{- end }} +{{- end -}} + +{{- define "istio.config.route" -}} +{{- $dot := default . .dot -}} +{{ range .Values.ingress.service }} + http: + - route: + - destination: + port: + {{- if .plain_port }} + {{- if kindIs "string" .plain_port }} + name: {{ .plain_port }} + {{- else }} + number: {{ .plain_port }} + {{- end }} + {{- else }} + {{- if kindIs "string" .port }} + name: {{ .port }} + {{- else }} + number: {{ .port }} + {{- end }} + {{- end }} + host: {{ .name }} +{{- end -}} +{{- end -}} + +{{- define "ingress.config.annotations.ssl" -}} +{{- if .Values.ingress.config -}} +{{- if .Values.ingress.config.ssl -}} +{{- if eq .Values.ingress.config.ssl "redirect" -}} +kubernetes.io/ingress.class: nginx +nginx.ingress.kubernetes.io/ssl-passthrough: "true" +nginx.ingress.kubernetes.io/ssl-redirect: "true" +{{- else if eq .Values.ingress.config.ssl "native" -}} +nginx.ingress.kubernetes.io/ssl-redirect: "true" +{{- else if eq .Values.ingress.config.ssl "none" -}} +nginx.ingress.kubernetes.io/ssl-redirect: "false" {{- end -}} -{{- else -}} - - path: {{ printf "/%s" .Chart.Name }} - backend: - serviceName: {{ .Chart.Name }} - servicePort: {{ .Values.service.externalPort }} {{- end -}} {{- end -}} {{- end -}} @@ -23,13 +91,93 @@ {{ toYaml .Values.ingress.annotations | indent 4 | trim }} {{- end -}} {{- end -}} +{{ include "ingress.config.annotations.ssl" . | indent 4 | trim }} {{- end -}} +{{- define "common.ingress._overrideIfDefined" -}} + {{- $currValue := .currVal }} + {{- $parent := .parent }} + {{- $var := .var }} + {{- if $parent -}} + {{- if hasKey $parent $var }} + {{- default "" (index $parent $var) }} + {{- else -}} + {{- default "" $currValue -}} + {{- end -}} + {{- else -}} + {{- default "" $currValue }} + {{- end -}} +{{- end -}} {{- define "common.ingress" -}} +{{- $dot := default . .dot -}} {{- if .Values.ingress -}} -{{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 + {{- $ingressEnabled := default false .Values.ingress.enabled -}} + {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" (default (dict) .Values.global.ingress) "var" "enabled") }} + {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" .Values.ingress "var" "enabledOverride") }} +{{- if $ingressEnabled }} +{{- if (include "common.onServiceMesh" .) }} +{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }} + {{- $dot := default . .dot -}} +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: {{ include "common.fullname" . }}-gateway +spec: + selector: + istio: ingressgateway # use Istio default gateway implementation + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + {{- end }} +{{- if .Values.global.ingress.config }} +{{- if .Values.global.ingress.config.ssl }} +{{- if eq .Values.global.ingress.config.ssl "redirect" }} + tls: + httpsRedirect: true + - port: + number: 443 + name: https + protocol: HTTPS + tls: +{{- if .Values.global.ingress.config }} +{{- if .Values.global.ingress.config.tls }} + credentialName: {{ default "ingress-tls-secret" .Values.global.ingress.config.tls.secret }} +{{- else }} + credentialName: "ingress-tls-secret" +{{- end }} +{{- else }} + credentialName: "ingress-tls-secret" +{{- end }} + mode: SIMPLE + hosts: + {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} +--- +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: {{ include "common.fullname" . }}-service +spec: + hosts: + {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + {{- end }} + gateways: + - {{ include "common.fullname" . }}-gateway + {{ include "istio.config.route" . | trim }} +{{- end -}} +{{- else -}} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "common.fullname" . }}-ingress @@ -38,18 +186,26 @@ metadata: labels: app: {{ .Chart.Name }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} + release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: rules: - - http: - paths: - {{- include "ingress.config.port" . }} + {{ include "ingress.config.port" . | trim }} {{- if .Values.ingress.tls }} tls: {{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} +{{- end -}} +{{- if .Values.ingress.config -}} +{{- if .Values.ingress.config.tls -}} + tls: + - hosts: + {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + {{- end }} + secretName: {{ required "secret" (tpl (default "" .Values.ingress.config.tls.secret) $dot) }} +{{- end -}} +{{- end -}} +{{- end -}} {{- end -}} {{- end -}} {{- end -}} -