X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fcommon%2Fcommon%2Ftemplates%2F_ingress.tpl;h=d8a944712a598ad1fea4073189b0dd692c38105d;hb=c27078435ace81f7723fa06dc35b446a6c9fc307;hp=e57d4bedaa3697603c7d5a5253efca3ae9406fdd;hpb=dd714d1a2746b16644abb42a3f4d3824cbc1132e;p=oom.git

diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl
index e57d4bedaa..d8a944712a 100644
--- a/kubernetes/common/common/templates/_ingress.tpl
+++ b/kubernetes/common/common/templates/_ingress.tpl
@@ -1,45 +1,120 @@
+{{/*
+# Copyright Â© 2019-2021 Orange, Samsung
+# Copyright Â© 2022 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{/*
+  Create the hostname as concatination <baseaddr>.<baseurl>
+  - baseaddr: from component values: ingress.service.baseaddr
+  - baseurl: from values: global.ingress.virtualhost.baseurl
+    which van be overwritten in the component via: ingress.baseurlOverride
+*/}}
 {{- define "ingress.config.host" -}}
 {{-   $dot := default . .dot -}}
 {{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
 {{-   $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
+{{-   $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}}
 {{ printf "%s.%s" $baseaddr $burl }}
 {{- end -}}
 
+{{/*
+  Helper function to add the tls route
+*/}}
+{{- define "ingress.config.tls" -}}
+{{-   $dot := default . .dot -}}
+{{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{-   if $dot.Values.global.ingress.config }}
+{{-     if $dot.Values.global.ingress.config.ssl }}
+{{-       if eq $dot.Values.global.ingress.config.ssl "redirect" }}
+    tls:
+      httpsRedirect: true
+  - port:
+      number: 443
+      name: https
+      protocol: HTTPS
+    tls:
+{{-         if $dot.Values.global.ingress.config }}
+{{-           if $dot.Values.global.ingress.config.tls }}
+      credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
+{{-           else }}
+      credentialName: "ingress-tls-secret"
+{{-           end }}
+{{-         else }}
+      credentialName: "ingress-tls-secret"
+{{-         end }}
+      mode: SIMPLE
+    hosts:
+    - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+{{-       end }}
+{{-     end }}
+{{-   end }}
+{{- end -}}
+
+{{/*
+  Helper function to add the route to the service
+*/}}
 {{- define "ingress.config.port" -}}
 {{-   $dot := default . .dot -}}
-{{- if .Values.ingress -}}
-{{- if .Values.global.ingress -}}
-{{- if or (not .Values.global.ingress.virtualhost) (not .Values.global.ingress.virtualhost.enabled) -}}
-  - http:
-      paths:
-{{- range .Values.ingress.service }}
-{{ $baseaddr := required "baseaddr" .baseaddr }}
-        - path: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
-          backend:
-            serviceName: {{ .name }}
-            servicePort: {{ .port }}
-{{- end -}}
-{{- else if .Values.ingress.service -}}
 {{ range .Values.ingress.service }}
-{{ $baseaddr := required "baseaddr" .baseaddr }}
+{{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
   - host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
     http:
       paths:
       - backend:
-          serviceName: {{ .name }}
-          servicePort: {{ .port }}
-{{- end -}}
-{{- else -}}
-        - path: {{ printf "/%s" .Chart.Name }}
-          backend:
-            serviceName: {{ .Chart.Name }}
-            servicePort: {{ .Values.service.externalPort }}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+          service:
+            name: {{ .name }}
+            port:
+            {{- if kindIs "string" .port }}
+              name: {{ .port }}
+            {{- else }}
+              number: {{ .port }}
+            {{- end }}
+        {{- if .path }}
+        path: {{ .path }}
+        {{- end }}
+        pathType: ImplementationSpecific
+{{- end }}
 {{- end -}}
 
+{{/*
+  Helper function to add the route to the service
+*/}}
+{{- define "istio.config.route" -}}
+{{-   $dot := default . .dot -}}
+  http:
+  - route:
+    - destination:
+        port:
+        {{- if .plain_port }}
+        {{- if kindIs "string" .plain_port }}
+          name: {{ .plain_port }}
+        {{- else }}
+          number: {{ .plain_port }}
+        {{- end }}
+        {{- else }}
+        {{- if kindIs "string" .port }}
+          name: {{ .port }}
+        {{- else }}
+          number: {{ .port }}
+        {{- end }}
+        {{- end }}
+        host: {{ .name }}
+{{- end -}}
 
+{{/*
+  Helper function to add ssl annotations
+*/}}
 {{- define "ingress.config.annotations.ssl" -}}
 {{- if .Values.ingress.config -}}
 {{- if .Values.ingress.config.ssl -}}
@@ -57,6 +132,9 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false"
 {{- end -}}
 
 
+{{/*
+  Helper function to add annotations
+*/}}
 {{- define "ingress.config.annotations" -}}
 {{- if .Values.ingress -}}
 {{- if .Values.ingress.annotations -}}
@@ -66,6 +144,9 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false"
 {{ include "ingress.config.annotations.ssl" . | indent 4 | trim }}
 {{- end -}}
 
+{{/*
+  Helper function to check the existance of an override value
+*/}}
 {{- define "common.ingress._overrideIfDefined" -}}
   {{- $currValue := .currVal }}
   {{- $parent := .parent }}
@@ -81,41 +162,128 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false"
   {{- end -}}
 {{- end -}}
 
-{{- define "common.ingress" -}}
-{{- if .Values.ingress -}}
-  {{- $ingressEnabled := default false .Values.ingress.enabled -}}
-  {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" (default (dict) .Values.global.ingress) "var" "enabled") }}
-  {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" .Values.ingress "var" "enabledOverride") }}
-  {{- if $ingressEnabled }}
-apiVersion: networking.k8s.io/v1beta1
+{{/*
+  Helper function to check, if Ingress is enabled
+*/}}
+{{- define "common.ingress._enabled" -}}
+{{-   $dot := default . .dot -}}
+{{-   if $dot.Values.ingress -}}
+{{-     if $dot.Values.global.ingress -}}
+{{-       if (default false $dot.Values.global.ingress.enabled) -}}
+{{-         if (default false $dot.Values.global.ingress.enable_all) -}}
+true
+{{-         else -}}
+{{-           if $dot.Values.ingress.enabled -}}
+true
+{{-           end -}}
+{{-         end -}}
+{{-       end -}}
+{{-     end -}}
+{{-   end -}}
+{{- end -}}
+
+{{/*
+  Create Istio Ingress resources per defined service
+*/}}
+{{- define "common.istioIngress" -}}
+{{-   $dot := default . .dot -}}
+{{    range $dot.Values.ingress.service }}
+{{-     $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
+---
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: {{ $baseaddr }}-gateway
+spec:
+  selector:
+    istio: ingressgateway # use Istio default gateway implementation
+  servers:
+  - port:
+      number: 80
+      name: http
+      protocol: HTTP
+    hosts:
+    - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+    {{ include "ingress.config.tls" (dict "dot" $dot "baseaddr" $baseaddr) }}
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: {{ $baseaddr }}-service
+spec:
+  hosts:
+    - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+  gateways:
+  - {{ $baseaddr }}-gateway
+  {{ include "istio.config.route" . | trim }}
+{{-   end -}}
+{{- end -}}
+
+{{/*
+  Create default Ingress resource
+*/}}
+{{- define "common.nginxIngress" -}}
+{{- $dot := default . .dot -}}
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ include "common.fullname" . }}-ingress
+  name: {{ include "common.fullname" $dot }}-ingress
   annotations:
-    {{ include "ingress.config.annotations" . }}
+    {{ include "ingress.config.annotations" $dot }}
   labels:
-    app: {{ .Chart.Name }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+    app: {{ $dot.Chart.Name }}
+    chart: {{ $dot.Chart.Name }}-{{ $dot.Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" $dot }}
+    heritage: {{ $dot.Release.Service }}
 spec:
   rules:
-  {{ include "ingress.config.port" . | trim }}
-{{- if .Values.ingress.tls }}
+  {{ include "ingress.config.port" $dot | trim }}
+{{- if $dot.Values.ingress.tls }}
   tls:
-{{ toYaml .Values.ingress.tls | indent 4 }}
+{{ toYaml $dot.Values.ingress.tls | indent 4 }}
 {{- end -}}
-{{- if .Values.ingress.config -}}
-{{- if .Values.ingress.config.tls -}}
-{{-   $dot := default . .dot -}}
+{{- if $dot.Values.ingress.config -}}
+{{-   if $dot.Values.ingress.config.tls -}}
   tls:
-    - hosts:
-    {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
-        - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
-    {{- end }}
-    secretName: {{ required "secret" (tpl (default "" .Values.ingress.config.tls.secret) $dot) }}
-{{- end -}}
-{{- end -}}
+  - hosts:
+  {{-   range $dot.Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+    - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+  {{-   end }}
+    secretName: {{ required "secret" (tpl (default "" $dot.Values.ingress.config.tls.secret) $dot) }}
+{{-   end -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+  Create ingress template
+    Will create ingress template depending on the following values:
+    - .Values.global.ingress.enabled     : enables Ingress globally
+    - .Values.global.ingress.enable_all  : override default Ingress for all charts
+    - .Values.ingress.enabled            : sets Ingress per chart basis
+
+    | global.ingress.enabled | global.ingress.enable_all |ingress.enabled | result     |
+    |------------------------|---------------------------|----------------|------------|
+    | false                  | any                       | any            | no ingress |
+    | true                   | false                     | false          | no ingress |
+    | true                   | true                      | any            | ingress    |
+    | true                   | false                     | true           | ingress    |
+
+    If ServiceMesh (Istio) is enabled the respective resources are created:
+    - Gateway
+    - VirtualService
+
+    If ServiceMesh is disabled the standard Ingress resource is creates:
+    - Ingress
+*/}}
+{{- define "common.ingress" -}}
+{{-   $dot := default . .dot -}}
+{{-   if (include "common.ingress._enabled" (dict "dot" $dot)) }}
+{{-     if (include "common.onServiceMesh" .) }}
+{{-       if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }}
+{{          include "common.istioIngress" (dict "dot" $dot) }}
+{{-       end -}}
+{{-     else -}}
+{{        include "common.nginxIngress" (dict "dot" $dot) }}
+{{-     end -}}
+{{-   end -}}
 {{- end -}}
