[COMMON] Add Istio IngressGateway config

[oom.git] / kubernetes / common / common / templates / _ingress.tpl

diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl
index 18f9bb1..4fc2e4b 100644 (file)
--- a/kubernetes/common/common/templates/_ingress.tpl
+++ b/kubernetes/common/common/templates/_ingress.tpl
@@ -1,20 +1,72 @@
-{{- define "ingress.config.port" -}}
+{{/*
+# Copyright © 2019-2021 Orange, Samsung
+# Copyright © 2022 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- define "ingress.config.host" -}}
 {{-   $dot := default . .dot -}}
+{{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
 {{-   $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
+{{ printf "%s.%s" $baseaddr $burl }}
+{{- end -}}
+
+{{- define "ingress.config.port" -}}
+{{-   $dot := default . .dot -}}
 {{ range .Values.ingress.service }}
 {{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
-  - host: {{ printf "%s.%s" $baseaddr $burl }}
+  - host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
     http:
       paths:
       - backend:
-          serviceName: {{ .name }}
-          servicePort: {{ .port }}
+          service:
+            name: {{ .name }}
+            port:
+            {{- if kindIs "string" .port }}
+              name: {{ .port }}
+            {{- else }}
+              number: {{ .port }}
+            {{- end }}
         {{- if .path }}
         path: {{ .path }}
         {{- end }}
+        pathType: ImplementationSpecific
 {{- end }}
 {{- end -}}
 
+{{- define "istio.config.route" -}}
+{{-   $dot := default . .dot -}}
+{{ range .Values.ingress.service }}
+  http:
+  - route:
+    - destination:
+        port:
+        {{- if .plain_port }}
+        {{- if kindIs "string" .plain_port }}
+          name: {{ .plain_port }}
+        {{- else }}
+          number: {{ .plain_port }}
+        {{- end }}
+        {{- else }}
+        {{- if kindIs "string" .port }}
+          name: {{ .port }}
+        {{- else }}
+          number: {{ .port }}
+        {{- end }}
+        {{- end }}
+        host: {{ .name }}
+{{- end -}}
+{{- end -}}
 
 {{- define "ingress.config.annotations.ssl" -}}
 {{- if .Values.ingress.config -}}
@@ -58,12 +110,74 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false"
 {{- end -}}
 
 {{- define "common.ingress" -}}
+{{-   $dot := default . .dot -}}
 {{- if .Values.ingress -}}
   {{- $ingressEnabled := default false .Values.ingress.enabled -}}
   {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" (default (dict) .Values.global.ingress) "var" "enabled") }}
   {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" .Values.ingress "var" "enabledOverride") }}
-  {{- if $ingressEnabled }}
-apiVersion: networking.k8s.io/v1beta1
+{{- if $ingressEnabled }}
+{{- if (include "common.onServiceMesh" .) }}
+{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }}
+      {{-   $dot := default . .dot -}}
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: {{ include "common.fullname" . }}-gateway
+spec:
+  selector:
+    istio: ingressgateway # use Istio default gateway implementation
+  servers:
+  - port:
+      number: 80
+      name: http
+      protocol: HTTP
+    hosts:
+    {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+    - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+    {{- end }}
+{{- if .Values.global.ingress.config }}
+{{- if .Values.global.ingress.config.ssl }}
+{{- if eq .Values.global.ingress.config.ssl "redirect" }}
+    tls:
+      httpsRedirect: true
+  - port:
+      number: 443
+      name: https
+      protocol: HTTPS
+    tls:
+{{- if .Values.global.ingress.config }}
+{{- if .Values.global.ingress.config.tls }}
+      credentialName: {{ default "ingress-tls-secret" .Values.global.ingress.config.tls.secret }}
+{{- else }}
+      credentialName: "ingress-tls-secret"
+{{- end }}
+{{- else }}
+      credentialName: "ingress-tls-secret"
+{{- end }}
+      mode: SIMPLE
+    hosts:
+    {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+    - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+    {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: {{ include "common.fullname" . }}-service
+spec:
+  hosts:
+  {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+    - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+  {{- end }}
+  gateways:
+  - {{ include "common.fullname" . }}-gateway
+  {{ include "istio.config.route" . | trim }}
+{{- end -}}
+{{- else -}}
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: {{ include "common.fullname" . }}-ingress
@@ -83,15 +197,15 @@ spec:
 {{- end -}}
 {{- if .Values.ingress.config -}}
 {{- if .Values.ingress.config.tls -}}
-{{-   $dot := default . .dot -}}
   tls:
-    - hosts:
-    {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
-        - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
-    {{- end }}
+  - hosts:
+  {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+    - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+  {{- end }}
     secretName: {{ required "secret" (tpl (default "" .Values.ingress.config.tls.secret) $dot) }}
 {{- end -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
+{{- end -}}