[COMMON] Add Istio IngressGateway config

In the _ingress.tpl create Gateway and VirtualService
resources when SM is enabled, add ssl redirect and use
plain_port, if it is defined in ingress config

Issue-ID: OOM-3000

Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I20c9f88573547fbad631df3c5e0fa17fbdeed80b

diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl
index f274107..4fc2e4b 100644 (file)
--- a/kubernetes/common/common/templates/_ingress.tpl
+++ b/kubernetes/common/common/templates/_ingress.tpl
@@ -1,3 +1,19 @@
+{{/*
+# Copyright © 2019-2021 Orange, Samsung
+# Copyright © 2022 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
 {{- define "ingress.config.host" -}}
 {{-   $dot := default . .dot -}}
 {{-   $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
@@ -28,6 +44,29 @@
 {{- end }}
 {{- end -}}
 
+{{- define "istio.config.route" -}}
+{{-   $dot := default . .dot -}}
+{{ range .Values.ingress.service }}
+  http:
+  - route:
+    - destination:
+        port:
+        {{- if .plain_port }}
+        {{- if kindIs "string" .plain_port }}
+          name: {{ .plain_port }}
+        {{- else }}
+          number: {{ .plain_port }}
+        {{- end }}
+        {{- else }}
+        {{- if kindIs "string" .port }}
+          name: {{ .port }}
+        {{- else }}
+          number: {{ .port }}
+        {{- end }}
+        {{- end }}
+        host: {{ .name }}
+{{- end -}}
+{{- end -}}
 
 {{- define "ingress.config.annotations.ssl" -}}
 {{- if .Values.ingress.config -}}
@@ -71,11 +110,73 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false"
 {{- end -}}
 
 {{- define "common.ingress" -}}
+{{-   $dot := default . .dot -}}
 {{- if .Values.ingress -}}
   {{- $ingressEnabled := default false .Values.ingress.enabled -}}
   {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" (default (dict) .Values.global.ingress) "var" "enabled") }}
   {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" .Values.ingress "var" "enabledOverride") }}
-  {{- if $ingressEnabled }}
+{{- if $ingressEnabled }}
+{{- if (include "common.onServiceMesh" .) }}
+{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }}
+      {{-   $dot := default . .dot -}}
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: {{ include "common.fullname" . }}-gateway
+spec:
+  selector:
+    istio: ingressgateway # use Istio default gateway implementation
+  servers:
+  - port:
+      number: 80
+      name: http
+      protocol: HTTP
+    hosts:
+    {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+    - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+    {{- end }}
+{{- if .Values.global.ingress.config }}
+{{- if .Values.global.ingress.config.ssl }}
+{{- if eq .Values.global.ingress.config.ssl "redirect" }}
+    tls:
+      httpsRedirect: true
+  - port:
+      number: 443
+      name: https
+      protocol: HTTPS
+    tls:
+{{- if .Values.global.ingress.config }}
+{{- if .Values.global.ingress.config.tls }}
+      credentialName: {{ default "ingress-tls-secret" .Values.global.ingress.config.tls.secret }}
+{{- else }}
+      credentialName: "ingress-tls-secret"
+{{- end }}
+{{- else }}
+      credentialName: "ingress-tls-secret"
+{{- end }}
+      mode: SIMPLE
+    hosts:
+    {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+    - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+    {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: {{ include "common.fullname" . }}-service
+spec:
+  hosts:
+  {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+    - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+  {{- end }}
+  gateways:
+  - {{ include "common.fullname" . }}-gateway
+  {{ include "istio.config.route" . | trim }}
+{{- end -}}
+{{- else -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -96,7 +197,6 @@ spec:
 {{- end -}}
 {{- if .Values.ingress.config -}}
 {{- if .Values.ingress.config.tls -}}
-{{-   $dot := default . .dot }}
   tls:
   - hosts:
   {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
@@ -108,3 +208,4 @@ spec:
 {{- end -}}
 {{- end -}}
 {{- end -}}
+{{- end -}}