From 38677306a64d7aab6154d76972310c3fc38b36d7 Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Thu, 3 Aug 2023 17:48:48 +0200 Subject: [PATCH] [COMMON] Add support for Gateway-API in Ingress template Add options to set the Ingress provider and enhanced settings to provide different resource outputs for Ingress resurces Issue-ID: OOM-3184 Change-Id: I3a6ebf17191a558941d6e18fbfe676da0c78e487 Signed-off-by: Andreas Geissler --- kubernetes/common/common/Chart.yaml | 2 +- kubernetes/common/common/templates/_ingress.tpl | 563 +++++++++++++++++---- .../overrides/onap-all-ingress-istio.yaml | 14 + .../overrides/onap-all-ingress-nginx-vhost.yaml | 13 + kubernetes/onap/values.yaml | 15 +- 5 files changed, 519 insertions(+), 88 deletions(-) diff --git a/kubernetes/common/common/Chart.yaml b/kubernetes/common/common/Chart.yaml index f66a0c6bb9..e134fe8048 100644 --- a/kubernetes/common/common/Chart.yaml +++ b/kubernetes/common/common/Chart.yaml @@ -16,4 +16,4 @@ apiVersion: v2 description: Common templates for inclusion in other charts name: common -version: 13.0.0 +version: 13.0.1 diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index db276d546c..968cb65a78 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -28,6 +28,171 @@ true {{- end -}} {{- end -}} +{{/* + Helper function to check, if Ingress is enabled +*/}} +{{- define "common.ingress._enabled" -}} +{{- $dot := default . .dot -}} +{{- if $dot.Values.ingress -}} +{{- if $dot.Values.global.ingress -}} +{{- if (default false $dot.Values.global.ingress.enabled) -}} +{{- if (default false $dot.Values.global.ingress.enable_all) -}} +true +{{- else -}} +{{- if $dot.Values.ingress.enabled -}} +true +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* + Helper function to check, if TLS redirect is enabled +*/}} +{{- define "common.ingress._tlsRedirect" -}} +{{- $dot := default . .dot -}} +{{- if $dot.Values.global.ingress.config }} +{{- if $dot.Values.global.ingress.config.ssl }} +{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }} +true +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* + Helper function to get the Ingress Provider (default is "ingress") +*/}} +{{- define "common.ingress._provider" -}} +{{- $dot := default . .dot -}} +{{- $provider := "ingress" -}} +{{- if $dot.Values.global.ingress -}} +{{- if $dot.Values.global.ingress.provider -}} +{{- if ne $dot.Values.global.ingress.provider "" -}} +{{ $provider = $dot.Values.global.ingress.provider }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $provider -}} +{{- end -}} + +{{/* + Helper function to get the Ingress Class (default is "nginx") +*/}} +{{- define "common.ingress._class" -}} +{{- $dot := default . .dot -}} +{{- $class := "nginx" -}} +{{- if $dot.Values.global.ingress -}} +{{- if $dot.Values.global.ingress.ingressClass -}} +{{- if ne $dot.Values.global.ingress.ingressClass "" -}} +{{ $class = $dot.Values.global.ingress.ingressClass }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $class -}} +{{- end -}} + +{{/* + Helper function to get the Ingress Selector (default is "ingress") +*/}} +{{- define "common.ingress._selector" -}} +{{- $dot := default . .dot -}} +{{- $selector := "ingress" -}} +{{- if $dot.Values.global.ingress -}} +{{- if $dot.Values.global.ingress.ingressSelector -}} +{{- if ne $dot.Values.global.ingress.ingressSelector "" -}} +{{ $selector = $dot.Values.global.ingress.ingressSelector }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $selector -}} +{{- end -}} + +{{/* + Helper function to get the common Gateway, if exists +*/}} +{{- define "common.ingress._commonGateway" -}} +{{- $dot := default . .dot -}} +{{- $gateway := "-" -}} +{{- if $dot.Values.global.ingress -}} +{{- if $dot.Values.global.ingress.commonGateway -}} +{{- if $dot.Values.global.ingress.commonGateway.name -}} +{{ $gateway = $dot.Values.global.ingress.commonGateway.name }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $gateway -}} +{{- end -}} + +{{/* + Helper function to get the common Gateway HTTP Listener name, if exists +*/}} +{{- define "common.ingress._gatewayHTTPListener" -}} +{{- $dot := default . .dot -}} +{{- $listener := "http-80" -}} +{{- if $dot.Values.global.ingress -}} +{{- if $dot.Values.global.ingress.commonGateway -}} +{{- if $dot.Values.global.ingress.commonGateway.name -}} +{{ $listener = $dot.Values.global.ingress.commonGateway.httpListener }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $listener -}} +{{- end -}} + +{{/* + Helper function to get the common Gateway HTTPS Listener name, if exists +*/}} +{{- define "common.ingress._gatewayHTTPSListener" -}} +{{- $dot := default . .dot -}} +{{- $listener := "https-443" -}} +{{- if $dot.Values.global.ingress -}} +{{- if $dot.Values.global.ingress.commonGateway -}} +{{- if $dot.Values.global.ingress.commonGateway.name -}} +{{ $listener = $dot.Values.global.ingress.commonGateway.httpsListener }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $listener -}} +{{- end -}} + +{{/* + Helper function to check the existance of an override value +*/}} +{{- define "common.ingress._overrideIfDefined" -}} + {{- $currValue := .currVal }} + {{- $parent := .parent }} + {{- $var := .var }} + {{- if $parent -}} + {{- if hasKey $parent $var }} + {{- default "" (index $parent $var) }} + {{- else -}} + {{- default "" $currValue -}} + {{- end -}} + {{- else -}} + {{- default "" $currValue }} + {{- end -}} +{{- end -}} + +{{/* + Helper function to get the protocol of the service +*/}} +{{- define "common.ingress._protocol" -}} +{{- $dot := default . .dot -}} +{{- $protocol := "http" -}} +{{- if $dot.tcpRoutes }} +{{- $protocol = "tcp" -}} +{{- end -}} +{{- if $dot.udpRoutes }} +{{- $protocol = "tcp" -}} +{{- end -}} +{{- if $dot.protocol }} +{{- $protocol = (lower $dot.protocol) -}} +{{- end -}} +{{- $protocol -}} +{{- end -}} {{/* Create the hostname as concatination . @@ -120,6 +285,21 @@ true {{- end -}} {{- end -}} +{{/* + Create Port entry in the Gateway resource +*/}} +{{- define "istio.config.gatewayPort" -}} +{{- $dot := default . .dot -}} +{{- $service := (required "'service' param, set to the specific service, is required." .service) -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}} + - port: + {{- include "istio.config.port" (dict "dot" $service "baseaddr" $baseaddr "protocol" $protocol) }} + hosts: + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + {{- include "istio.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }} +{{- end -}} + {{/* Helper function to add the route to the service */}} @@ -197,16 +377,17 @@ true Helper function to add ssl annotations */}} {{- define "ingress.config.annotations.ssl" -}} +{{- $class := include "common.ingress._class" (dict "dot" .) }} {{- if .Values.ingress.config -}} {{- if .Values.ingress.config.ssl -}} {{- if eq .Values.ingress.config.ssl "redirect" -}} -kubernetes.io/ingress.class: nginx -nginx.ingress.kubernetes.io/ssl-passthrough: "true" -nginx.ingress.kubernetes.io/ssl-redirect: "true" +kubernetes.io/ingress.class: {{ $class }} +{{ $class }}.ingress.kubernetes.io/ssl-passthrough: "true" +{{ $class }}.ingress.kubernetes.io/ssl-redirect: "true" {{- else if eq .Values.ingress.config.ssl "native" -}} -nginx.ingress.kubernetes.io/ssl-redirect: "true" +{{ $class }}.ingress.kubernetes.io/ssl-redirect: "true" {{- else if eq .Values.ingress.config.ssl "none" -}} -nginx.ingress.kubernetes.io/ssl-redirect: "false" +{{ $class }}.ingress.kubernetes.io/ssl-redirect: "false" {{- end -}} {{- end -}} {{- end -}} @@ -225,66 +406,17 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false" {{ include "ingress.config.annotations.ssl" . | indent 4 | trim }} {{- end -}} -{{/* - Helper function to check the existance of an override value -*/}} -{{- define "common.ingress._overrideIfDefined" -}} - {{- $currValue := .currVal }} - {{- $parent := .parent }} - {{- $var := .var }} - {{- if $parent -}} - {{- if hasKey $parent $var }} - {{- default "" (index $parent $var) }} - {{- else -}} - {{- default "" $currValue -}} - {{- end -}} - {{- else -}} - {{- default "" $currValue }} - {{- end -}} -{{- end -}} - -{{/* - Helper function to check, if Ingress is enabled -*/}} -{{- define "common.ingress._enabled" -}} -{{- $dot := default . .dot -}} -{{- if $dot.Values.ingress -}} -{{- if $dot.Values.global.ingress -}} -{{- if (default false $dot.Values.global.ingress.enabled) -}} -{{- if (default false $dot.Values.global.ingress.enable_all) -}} -true -{{- else -}} -{{- if $dot.Values.ingress.enabled -}} -true -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* - Create Port entry in the Gateway resource -*/}} -{{- define "istio.config.gatewayPort" -}} -{{- $dot := default . .dot -}} -{{- $service := (required "'service' param, set to the specific service, is required." .service) -}} -{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} -{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}} - - port: - {{- include "istio.config.port" (dict "dot" $service "baseaddr" $baseaddr "protocol" $protocol) }} - hosts: - - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{- include "istio.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }} -{{- end -}} - {{/* Create Istio Ingress resources per defined service */}} {{- define "common.istioIngress" -}} {{- $dot := default . .dot -}} +{{- $selector := include "common.ingress._selector" (dict "dot" $dot) }} +{{- $gateway := include "common.ingress._commonGateway" (dict "dot" $dot) }} {{ range $dot.Values.ingress.service }} +{{ if or ( eq (include "common.ingress._protocol" (dict "dot" .)) "http" ) ( eq (include "common.ingress._protocol" (dict "dot" .)) "tcp" )}} {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }} +{{- if eq $gateway "-" }} --- apiVersion: networking.istio.io/v1beta1 kind: Gateway @@ -292,19 +424,20 @@ metadata: name: {{ $baseaddr }}-gateway spec: selector: - istio: ingress # use Istio default gateway implementation + istio: {{ $selector }} servers: -{{- if .tcpRoutes }} -{{ range .tcpRoutes }} +{{- if .tcpRoutes }} +{{ range .tcpRoutes }} {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }} -{{ end -}} -{{- else }} - {{- if .protocol }} +{{ end -}} +{{- else }} + {{- if .protocol }} {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" .protocol) | trim }} - {{- else }} + {{- else }} {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }} - {{ end }} -{{ end }} + {{ end }} +{{ end }} +{{ end }} --- apiVersion: networking.istio.io/v1beta1 kind: VirtualService @@ -314,7 +447,11 @@ spec: hosts: - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} gateways: +{{- if eq $gateway "-" }} - {{ $baseaddr }}-gateway +{{- else }} + - {{ $gateway }} +{{- end }} {{- if .tcpRoutes }} tcp: {{ range .tcpRoutes }} @@ -327,9 +464,253 @@ spec: {{- else }} http: {{ include "istio.config.route" (dict "dot" . "protocol" "http") | trim }} - {{ end }} -{{ end }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* + GW-API Helper function to add the tls route +*/}} +{{- define "gwapi.config.tls_simple" -}} +{{- $dot := default . .dot -}} + tls: +{{- if $dot.Values.global.ingress.config }} +{{- if $dot.Values.global.ingress.config.tls }} + certificateRefs: + - kind: Secret + group: "" + name: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }} +{{- else }} + certificateRefs: + - kind: Secret + group: "" + name: "ingress-tls-secret" +{{- end }} +{{- else }} + certificateRefs: + - kind: Secret + group: "" + name: "ingress-tls-secret" +{{- end }} + mode: Terminate +{{- end -}} + +{{/* + GW-API Helper function to add the tls route +*/}} +{{- define "gwapi.config.tls" -}} +{{- $dot := default . .dot -}} +{{- $service := (required "'service' param, set to the specific service, is required." .service) -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- if $service.exposedPort }} +{{- if $service.exposedProtocol }} +{{- if eq $service.exposedProtocol "TLS" }} + {{ include "gwapi.config.tls_simple" (dict "dot" $dot ) }} +{{- end }} +{{- end }} +{{- else }} +{{- if (include "common.ingress._tlsRedirect" (dict "dot" $dot)) }} + - name: HTTPS-443 + port: 443 + protocol: HTTPS + hostname: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + {{ include "gwapi.config.tls_simple" (dict "dot" $dot ) }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* + Create Listener entry in the Gateway resource +*/}} +{{- define "gwapi.config.listener" -}} +{{- $dot := default . .dot -}} +{{- $service := (required "'service' param, set to the specific service, is required." .service) -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}} +{{- $port := default 80 $service.exposedPort -}} + - name: {{ $protocol }}-{{ $port }} + port: {{ $port }} +{{- if $service.exposedProtocol }} + protocol: {{ upper $service.exposedProtocol }} +{{- else }} + protocol: HTTP +{{- end }} + hostname: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + allowedRoutes: + namespaces: + from: All +{{- if eq $service.protocol "tcp" }} + kinds: + - kind: TCPRoute +{{- else if eq $service.protocol "tcp" }} + kinds: + - kind: UDPRoute +{{- end }} + {{- include "gwapi.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }} +{{- end -}} + +{{/* + Create *Route entry for the Gateway-API +*/}} +{{- define "gwapi.config.route" -}} +{{- $dot := default . .dot -}} +{{- $service := (required "'service' param, set to the specific service, is required." .service) -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}} +{{- $gateway := include "common.ingress._commonGateway" (dict "dot" $dot) -}} +{{- $namespace := default "istio-ingress" $dot.Values.global.ingress.namespace -}} +{{- $path := default "/" $service.path -}} +{{- if eq $protocol "udp" -}} +--- +apiVersion: gateway.networking.k8s.io/v1alpha2 +kind: UDPRoute +metadata: + name: {{ $baseaddr }}-{{ $service.exposedPort }}-route +spec: + parentRefs: +{{- if eq $gateway "-" }} + - name: {{ $baseaddr }}-gateway +{{- else }} + - name: {{ $gateway }} +{{- end }} + namespace: {{ $namespace }} + sectionName: udp-{{ $service.exposedPort }} + rules: + - backendRefs: + - name: {{ $service.name }} + port: {{ $service.port }} +{{- else if eq $protocol "tcp" }} +--- +apiVersion: gateway.networking.k8s.io/v1alpha2 +kind: TCPRoute +metadata: + name: {{ $baseaddr }}-{{ $service.exposedPort }}-route +spec: + parentRefs: +{{- if eq $gateway "-" }} + - name: {{ $baseaddr }}-gateway +{{- else }} + - name: {{ $gateway }} +{{- end }} + namespace: {{ $namespace }} + sectionName: tcp-{{ $service.exposedPort }} + rules: + - backendRefs: + - name: {{ $service.name }} + port: {{ $service.port }} +{{- else if eq $protocol "http" }} +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: HTTPRoute +metadata: + name: {{ $baseaddr }}-http-route +spec: + parentRefs: +{{- if eq $gateway "-" }} + - name: {{ $baseaddr }}-gateway +{{- else }} + - name: {{ $gateway }} +{{- end }} + namespace: {{ $namespace }} +{{- if (include "common.ingress._tlsRedirect" (dict "dot" $dot)) }} + sectionName: {{ include "common.ingress._gatewayHTTPSListener" (dict "dot" $dot) }} +{{- else }} + sectionName: {{ include "common.ingress._gatewayHTTPListener" (dict "dot" $dot) }} +{{- end }} + hostnames: + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + rules: + - backendRefs: + - name: {{ $service.name }} + port: {{ $service.port }} + matches: + - path: + type: PathPrefix + value: {{ $path }} +{{- if (include "common.ingress._tlsRedirect" (dict "dot" $dot)) }} +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: HTTPRoute +metadata: + name: {{ $baseaddr }}-redirect-route +spec: + parentRefs: +{{- if eq $gateway "-" }} + - name: {{ $baseaddr }}-gateway +{{- else }} + - name: {{ $gateway }} +{{- end }} + namespace: {{ $namespace }} + sectionName: {{ include "common.ingress._gatewayHTTPListener" (dict "dot" $dot) }} + hostnames: + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + rules: + - filters: + - type: RequestRedirect + requestRedirect: + scheme: https + statusCode: 301 + port: 443 + matches: + - path: + type: PathPrefix + value: {{ $path }} +{{- end }} +{{- end }} {{- end -}} + +{{/* + Create GW-API Ingress resources per defined service +*/}} +{{- define "common.gwapiIngress" -}} +{{- $dot := default . .dot -}} +{{- $selector := include "common.ingress._selector" (dict "dot" $dot) }} +{{- $gateway := include "common.ingress._commonGateway" (dict "dot" $dot) }} +{{ range $dot.Values.ingress.service }} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }} +{{- if eq $gateway "-" }} +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: Gateway +metadata: + name: {{ $baseaddr }}-gateway +spec: + gatewayClassName: {{ $dot.Values.global.serviceMesh.engine }} + listeners: +{{- if .tcpRoutes }} +{{ range .tcpRoutes }} + {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }} +{{- end -}} +{{- else if .udpRoutes }} +{{ range .udpRoutes }} + {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "udp") | trim }} +{{- end -}} +{{- else }} +{{- if .protocol }} + {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" (lower .protocol)) | trim }} +{{- else }} + {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }} +{{- end }} +{{- end }} +{{- end }} +{{- if .tcpRoutes }} +{{ range .tcpRoutes }} +{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }} +{{- end -}} +{{- else if .udpRoutes }} +{{ range .udpRoutes }} +{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "udp") | trim }} +{{- end -}} +{{- else }} +{{- if .protocol }} +{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" (lower .protocol)) | trim }} +{{- else }} +{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }} +{{- end }} +{{- end }} +{{- end }} {{- end -}} {{/* @@ -337,6 +718,9 @@ spec: */}} {{- define "common.nginxIngress" -}} {{- $dot := default . .dot -}} +{{ range $dot.Values.ingress.service }} +{{ if eq (include "common.ingress._protocol" (dict "dot" .)) "http" }} +{{ $baseaddr := required "baseaddr" .baseaddr }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -350,21 +734,21 @@ metadata: heritage: {{ $dot.Release.Service }} spec: rules: - {{ include "ingress.config.port" $dot | trim }} -{{- if $dot.Values.ingress.tls }} + {{ include "ingress.config.port" . | trim }} +{{- if $dot.Values.ingress.tls }} tls: {{ toYaml $dot.Values.ingress.tls | indent 4 }} -{{- end -}} -{{- if $dot.Values.ingress.config -}} -{{- if $dot.Values.ingress.config.tls }} +{{- end -}} +{{- if $dot.Values.ingress.config -}} +{{- if $dot.Values.ingress.config.tls }} tls: - hosts: - {{- range $dot.Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} - - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{- end }} + - {{ include "ingress.config.host" (dict "dot" . "baseaddr" $baseaddr) }} secretName: {{ required "secret" (tpl (default "" $dot.Values.ingress.config.tls.secret) $dot) }} -{{- end -}} -{{- end -}} +{{- end }} +{{- end }} +{{- end }} +{{- end }} {{- end -}} {{/* @@ -381,22 +765,29 @@ spec: | true | true | any | ingress | | true | false | true | ingress | - If ServiceMesh (Istio) is enabled the respective resources are created: - - Gateway + If ServiceMesh (Ingress-Provider: Istio) is enabled the respective resources + are created: + - Gateway (optional) - VirtualService + If ServiceMesh (Ingress-Provider: GatewayAPI) is enabled the respective resources + are created: + - Gateway (optional) + - HTTPRoute, TCPRoute, UDPRoute (depending) + If ServiceMesh is disabled the standard Ingress resource is creates: - Ingress */}} {{- define "common.ingress" -}} {{- $dot := default . .dot -}} +{{- $provider := include "common.ingress._provider" (dict "dot" $dot) -}} {{- if (include "common.ingress._enabled" (dict "dot" $dot)) }} -{{- if (include "common.onServiceMesh" .) }} -{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }} -{{ include "common.istioIngress" (dict "dot" $dot) }} -{{- end -}} -{{- else -}} +{{- if eq $provider "ingress" -}} {{ include "common.nginxIngress" (dict "dot" $dot) }} +{{- else if eq $provider "istio" -}} +{{ include "common.istioIngress" (dict "dot" $dot) }} +{{- else if eq $provider "gw-api" -}} +{{ include "common.gwapiIngress" (dict "dot" $dot) }} {{- end -}} {{- end -}} {{- end -}} diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml index c04d397a9a..eeb5fc453b 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml @@ -22,6 +22,20 @@ global: # enable all component's Ingress interfaces enable_all: true # All http requests via ingress will be redirected + + # Provider: ingress, istio, gw-api + provider: istio + # Ingress class (only for provider "ingress"): e.g. nginx, traefik + ingressClass: + # Ingress Selector (only for provider "istio") to match with the + # ingress pod label "istio=ingress" + ingressSelector: ingress + # optional: common used Gateway (for Istio, GW-API) and listener names + commonGateway: + name: "" + httpListener: "" + httpsListener: "" + virtualhost: # Default Ingress base URL # can be overwritten in component by setting ingress.baseurlOverride diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml index ac3979ea9d..6d94f9912e 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml @@ -20,6 +20,19 @@ global: ingress: enabled: true enable_all: true + # Provider: ingress, istio, gw-api + provider: ingress + # Ingress class (only for provider "ingress"): e.g. nginx, traefik + ingressClass: nginx + # Ingress Selector (only for provider "istio") to match with the + # ingress pod label "istio=ingress" + ingressSelector: ingress + # optional: common used Gateway (for Istio, GW-API) and listener names + commonGateway: + name: "" + httpListener: "" + httpsListener: "" + cassandra: enabled: true mariadb-galera: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 0456ce5a96..5697477ce4 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -134,6 +134,19 @@ global: # enable all component's Ingress interfaces enable_all: false + # Provider: ingress, istio, gw-api + provider: istio + # Ingress class (only for provider "ingress"): e.g. nginx, traefik + ingressClass: + # Ingress Selector (only for provider "istio") to match with the + # ingress pod label "istio=ingress" + ingressSelector: ingress + # optional: common used Gateway (for Istio, GW-API) and listener names + commonGateway: + name: "" + httpListener: "" + httpsListener: "" + # default Ingress base URL and preAddr- and postAddr settings # Ingress URLs result: # . @@ -158,7 +171,7 @@ global: # tls: # secret: 'my-ingress-cert' - # optional: Namespace of the Istio IngressGateway + # optional: Namespace of the Istio IngressGateway or Gateway-API # only valid for Istio Gateway (ServiceMesh enabled) namespace: istio-ingress -- 2.16.6