129 lines
5.0 KiB
YAML
129 lines
5.0 KiB
YAML
{{- /* ================================================================== */ -}}
|
|
{{- /* Istio Gateway Configuration for ntfy */ -}}
|
|
{{- /* ================================================================== */ -}}
|
|
{{- if .Values.ingress.enabled -}}
|
|
{{- $fullName := include "ntfy.fullname" . -}}
|
|
{{- $namespace := include "ntfy.namespace" . -}} {{/* Or use .Release.Namespace */}}
|
|
{{- $gatewayName := $fullName -}} {{/* Using the same name for simplicity */}}
|
|
|
|
apiVersion: networking.istio.io/v1beta1
|
|
kind: Gateway
|
|
metadata:
|
|
name: {{ $gatewayName }}
|
|
namespace: {{ $namespace }}
|
|
labels:
|
|
{{- include "ntfy.labels" . | nindent 4 }}
|
|
{{- /* Add extra labels specific to Istio Gateway if needed */}}
|
|
{{- with .Values.istio.gateway.extraLabels }}
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
{{- /* Annotations from K8s Ingress often don't apply directly */}}
|
|
{{- /* Add Istio specific annotations if required */}}
|
|
{{- with .Values.istio.gateway.annotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
spec:
|
|
# Selector targets the Istio ingress gateway pods.
|
|
# Adjust if your Istio installation uses different labels.
|
|
selector:
|
|
{{- .Values.istio.gateway.selector | default (dict "istio" "ingressgateway") | toYaml | nindent 4 }}
|
|
servers:
|
|
# HTTP Server entry (Port 80)
|
|
- port:
|
|
number: 80
|
|
name: http-{{ $fullName }} # Name must be unique per Gateway
|
|
protocol: HTTP
|
|
# Listen on hosts defined in ingress rules
|
|
hosts:
|
|
{{- range .Values.ingress.hosts }}
|
|
- {{ .host | quote }}
|
|
{{- end }}
|
|
{{- /* Optional: Add HTTP->HTTPS redirect if TLS is enabled */}}
|
|
{{- if and .Values.ingress.tls .Values.istio.gateway.httpRedirect }}
|
|
tls:
|
|
httpsRedirect: true
|
|
{{- end }}
|
|
|
|
{{- /* HTTPS Server entry (Port 443) - Only if TLS is configured */}}
|
|
{{- if .Values.ingress.tls }}
|
|
- port:
|
|
number: 443
|
|
name: https-{{ $fullName }} # Name must be unique per Gateway
|
|
protocol: HTTPS
|
|
# Use hosts defined in the TLS section
|
|
hosts:
|
|
{{- range .Values.ingress.tls }}
|
|
{{- range .hosts }}
|
|
- {{ . | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
tls:
|
|
mode: SIMPLE # Terminate TLS at the gateway
|
|
# Reference secrets from the TLS config. Secrets must be in the same namespace as the Gateway.
|
|
# This simple example uses the *first* secret found if multiple are defined in values.yaml.
|
|
# For multiple certs on the same port, consider multiple server blocks or advanced SNI.
|
|
{{- range .Values.ingress.tls }}
|
|
credentialName: {{ .secretName }}
|
|
{{- break }} {{/* Use only the first secret defined */}}
|
|
{{- end }}
|
|
{{- end }}
|
|
---
|
|
{{- /* ================================================================== */ -}}
|
|
{{- /* Istio VirtualService Configuration for ntfy */ -}}
|
|
{{- /* ================================================================== */ -}}
|
|
{{- $fullName := include "ntfy.fullname" . -}}
|
|
{{- $namespace := include "ntfy.namespace" . -}} {{/* Or use .Release.Namespace */}}
|
|
{{- $svcPort := .Values.service.port -}}
|
|
{{- $gatewayName := $fullName -}} {{/* Must match the Gateway name defined above */}}
|
|
|
|
apiVersion: networking.istio.io/v1beta1
|
|
kind: VirtualService
|
|
metadata:
|
|
name: {{ $fullName }}
|
|
namespace: {{ $namespace }}
|
|
labels:
|
|
{{- include "ntfy.labels" . | nindent 4 }}
|
|
{{- /* Add extra labels specific to Istio VirtualService if needed */}}
|
|
{{- with .Values.istio.virtualService.extraLabels }}
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
{{- with .Values.istio.virtualService.annotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
spec:
|
|
# Apply rules to traffic coming through the specified gateway(s)
|
|
gateways:
|
|
- {{ $gatewayName }}
|
|
# Apply rules for requests targeting the specified host(s)
|
|
hosts:
|
|
{{- range .Values.ingress.hosts }}
|
|
- {{ .host | quote }}
|
|
{{- end }}
|
|
http:
|
|
{{- /* Create a route rule for each host/path combination from the ingress spec */}}
|
|
{{- range .Values.ingress.hosts }}
|
|
{{- range .paths }}
|
|
- match:
|
|
- uri:
|
|
# Map pathType from Ingress to Istio URI match types
|
|
{{- if eq .pathType "Prefix" }}
|
|
prefix: {{ .path }}
|
|
{{- else if eq .pathType "Exact" }}
|
|
exact: {{ .path }}
|
|
{{- else }}
|
|
# Default or fallback, usually Prefix is safest assumption for ImplementationSpecific
|
|
prefix: {{ .path }}
|
|
{{- end }}
|
|
# Define where to route the traffic
|
|
route:
|
|
- destination:
|
|
# Route to the internal Kubernetes Service
|
|
host: {{ $fullName }} # The name of the ntfy Kubernetes Service
|
|
port:
|
|
number: {{ $svcPort }} # The port the ntfy Service listens on
|
|
{{- /* Add other Istio features like rewrite, headers, retries, timeouts here if needed */}}
|
|
{{- end }} {{- /* end range .paths */}}
|
|
{{- end }} {{- /* end range .Values.ingress.hosts */}}
|
|
{{- end }} {{/* End if .Values.ingress.enabled */}} |