129 lines
5.4 KiB
YAML
129 lines
5.4 KiB
YAML
{{- /* ================================================================== */ -}}
|
|
{{- /* Istio Gateway Configuration */ -}}
|
|
{{- /* ================================================================== */ -}}
|
|
{{- if .Values.ingress.enabled -}}
|
|
{{- $fullName := include "uptime-kuma.fullname" . -}}
|
|
{{- $namespace := include "uptime-kuma.namespace" . -}}
|
|
{{- $gatewayName := $fullName -}} {{/* Use the same name for simplicity, or define a new one */}}
|
|
apiVersion: networking.istio.io/v1beta1
|
|
kind: Gateway
|
|
metadata:
|
|
name: {{ $gatewayName }}
|
|
namespace: {{ $namespace }}
|
|
labels:
|
|
{{- include "uptime-kuma.labels" . | nindent 4 }}
|
|
{{- /* You might want specific labels for Istio resources */}}
|
|
{{- if .Values.istio.gateway.extraLabels }}
|
|
{{- toYaml .Values.istio.gateway.extraLabels | nindent 4 }}
|
|
{{- end }}
|
|
{{- /* Annotations from Ingress might not apply directly, review if needed */}}
|
|
{{- /* Add Istio specific annotations if required */}}
|
|
{{- with .Values.istio.gateway.annotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
spec:
|
|
# This selector usually targets the default Istio ingress gateway pods
|
|
# Adjust if your Istio installation uses different labels
|
|
selector:
|
|
{{- /* Make this configurable, e.g., .Values.istio.gateway.selector */}}
|
|
{{- .Values.istio.gateway.selector | default (dict "istio" "ingressgateway") | toYaml | nindent 4 }}
|
|
servers:
|
|
# HTTP Server entry
|
|
- port:
|
|
number: 80
|
|
name: http-{{ $fullName }} # Name must be unique per Gateway
|
|
protocol: HTTP
|
|
# Listen on the hosts defined in the ingress rules
|
|
hosts:
|
|
{{- range .Values.ingress.hosts }}
|
|
- {{ .host | quote }}
|
|
{{- end }}
|
|
{{- /* Optional: Add default http->https redirect */}}
|
|
{{- if and .Values.ingress.tls .Values.istio.gateway.httpRedirect }}
|
|
tls:
|
|
httpsRedirect: true
|
|
{{- end }}
|
|
|
|
{{- /* HTTPS Server entry - only if TLS is configured */}}
|
|
{{- if .Values.ingress.tls }}
|
|
- port:
|
|
number: 443
|
|
name: https-{{ $fullName }} # Name must be unique per Gateway
|
|
protocol: HTTPS
|
|
# Use hosts defined in the TLS section
|
|
hosts:
|
|
{{- range .Values.ingress.tls }}
|
|
{{- range .hosts }}
|
|
- {{ . | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
tls:
|
|
mode: SIMPLE # Terminate TLS at the gateway
|
|
# Reference secrets from the TLS config. Assumes secrets are in the same namespace as the Gateway.
|
|
{{- range .Values.ingress.tls }}
|
|
credentialName: {{ .secretName }}
|
|
{{- /* Note: Istio Gateway only supports one credentialName per server block directly. */}}
|
|
{{- /* If multiple TLS secrets are needed for different hosts on port 443, */}}
|
|
{{- /* you might need multiple server blocks or rely on SNI matching if your */}}
|
|
{{- /* Istio version/setup supports it implicitly based on VirtualService hosts. */}}
|
|
{{- /* For simplicity, this example assumes the *first* secret applies if multiple are listed */}}
|
|
{{- /* under .Values.ingress.tls and you only have one https server block. */}}
|
|
{{- /* A more robust solution might generate multiple HTTPS server blocks if needed. */}}
|
|
{{- break }} {{/* Only use the first secret for this simple server block */}}
|
|
{{- end }}
|
|
{{- end }}
|
|
---
|
|
{{- /* ================================================================== */ -}}
|
|
{{- /* Istio VirtualService Configuration */ -}}
|
|
{{- /* ================================================================== */ -}}
|
|
{{- $fullName := include "uptime-kuma.fullname" . -}}
|
|
{{- $namespace := include "uptime-kuma.namespace" . -}}
|
|
{{- $svcPort := .Values.service.port -}}
|
|
{{- $gatewayName := $fullName -}} {{/* Must match the Gateway name defined above */}}
|
|
apiVersion: networking.istio.io/v1beta1
|
|
kind: VirtualService
|
|
metadata:
|
|
name: {{ $fullName }}
|
|
namespace: {{ $namespace }}
|
|
labels:
|
|
{{- include "uptime-kuma.labels" . | nindent 4 }}
|
|
{{- if .Values.istio.virtualService.extraLabels }}
|
|
{{- toYaml .Values.istio.virtualService.extraLabels | nindent 4 }}
|
|
{{- end }}
|
|
{{- with .Values.istio.virtualService.annotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
spec:
|
|
# Apply these rules to traffic coming through the specified gateway(s)
|
|
gateways:
|
|
- {{ $gatewayName }}
|
|
# Apply these rules for requests targeting the specified host(s)
|
|
hosts:
|
|
{{- range .Values.ingress.hosts }}
|
|
- {{ .host | quote }}
|
|
{{- end }}
|
|
http:
|
|
{{- range .Values.ingress.hosts }}
|
|
{{- range .paths }}
|
|
- match:
|
|
- uri:
|
|
# Map pathType to Istio's match types
|
|
{{- $pathType := .pathType | default "Prefix" -}} {{/* Default to Prefix if not specified */}}
|
|
{{- if or (eq $pathType "Prefix") (eq $pathType "ImplementationSpecific") }}
|
|
prefix: {{ .path }}
|
|
{{- else if eq $pathType "Exact" }}
|
|
exact: {{ .path }}
|
|
{{- end }}
|
|
# Define where to route the traffic
|
|
route:
|
|
- destination:
|
|
# Route to the internal Kubernetes Service
|
|
host: {{ $fullName }}
|
|
port:
|
|
number: {{ $svcPort }}
|
|
{{- /* Add other Istio features like rewrite, headers, retries, timeouts here if needed */}}
|
|
{{- end }} {{- /* end range .paths */}}
|
|
{{- end }} {{- /* end range .Values.ingress.hosts */}}
|
|
{{- end }} {{/* End if .Values.ingress.enabled */}} |