{{- define "istio-ingress-values" }}

gateway:
  name: istio-ingressgateway

  {{- with index .Values "istio-ingress" "gateway" "replicaCount" }}
  replicaCount: {{ . }}
  {{- if gt (int .) 1 }}
  podDisruptionBudget:
    minAvailable: 1
  {{- end }}
  {{- end }}

  {{- if not (index .Values "istio-ingress" "gateway" "affinity") }}
  # Only nodes who are fronted with matching LB
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: node.kubernetes.io/ingress.public
            operator: Exists
  {{- end }}

  topologySpreadConstraints:
    - maxSkew: 1
      topologyKey: topology.kubernetes.io/zone
      whenUnsatisfiable: DoNotSchedule
      labelSelector:
        matchLabels:
          app: istio-ingressgateway
          istio: ingressgateway
    - maxSkew: 1
      topologyKey: kubernetes.io/hostname
      whenUnsatisfiable: DoNotSchedule
      labelSelector:
        matchLabels:
          app: istio-ingressgateway
          istio: ingressgateway

  service:
    {{- with index .Values "istio-ingress" "gateway" "service" "type" }}
    type: {{ . }}
    {{- end }}
    ports:
    - name: status-port
      port: 15021
      nodePort: 30021
      noGateway: true
    - name: http2
      port: 80
      targetPort: 8080
      nodePort: 30080
      gatewayProtocol: HTTP2
      tls:
        httpsRedirect: true
    - name: https
      port: 443
      targetPort: 8443
      nodePort: 30443
      gatewayProtocol: HTTPS
      tls:
        mode: SIMPLE
    {{- with index .Values "istio-ingress" "gateway" "service" "ports" }}
    {{- toYaml . | nindent 4 }}
    {{- end }}

  # custom hardened bootstrap config
  env:
    ISTIO_BOOTSTRAP_OVERRIDE: /etc/istio/custom-bootstrap/custom_bootstrap.json
  volumes:
    - name: custom-bootstrap-volume
      configMap:
        name: ingressgateway-bootstrap-config
  volumeMounts:
    - mountPath: /etc/istio/custom-bootstrap
      name: custom-bootstrap-volume
      readOnly: true

telemetry:
  enabled: {{ $.Values.metrics.enabled }}
{{- with index .Values "istio-ingress" "certificates" }}
certificates:
{{- range $cert := . }}
- name: {{ $cert.name }}
  dnsNames:
  {{- toYaml $cert.dnsNames | nindent 4 }}
{{- end }}
{{- end }}
proxyProtocol: {{ default true (index .Values "istio-ingress" "proxyProtocol") }}

{{- end }}


{{- define "istio-ingress-argo" }}
{{- end }}

{{ include "kubezero-app.app" . }}