KubeZero/charts/kubezero/templates/istio-ingress.yaml

89 lines
2.2 KiB
YAML

{{- define "istio-ingress-values" }}
gateway:
name: istio-ingressgateway
labels:
app: istio-ingressgateway
istio: ingressgateway
{{- with index .Values "istio-ingress" "gateway" "replicaCount" }}
replicaCount: {{ . }}
{{- end }}
{{- if not (index .Values "istio-ingress" "gateway" "affinity") }}
# Only nodes who are fronted with matching LB
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node.kubernetes.io/ingress.public
operator: Exists
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- istio-ingressgateway
topologyKey: "kubernetes.io/hostname"
{{- end }}
service:
{{- with index .Values "istio-ingress" "gateway" "service" "type" }}
type: {{ . }}
{{- end }}
ports:
- name: status-port
port: 15021
nodePort: 30021
noGateway: true
- name: http2
port: 80
targetPort: 8080
nodePort: 30080
gatewayProtocol: HTTP2
tls:
httpsRedirect: true
- name: https
port: 443
targetPort: 8443
nodePort: 30443
gatewayProtocol: HTTPS
tls:
mode: SIMPLE
{{- with index .Values "istio-ingress" "gateway" "service" "ports" }}
{{- toYaml . | nindent 4 }}
{{- end }}
# custom hardened bootstrap config
env:
ISTIO_BOOTSTRAP_OVERRIDE: /etc/istio/custom-bootstrap/custom_bootstrap.json
volumes:
- name: custom-bootstrap-volume
configMap:
name: ingressgateway-bootstrap-config
volumeMounts:
- mountPath: /etc/istio/custom-bootstrap
name: custom-bootstrap-volume
readOnly: true
telemetry:
enabled: {{ $.Values.metrics.enabled }}
certificates:
{{- range $cert := index .Values "istio-ingress" "certificates" }}
- name: {{ $cert.name }}
dnsNames:
{{- toYaml $cert.dnsNames | nindent 4 }}
{{- end }}
proxyProtocol: {{ default true (index .Values "istio-ingress" "proxyProtocol") }}
{{- end }}
{{- define "istio-ingress-argo" }}
{{- end }}
{{ include "kubezero-app.app" . }}