2021-03-24 12:08:17 +00:00
|
|
|
# https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/#configure-a-tls-ingress-gateway-for-multiple-hosts
|
|
|
|
|
|
2020-11-24 14:44:57 +00:00
|
|
|
{{- if and (index .Values "istio-ingress" "enabled") (index .Values "istio-ingress" "dnsNames") }}
|
2020-11-21 12:24:57 +00:00
|
|
|
apiVersion: networking.istio.io/v1beta1
|
2020-07-21 17:30:21 +00:00
|
|
|
kind: Gateway
|
|
|
|
|
metadata:
|
|
|
|
|
name: ingressgateway
|
2020-11-24 14:44:57 +00:00
|
|
|
namespace: {{ .Release.Namespace }}
|
2020-08-06 17:43:59 +00:00
|
|
|
labels:
|
|
|
|
|
{{ include "kubezero-lib.labels" . | indent 4 }}
|
2020-07-21 17:30:21 +00:00
|
|
|
spec:
|
|
|
|
|
selector:
|
|
|
|
|
istio: ingressgateway
|
|
|
|
|
servers:
|
|
|
|
|
- port:
|
|
|
|
|
number: 80
|
|
|
|
|
name: http
|
|
|
|
|
protocol: HTTP2
|
|
|
|
|
hosts:
|
2020-11-24 14:44:57 +00:00
|
|
|
{{- toYaml (index .Values "istio-ingress" "dnsNames") | nindent 4 }}
|
2020-07-21 17:30:21 +00:00
|
|
|
tls:
|
|
|
|
|
httpsRedirect: true
|
|
|
|
|
- port:
|
|
|
|
|
number: 443
|
|
|
|
|
name: https
|
|
|
|
|
protocol: HTTPS
|
|
|
|
|
hosts:
|
2020-11-24 14:44:57 +00:00
|
|
|
{{- toYaml (index .Values "istio-ingress" "dnsNames") | nindent 4 }}
|
2020-07-21 17:30:21 +00:00
|
|
|
tls:
|
|
|
|
|
mode: SIMPLE
|
|
|
|
|
privateKey: /etc/istio/ingressgateway-certs/tls.key
|
|
|
|
|
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
|
2020-11-28 23:01:20 +00:00
|
|
|
credentialName: ingress-cert
|
2020-11-21 12:24:57 +00:00
|
|
|
{{- end }}
|
2020-11-24 14:44:57 +00:00
|
|
|
|
|
|
|
|
{{- if and (index .Values "istio-private-ingress" "enabled") (index .Values "istio-private-ingress" "dnsNames") }}
|
2020-07-21 17:30:21 +00:00
|
|
|
---
|
2020-11-21 12:24:57 +00:00
|
|
|
apiVersion: networking.istio.io/v1beta1
|
2020-07-21 17:30:21 +00:00
|
|
|
kind: Gateway
|
|
|
|
|
metadata:
|
|
|
|
|
name: private-ingressgateway
|
2020-11-24 14:44:57 +00:00
|
|
|
namespace: {{ .Release.Namespace }}
|
2020-08-06 17:43:59 +00:00
|
|
|
labels:
|
|
|
|
|
{{ include "kubezero-lib.labels" . | indent 4 }}
|
2020-07-21 17:30:21 +00:00
|
|
|
spec:
|
|
|
|
|
selector:
|
|
|
|
|
istio: private-ingressgateway
|
|
|
|
|
servers:
|
|
|
|
|
- port:
|
|
|
|
|
number: 80
|
|
|
|
|
name: http
|
|
|
|
|
protocol: HTTP2
|
|
|
|
|
hosts:
|
2020-11-24 14:44:57 +00:00
|
|
|
{{- toYaml (index .Values "istio-private-ingress" "dnsNames") | nindent 4 }}
|
2020-07-21 17:30:21 +00:00
|
|
|
tls:
|
|
|
|
|
httpsRedirect: true
|
|
|
|
|
- port:
|
|
|
|
|
number: 443
|
|
|
|
|
name: https
|
|
|
|
|
protocol: HTTPS
|
|
|
|
|
hosts:
|
2020-11-24 14:44:57 +00:00
|
|
|
{{- toYaml (index .Values "istio-private-ingress" "dnsNames") | nindent 4 }}
|
2020-07-21 17:30:21 +00:00
|
|
|
tls:
|
|
|
|
|
mode: SIMPLE
|
|
|
|
|
privateKey: /etc/istio/ingressgateway-certs/tls.key
|
|
|
|
|
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
|
2020-11-28 23:01:20 +00:00
|
|
|
credentialName: private-ingress-cert
|
2020-08-11 14:09:48 +00:00
|
|
|
- port:
|
|
|
|
|
number: 5672
|
|
|
|
|
name: amqp
|
|
|
|
|
protocol: TCP
|
|
|
|
|
hosts:
|
2020-11-24 14:44:57 +00:00
|
|
|
{{- toYaml (index .Values "istio-private-ingress" "dnsNames") | nindent 4 }}
|
2020-08-11 14:09:48 +00:00
|
|
|
- port:
|
|
|
|
|
number: 5671
|
|
|
|
|
name: amqps
|
|
|
|
|
protocol: TCP
|
|
|
|
|
hosts:
|
2020-11-24 14:44:57 +00:00
|
|
|
{{- toYaml (index .Values "istio-private-ingress" "dnsNames") | nindent 4 }}
|
2020-07-21 17:30:21 +00:00
|
|
|
- port:
|
|
|
|
|
number: 24224
|
|
|
|
|
name: fluentd-forward
|
2020-10-05 10:50:23 +00:00
|
|
|
protocol: TLS
|
2020-07-21 17:30:21 +00:00
|
|
|
hosts:
|
2020-11-24 14:44:57 +00:00
|
|
|
{{- toYaml (index .Values "istio-private-ingress" "dnsNames") | nindent 4 }}
|
2020-10-05 10:50:23 +00:00
|
|
|
tls:
|
|
|
|
|
mode: SIMPLE
|
|
|
|
|
privateKey: /etc/istio/ingressgateway-certs/tls.key
|
|
|
|
|
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
|
2020-11-28 23:01:20 +00:00
|
|
|
credentialName: private-ingress-cert
|
2020-11-21 12:24:57 +00:00
|
|
|
- port:
|
|
|
|
|
number: 6379
|
|
|
|
|
name: redis
|
|
|
|
|
protocol: TCP
|
|
|
|
|
hosts:
|
2020-11-24 14:44:57 +00:00
|
|
|
{{- toYaml (index .Values "istio-private-ingress" "dnsNames") | nindent 4 }}
|
2020-11-21 12:24:57 +00:00
|
|
|
- port:
|
|
|
|
|
number: 6380
|
|
|
|
|
name: redis-1
|
|
|
|
|
protocol: TCP
|
|
|
|
|
hosts:
|
2020-11-24 14:44:57 +00:00
|
|
|
{{- toYaml (index .Values "istio-private-ingress" "dnsNames") | nindent 4 }}
|
2020-08-21 13:17:47 +00:00
|
|
|
{{- end }}
|
