{{- if and (index .Values "istio-ingress" "enabled") (index .Values "istio-ingress" "certificates") }}
# https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/#configure-a-tls-ingress-gateway-for-multiple-hosts

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: ingressgateway
  namespace: {{ .Release.Namespace }}
  labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP2
    hosts:
    {{- range $cert := (index .Values "istio-ingress" "certificates") }}
    {{- toYaml $cert.dnsNames | nindent 4 }}
    {{- end }}
    tls:
      httpsRedirect: true
  {{- range $cert := (index .Values "istio-ingress" "certificates") }}
  - port:
      number: 443
      name: https
      protocol: HTTPS
    hosts:
    {{- toYaml $cert.dnsNames | nindent 4 }}
    tls:
      mode: SIMPLE
      credentialName: {{ $cert.name }}
  {{- end }}
{{- end }}

{{- if and (index .Values "istio-private-ingress" "enabled") (index .Values "istio-private-ingress" "certificates") }}
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: private-ingressgateway
  namespace: {{ .Release.Namespace }}
  labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
spec:
  selector:
    istio: private-ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP2
    hosts:
    {{- range $certs := (index .Values "istio-private-ingress" "certificates") }}
    {{- toYaml $certs.dnsNames | nindent 4 }}
    {{- end }}
    tls:
      httpsRedirect: true
  # All SSL hosts one entry per ingress-certificate
  {{- range $cert := (index .Values "istio-private-ingress" "certificates") }}
  - port:
      number: 443
      name: https
      protocol: HTTPS
    hosts:
    {{- toYaml $cert.dnsNames | nindent 4 }}
    tls:
      mode: SIMPLE
      credentialName: {{ $cert.name }}
  - port:
      number: 24224
      name: fluentd-forward
      protocol: TLS
    hosts:
    {{- toYaml $cert.dnsNames | nindent 4 }}
    tls:
      mode: SIMPLE
      credentialName: {{ $cert.name }}
  {{- end }}
  - port:
      number: 5672
      name: amqp
      protocol: TCP
    hosts:
    {{- range $certs := (index .Values "istio-private-ingress" "certificates") }}
    {{- toYaml $certs.dnsNames | nindent 4 }}
    {{- end }}
  - port:
      number: 5671
      name: amqps
      protocol: TCP
    hosts:
    {{- range $certs := (index .Values "istio-private-ingress" "certificates") }}
    {{- toYaml $certs.dnsNames | nindent 4 }}
    {{- end }}
  - port:
      number: 6379
      name: redis
      protocol: TCP
    hosts:
    {{- range $certs := (index .Values "istio-private-ingress" "certificates") }}
    {{- toYaml $certs.dnsNames | nindent 4 }}
    {{- end }}
  - port:
      number: 6380
      name: redis-1
      protocol: TCP
    hosts:
    {{- range $certs := (index .Values "istio-private-ingress" "certificates") }}
    {{- toYaml $certs.dnsNames | nindent 4 }}
    {{- end }}
{{- end }}