helmfile.yaml 6.54 KB

Raw Blame History Permalink

environments:
  default:
    values:
      - namespace: default
        gateway: istio-system/cluster-local-gateway
        redirect:
          - hosts:
              - example.com
            target: www.example.com
        proxy:
          - frontend:
              host: www.example.com
              stub: example.com
            backend:
              scheme: https
              host: www.real.example.com
              stub: real.example.com
              address: 8.8.8.8
            authority: www.example.com
            config: |
              server {
                      server_name www.example.com;
                      listen 80;
                      client_max_body_size 5m;
                      error_log  /var/log/nginx/error.log debug;
                      resolver 10.43.0.10;

                      location / {
                              proxy_pass              $http_x_backend_scheme://$http_x_backend_address;
                              proxy_http_version  1.1;
                              proxy_ssl_name          $http_x_backend_host;
                              proxy_cookie_domain     $http_x_backend_stub                            $http_x_frontend_stub;
                              proxy_cookie_domain     $http_x_backend_host                            $http_x_frontend_host;
                              proxy_redirect          $http_x_backend_scheme://$http_x_backend_host/  $http_x_backend_scheme://$http_x_frontend_host/;
                              proxy_set_header        x-envoy-internal "";
                              proxy_set_header        x-request-id "";
                              proxy_set_header        x-envoy-decorator-operation "";
                              proxy_set_header        x-envoy-peer-metadata "";
                              proxy_set_header        x-envoy-peer-metadata-id "";
                              proxy_set_header        x-envoy-attempt-count "";
                              proxy_set_header        x-b3-traceid "";
                              proxy_set_header        x-b3-spanid "";
                              proxy_set_header        x-b3-sampled "";
                              proxy_set_header        x-backend-host "";
                              proxy_set_header        x-backend-stub "";
                              proxy_set_header        x-backend-address "";
                              proxy_set_header        x-frontend-host "";
                              proxy_set_header        x-frontend-stub "";

                              proxy_set_header        Host $http_x_backend_host;
                              proxy_set_header        Accept-Encoding "";
                              sub_filter_types        text/css;
                              sub_filter              https://$http_x_backend_host/                   "https://$http_x_frontend_host/";
                              sub_filter              https%3A%2F%2F$http_x_backend_host%2F           "https:%3A%2F%2F$http_x_frontend_host%2F";
                              sub_filter              https:\/\/$http_x_backend_host\/                "https:\/\/$http_x_frontend_host\/";
                              sub_filter              //$http_x_backend_host/                         "//$http_x_frontend_host/";
                              sub_filter_once         off;
                      }
              }
        versions:
          raw: 1.1.0
          nginx: 1.21
---

repositories:
  - name: bedag
    url: https://bedag.github.io/helm-charts/

releases:
  - name: http-support
    namespace: {{ .Values.namespace }}
    chart: charts/http-support
    dependencies:
      - chart: bedag/raw
        alias: raw
        version: {{ $.Values.versions.raw }}
    values:
      - raw:
          resources:
            {{- range $redirect_index, $redirect := .Values.redirect }}
            - apiVersion: networking.istio.io/v1alpha3
              kind: VirtualService
              metadata:
                name: http-support-redirect-{{ $redirect_index }}-{{ index $redirect.hosts 0 }}
              spec:
                hosts:
                  {{- $redirect.hosts | toYaml | nindent 18 }}
                gateways:
                  - {{ $.Values.gateway }}
                http:
                  - match:
                      - uri:
                          prefix: /
                    redirect:
                      redirectCode: 302
                      authority: {{ $redirect.target }}
            {{- end }}
            - apiVersion: v1
              kind: ConfigMap
              metadata:
                name: http-support-nginx-configs
              data:
                {{- range $proxy_index, $proxy := .Values.proxy }}
                  proxy-{{ $proxy_index }}.conf: |-
                    {{- $proxy.config | nindent 20 }}
                {{- end }}
                  status.conf: |-
                    server {
                            server_name _;
                            listen 80 default;

                            location /status.html {
                                    return 200 'OK';
                                    add_header Content-Type text/plain;
                                    access_log /dev/null;
                            }
                    }
            {{- range $proxy_index, $proxy := .Values.proxy }}
            - apiVersion: networking.istio.io/v1alpha3
              kind: VirtualService
              metadata:
                name: http-support-proxy-{{ $proxy_index }}-{{ index $proxy.frontend.host 0 }}
              spec:
                hosts:
                  - {{ $proxy.frontend.host }}
                gateways:
                  - {{ $.Values.gateway }}
                http:
                  - match:
                      - uri:
                          prefix: /
                    rewrite:
                      authority: {{ $proxy.authority }}
                    route:
                      - destination:
                          port:
                            number: 80
                          host: http-support-proxy
                        headers:
                          request:
                            set:
                              x-frontend-host: {{ $proxy.frontend.host }}
                              x-frontend-stub: {{ $proxy.frontend.stub }}
                              x-backend-host: {{ $proxy.backend.host }}
                              x-backend-stub: {{ $proxy.backend.stub }}
                              x-backend-address: {{ $proxy.backend.address }}
                              x-backend-scheme: {{ $proxy.backend.scheme }}
            {{- end }}