helmfile.yaml
3.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
bases:
- ../common/environments.yaml
---
repositories:
- name: istio
url: https://istio-release.storage.googleapis.com/charts
- name: bedag
url: https://bedag.github.io/helm-charts/
releases:
- name: istio-gateway-{{ .Values.name }}
namespace: istio-ingress
chart: bedag/raw
version: {{ $.Values.version.raw }}
disableValidationOnInstall: true
dependencies:
- chart: istio/gateway
alias: gateway
version: {{ $.Values.version.istio }}
values:
- gateway: {}
resources:
- apiVersion: v1
kind: ConfigMap
metadata:
name: istio-gateway-foo-{{ .Values.name }}
data:
foo: "bar"
{{- range $gateway_index, $gateway := .Values.gateways }}
- apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: istio-gateway-{{ $gateway.name }}
spec:
selector:
app: istio-gateway-{{ $.Values.name }}
istio: gateway-{{ $.Values.name }}
servers:
{{- range $host_index, $host := $gateway.hosts }}
- port:
name: http-{{ $host.name }}
number: 80
protocol: HTTP
hosts:
- {{ $host.name | quote }}
{{- if hasKey $host "tls" }}
- port:
name: https-{{ $host.name }}
number: 443
protocol: HTTPS
hosts:
- {{ $host.name | quote }}
tls:
# TODO: Switch certs based on wildcard or not
{{- if hasKey $host.tls "certRef" }}
credentialName: {{ $host.tls.certRef | quote }}
{{- else if hasPrefix "*." $host.name }}
credentialName: istio-gateway-wildcardcert-{{ $host.name | replace "*." "" }}
{{- else }}
credentialName: istio-gateway-cert-{{ $host.name }}
{{- end }}
mode: {{ $host.tls.mode | quote }}
{{- end }}
{{- end }}
{{- range $host_index, $host := $gateway.hosts }}
{{- if hasKey $host "tls" }}
{{- if not (hasKey $host.tls "certRef") }}
- apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
namespace: istio-ingress
{{- if hasPrefix "*." $host.name }}
name: istio-gateway-wildcardcert-{{ $host.name | replace "*." "" }}
{{- else }}
name: istio-gateway-cert-{{ $host.name }}
{{- end }}
spec:
{{- if hasPrefix "*." $host.name }}
secretName: istio-gateway-wildcardcert-{{ $host.name | replace "*i." "" }}
{{- else }}
secretName: istio-gateway-cert-{{ $host.name }}
{{- end }}
dnsNames:
- {{ $host.name | quote }}
issuerRef: {{ $host.tls.issuerRef | toYaml | nindent 18 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
---