Skip to content

brainfood / k8s-helmfiles

Go to a project
Toggle navigation
Toggle navigation pinning
ac883b33 by Adam Heath
Options

There are now 2 gateway-api-gateways(http/https); add explicit gateway 

support to http-support, and handle $scheme better.
1 parent 1728a8f8
Inline Side-by-side
Showing 4 changed files with 52 additions and 15 deletions
1 apiVersion: gateway.networking.k8s.io/v1beta1 1 apiVersion: gateway.networking.k8s.io/v1beta1
2 kind: Gateway 2 kind: Gateway
3 metadata: 3 metadata:
4 name: gateway 4 name: gateway-http
5 spec: 5 spec:
6 gatewayClassName: istio 6 gatewayClassName: istio
7 listeners: 7 listeners:
8 - name: http-all 8 - name: http-all
9 port: 80 9 port: 80
10 protocol: HTTP 10 protocol: HTTP
11 ---
12 apiVersion: gateway.networking.k8s.io/v1beta1
13 kind: Gateway
14 metadata:
15 name: gateway-https
16 spec:
17 gatewayClassName: istio
18 listeners:
11 - name: https-base 19 - name: https-base
12 protocol: HTTPS 20 protocol: HTTPS
13 port: 443 21 port: 443
......
...@@ -38,22 +38,32 @@ releases: ...@@ -38,22 +38,32 @@ releases:
38 group: gateway.networking.k8s.io 38 group: gateway.networking.k8s.io
39 kind: Gateway 39 kind: Gateway
40 namespace: {{ .Values.namespace }} 40 namespace: {{ .Values.namespace }}
41 name: {{ .Values.name }}-gateway 41 name: {{ .Values.name }}-gateway-http
42 patch: 42 patch:
43 - op: replace 43 - op: replace
44 path: /spec/gatewayClassName 44 path: /spec/gatewayClassName
45 value: {{ .Values.gatewayClassName }} 45 value: {{ .Values.gatewayClassName }}
46 - target:
47 version: v1beta1
48 group: gateway.networking.k8s.io
49 kind: Gateway
50 namespace: {{ .Values.namespace }}
51 name: {{ .Values.name }}-gateway-https
52 patch:
46 - op: replace 53 - op: replace
47 path: /spec/listeners/1/hostname 54 path: /spec/gatewayClassName
55 value: {{ .Values.gatewayClassName }}
56 - op: replace
57 path: /spec/listeners/0/hostname
48 value: {{ .Values.base.domain }} 58 value: {{ .Values.base.domain }}
49 - op: replace 59 - op: replace
50 path: /spec/listeners/1/tls/certificateRefs/0/name 60 path: /spec/listeners/0/tls/certificateRefs/0/name
51 value: {{ .Values.name }}-exact-cert 61 value: {{ .Values.name }}-exact-cert
52 - op: replace 62 - op: replace
53 path: /spec/listeners/2/hostname 63 path: /spec/listeners/1/hostname
54 value: "*.{{ .Values.base.domain }}" 64 value: "*.{{ .Values.base.domain }}"
55 - op: replace 65 - op: replace
56 path: /spec/listeners/2/tls/certificateRefs/0/name 66 path: /spec/listeners/1/tls/certificateRefs/0/name
57 value: {{ .Values.name }}-subs-cert 67 value: {{ .Values.name }}-subs-cert
58 - target: 68 - target:
59 version: v1 69 version: v1
......
1 namespace: default 1 namespace: default
2 istio: 2 istio:
3 enabled: true 3 enabled: true
4 gateway: istio-system/cluster-local-gateway
5 gatewayAPI: 4 gatewayAPI:
6 enabled: false 5 enabled: false
7 gateway: gateway
8 redirect: 6 redirect:
9 - hosts: 7 - hosts:
10 - example.com 8 - example.com
11 target: www.example.com 9 target: www.example.com
10 scheme: https
11 istio:
12 gateway: istio-system/cluster-local-gateway
13 gatewayAPI:
14 gateway: gateway-http
15 - hosts:
16 - "*"
17 scheme: https
18 istio:
19 gateway: istio-system/cluster-local-gateway
20 gatewayAPI:
21 gateway: gateway-http
12 proxy: 22 proxy:
13 - frontend: 23 - frontend:
14 host: www.example.com 24 host: www.example.com
...@@ -19,6 +29,10 @@ proxy: ...@@ -19,6 +29,10 @@ proxy:
19 stub: real.example.com 29 stub: real.example.com
20 address: 8.8.8.8 30 address: 8.8.8.8
21 authority: www.example.com 31 authority: www.example.com
32 istio:
33 gateway: istio-system/cluster-local-gateway
34 gatewayAPI:
35 gateway: gateway-https
22 config: | 36 config: |
23 server { 37 server {
24 server_name www.example.com; 38 server_name www.example.com;
......
...@@ -19,6 +19,8 @@ releases: ...@@ -19,6 +19,8 @@ releases:
19 - raw: 19 - raw:
20 resources: 20 resources:
21 {{- range $redirect_index, $redirect := .Values.redirect }} 21 {{- range $redirect_index, $redirect := .Values.redirect }}
22 {{- $scheme := $redirect | get "scheme" "http" }}
23 {{- $target := $redirect | get "target" "" }}
22 {{- if $.Values.istio.enabled }} 24 {{- if $.Values.istio.enabled }}
23 - apiVersion: networking.istio.io/v1alpha3 25 - apiVersion: networking.istio.io/v1alpha3
24 kind: VirtualService 26 kind: VirtualService
...@@ -28,14 +30,16 @@ releases: ...@@ -28,14 +30,16 @@ releases:
28 hosts: 30 hosts:
29 {{- $redirect.hosts | toYaml | nindent 20 }} 31 {{- $redirect.hosts | toYaml | nindent 20 }}
30 gateways: 32 gateways:
31 - {{ $.Values.istio.gateway }} 33 - {{ $redirect.istio.gateway }}
32 http: 34 http:
33 - match: 35 - match:
34 - uri: 36 - uri:
35 prefix: / 37 prefix: /
36 redirect: 38 redirect:
37 redirectCode: 302 39 redirectCode: 302
38 authority: {{ $redirect.target }} 40 authority: {{ $target }}
41 scheme: {{ $scheme }}
42 derivePort: FROM_PROTOCOL_DEFAULT
39 {{- end }} 43 {{- end }}
40 {{- if $.Values.gatewayAPI.enabled }} 44 {{- if $.Values.gatewayAPI.enabled }}
41 - apiVersion: gateway.networking.k8s.io/v1beta1 45 - apiVersion: gateway.networking.k8s.io/v1beta1
...@@ -44,7 +48,7 @@ releases: ...@@ -44,7 +48,7 @@ releases:
44 name: http-support-redirect-{{ $redirect_index }}-{{ index $redirect.hosts 0 }} 48 name: http-support-redirect-{{ $redirect_index }}-{{ index $redirect.hosts 0 }}
45 spec: 49 spec:
46 parentRefs: 50 parentRefs:
47 - name: {{ $.Values.gatewayAPI.gateway }} 51 - name: {{ $redirect.gatewayAPI.gateway }}
48 hostnames: 52 hostnames:
49 {{- $redirect.hosts | toYaml | nindent 20 }} 53 {{- $redirect.hosts | toYaml | nindent 20 }}
50 rules: 54 rules:
...@@ -55,9 +59,10 @@ releases: ...@@ -55,9 +59,10 @@ releases:
55 filters: 59 filters:
56 - type: RequestRedirect 60 - type: RequestRedirect
57 requestRedirect: 61 requestRedirect:
58 scheme: https 62 scheme: {{ $scheme }}
59 statusCode: 302 63 statusCode: 302
60 hostname: {{ $redirect.target }} 64 hostname: {{ $target }}
65 port: {{ if eq $scheme "https" }}443{{ else }}80{{ end }}
61 {{- end }} 66 {{- end }}
62 {{- end }} 67 {{- end }}
63 - apiVersion: v1 68 - apiVersion: v1
...@@ -90,7 +95,7 @@ releases: ...@@ -90,7 +95,7 @@ releases:
90 hosts: 95 hosts:
91 - {{ $proxy.frontend.host }} 96 - {{ $proxy.frontend.host }}
92 gateways: 97 gateways:
93 - {{ $.Values.istio.gateway }} 98 - {{ $proxy.istio.gateway }}
94 http: 99 http:
95 - match: 100 - match:
96 - uri: 101 - uri:
...@@ -119,7 +124,7 @@ releases: ...@@ -119,7 +124,7 @@ releases:
119 name: http-support-proxy-{{ $proxy_index }}-{{ index $proxy.frontend.host 0 }} 124 name: http-support-proxy-{{ $proxy_index }}-{{ index $proxy.frontend.host 0 }}
120 spec: 125 spec:
121 parentRefs: 126 parentRefs:
122 - name: {{ $.Values.gatewayAPI.gateway }} 127 - name: {{ $proxy.gatewayAPI.gateway }}
123 hostnames: 128 hostnames:
124 - {{ $proxy.frontend.host }} 129 - {{ $proxy.frontend.host }}
125 rules: 130 rules:
......