| Giorgi Lekveishvili | ee15ee2 | 2024-03-28 12:35:10 +0400 | [diff] [blame^] | 1 | {{ if .Values.istio.enabled -}} |
| 2 | {{ if and .Values.istio.tls.enabled .Values.istio.tls.secret.create }} |
| 3 | apiVersion: v1 |
| 4 | kind: Secret |
| 5 | metadata: |
| 6 | name: {{ .Release.Name }}-istio-tls-secret |
| 7 | namespace: istio-system |
| 8 | labels: |
| 9 | app.kubernetes.io/component: gerrit-replica |
| 10 | app.kubernetes.io/instance: {{ .Release.Name }} |
| 11 | chart: {{ template "gerrit-replica.chart" . }} |
| 12 | heritage: {{ .Release.Service }} |
| 13 | release: {{ .Release.Name }} |
| 14 | {{- if .Values.additionalLabels }} |
| 15 | {{ toYaml .Values.additionalLabels | indent 4 }} |
| 16 | {{- end }} |
| 17 | type: kubernetes.io/tls |
| 18 | data: |
| 19 | {{ with .Values.istio.tls -}} |
| 20 | tls.crt: {{ .cert | b64enc }} |
| 21 | tls.key: {{ .key | b64enc }} |
| 22 | {{- end }} |
| 23 | {{- end }} |
| 24 | --- |
| 25 | apiVersion: networking.istio.io/v1alpha3 |
| 26 | kind: Gateway |
| 27 | metadata: |
| 28 | name: {{ .Release.Name }}-istio-gateway |
| 29 | labels: |
| 30 | app.kubernetes.io/component: gerrit-replica |
| 31 | app.kubernetes.io/instance: {{ .Release.Name }} |
| 32 | chart: {{ template "gerrit-replica.chart" . }} |
| 33 | heritage: {{ .Release.Service }} |
| 34 | release: {{ .Release.Name }} |
| 35 | {{- if .Values.additionalLabels }} |
| 36 | {{ toYaml .Values.additionalLabels | indent 4 }} |
| 37 | {{- end }} |
| 38 | spec: |
| 39 | selector: |
| 40 | istio: ingressgateway |
| 41 | servers: |
| 42 | - port: |
| 43 | number: 80 |
| 44 | name: http |
| 45 | protocol: HTTP |
| 46 | hosts: |
| 47 | - {{ .Values.istio.host }} |
| 48 | {{ if .Values.istio.tls.enabled }} |
| 49 | tls: |
| 50 | httpsRedirect: true |
| 51 | - port: |
| 52 | number: 443 |
| 53 | name: https |
| 54 | protocol: HTTPS |
| 55 | hosts: |
| 56 | - {{ .Values.istio.host }} |
| 57 | tls: |
| 58 | mode: SIMPLE |
| 59 | {{ if .Values.istio.tls.secret.create }} |
| 60 | credentialName: {{ .Release.Name }}-istio-tls-secret |
| 61 | {{- else }} |
| 62 | credentialName: {{ .Values.istio.tls.secret.name }} |
| 63 | {{- end }} |
| 64 | {{- end }} |
| 65 | {{ if .Values.istio.ssh.enabled }} |
| 66 | - port: |
| 67 | number: 29418 |
| 68 | name: ssh |
| 69 | protocol: TCP |
| 70 | hosts: |
| 71 | - {{ .Values.istio.host }} |
| 72 | {{- end }} |
| 73 | --- |
| 74 | apiVersion: networking.istio.io/v1alpha3 |
| 75 | kind: VirtualService |
| 76 | metadata: |
| 77 | name: {{ .Release.Name }}-istio-virtual-service |
| 78 | labels: |
| 79 | app.kubernetes.io/component: gerrit-replica |
| 80 | app.kubernetes.io/instance: {{ .Release.Name }} |
| 81 | chart: {{ template "gerrit-replica.chart" . }} |
| 82 | heritage: {{ .Release.Service }} |
| 83 | release: {{ .Release.Name }} |
| 84 | {{- if .Values.additionalLabels }} |
| 85 | {{ toYaml .Values.additionalLabels | indent 4 }} |
| 86 | {{- end }} |
| 87 | spec: |
| 88 | hosts: |
| 89 | - {{ .Values.istio.host }} |
| 90 | gateways: |
| 91 | - {{ .Release.Name }}-istio-gateway |
| 92 | http: |
| 93 | - name: apache-git-http-backend |
| 94 | match: |
| 95 | - uri: |
| 96 | prefix: "/a/projects/" |
| 97 | - uri: |
| 98 | regex: "/.*/git-receive-pack" |
| 99 | - uri: |
| 100 | regex: "/.*/info/refs" |
| 101 | queryParams: |
| 102 | service: |
| 103 | exact: git-receive-pack |
| 104 | route: |
| 105 | - destination: |
| 106 | host: {{ .Release.Name }}-git-backend-service.{{ .Release.Namespace }}.svc.cluster.local |
| 107 | port: |
| 108 | number: 80 |
| 109 | - name: gerrit-replica |
| 110 | route: |
| 111 | - destination: |
| 112 | host: {{ .Release.Name }}-gerrit-replica-service.{{ .Release.Namespace }}.svc.cluster.local |
| 113 | port: |
| 114 | number: 80 |
| 115 | {{ if .Values.istio.ssh.enabled }} |
| 116 | tcp: |
| 117 | - match: |
| 118 | - port: {{ .Values.gerritReplica.service.ssh.port }} |
| 119 | route: |
| 120 | - destination: |
| 121 | host: {{ .Release.Name }}-gerrit-replica-service.{{ .Release.Namespace }}.svc.cluster.local |
| 122 | port: |
| 123 | number: {{ .Values.gerritReplica.service.ssh.port }} |
| 124 | {{- end }} |
| 125 | --- |
| 126 | apiVersion: networking.istio.io/v1alpha3 |
| 127 | kind: DestinationRule |
| 128 | metadata: |
| 129 | name: {{ .Release.Name }}-gerrit-destination-rule |
| 130 | labels: |
| 131 | app.kubernetes.io/component: gerrit-replica |
| 132 | app.kubernetes.io/instance: {{ .Release.Name }} |
| 133 | chart: {{ template "gerrit-replica.chart" . }} |
| 134 | heritage: {{ .Release.Service }} |
| 135 | release: {{ .Release.Name }} |
| 136 | {{- if .Values.additionalLabels }} |
| 137 | {{ toYaml .Values.additionalLabels | indent 4 }} |
| 138 | {{- end }} |
| 139 | spec: |
| 140 | host: {{ .Release.Name }}-gerrit-replica-service.{{ .Release.Namespace }}.svc.cluster.local |
| 141 | trafficPolicy: |
| 142 | loadBalancer: |
| 143 | simple: LEAST_CONN |
| 144 | {{- end }} |