Patch gateway hosts

4eecaa7b · Tim Seagren · Ryan Garcia · 6e389eb4 · 4eecaa7b · 4eecaa7b
Commit 4eecaa7b authored 3 years ago by Tim Seagren Committed by Ryan Garcia 3 years ago
--- a/chart/templates/NOTES.txt
+++ b/chart/templates/NOTES.txt
-Thank you for supporting PlatformOne! 
+Thank you for supporting PlatformOne!

 {{ if $.Values.addons.gitlab.enabled }}
 Gitlab is enabled.
-Please follow the Gitlab online documentation for proper configuration. 
+Please follow the Gitlab online documentation for proper configuration.
 This BigBang chart provides convenient enhancements to the Gitlab Package helm chart.
 If you enable these features certain settings will be defaulted for you and any required secrets will be automatically created.
 You should point to your cloud provider's RDS and object storage.
@@ -35,7 +35,7 @@ addons:
      bucketPrefix: prod

 {{ if $.Values.addons.gitlab.objectStorage.endpoint }}
-GITLAB: You have enabled Gitlab external object storage. 
+GITLAB: You have enabled Gitlab external object storage.
 Here is the list of buckets that you must provision in your s3 service:
 {{- if .Values.addons.gitlab.objectStorage.bucketPrefix }}
 {{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-registry
@@ -74,7 +74,7 @@ PLATFORM ONE GITLAB WARNING:

 {{ if $.Values.addons.gitlab.objectStorage.endpoint }}
 {{ else }}
-PLATFORM ONE GITLAB WARNING: 
+PLATFORM ONE GITLAB WARNING:
  You have enabled a MinIO internal service in the BigBang configuration.
  PlatformOne does not support this option for production deployments because your persistent data can be permanently lost.
  This option should only be used for development or CI pipelines.
@@ -129,8 +129,8 @@ PLATFORM ONE LOGGING WARNING:
 {{- if and (or $.Values.promtail.enabled $.Values.loki.enabled) .Values.logging.enabled }}
 PLATFORM ONE LOGGING WARNING:
  You have enabled both promtail/loki and efk logging.  This is permitted during beta testing of promtail/loki.
-  After the beta period, only one logging stack will be supported at one time, with the PLG stack becoming the default supported stack. 
-{{- end }}  
+  After the beta period, only one logging stack will be supported at one time, with the PLG stack becoming the default supported stack.
+{{- end }}

 {{- if $.Values.addons.mattermost.enabled }}
 Mattermost is enabled.
@@ -159,7 +159,7 @@ PLATFORM ONE MATTERMOST WARNING:

 {{- if .Values.hostname }}
 DEPRECATION NOTICE:
-  The top level yaml key "hostname" has been deprecated and replaced with "domain". 
+  The top level yaml key "hostname" has been deprecated and replaced with "domain".
  Please update your values override to use the "domain" key.
 {{- end }}

--- a/chart/templates/istio/controlplane/secret-tls.yaml
+++ b/chart/templates/istio/controlplane/secret-tls.yaml
@@ -6,7 +6,29 @@ For backwards compatibility, get key/cert from .Values.istio.ingress
 {{- $default := .Values.istio.ingress | default dict -}}

 {{- range $name, $values := .Values.istio.gateways }}
-{{- if or (and (dig "tls" "cert" "" $values) (dig "tls" "key" "" $values)) (and $default.cert $default.key) }}
+{{- if $values.servers }}
+{{- range $index, $servervalues := $values.servers }}
+{{- if or (and (dig "tls" "cert" "" $servervalues) (dig "tls" "key" "" $servervalues)) (and $default.cert $default.key) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%d-%s-cert" $index $name }}
+  namespace: istio-system
+  labels:
+    app.kubernetes.io/name: istio-controlplane
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" $ | nindent 4}}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ default $default.cert $servervalues.tls.cert | b64enc }}
+  tls.key: {{ default $default.key $servervalues.tls.key | b64enc }}
+---
+{{- end }}
+{{- end }}
+{{/*
+For backwards compatibility, get certificate and key from .Values.istio.gateways.<gateway>.tls
+*/}}
+{{- else if or (and (dig "tls" "cert" "" $values) (dig "tls" "key" "" $values)) (and $default.cert $default.key) }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -24,4 +46,4 @@ data:
 {{- end }}
 {{- end }}

-{{- end }}
\ No newline at end of file
+{{- end }}
--- a/chart/templates/istio/controlplane/values.yaml
+++ b/chart/templates/istio/controlplane/values.yaml
@@ -69,8 +69,24 @@ gateways:
    autoHttpRedirect:
      enabled: {{ dig "autoHttpRedirect" "enabled" "true" $values }}
    servers:
-      {{- if ($values.ports) }}
-        {{- range $values.ports }}
+    {{- if $values.servers }}
+      {{- range $index, $servervalues := $values.servers}}
+    - hosts:
+      {{- tpl ( $servervalues.hosts | default (list) | toYaml) $ | nindent 8 }}
+      port:
+      {{- if $servervalues.port }}
+      {{- tpl ( $servervalues.port | default (dict) | toYaml) $ | nindent 8 }}
+      {{- else }}
+        name: https
+        number: 8443
+        protocol: HTTPS
+      {{- end }}
+      tls:
+        credentialName: {{ $index }}-{{ $name }}-cert
+        mode: {{ dig "tls" "mode" "SIMPLE" $servervalues }}
+      {{- end }}
+    {{- else if ($values.ports) }}
+    {{- range $values.ports }}
    - hosts:
      {{- tpl ($values.hosts | default (list) | toYaml) $ | nindent 8 }}
      port:
@@ -78,8 +94,8 @@ gateways:
      tls:
        credentialName: {{ $name }}-cert
        mode: {{ dig "tls" "mode" "SIMPLE" $values }}
-        {{- end }}
-      {{ else }}
+    {{- end }}
+    {{- else }}
    - hosts:
      {{- tpl ($values.hosts | default (list) | toYaml) $ | nindent 8 }}
      port:
@@ -89,8 +105,9 @@ gateways:
      tls:
        credentialName: {{ $name }}-cert
        mode: {{ dig "tls" "mode" "SIMPLE" $values }}
-      {{- end }}
-{{- end }}
+    {{- end }}
+    {{- end }}
+
 {{- end }}

 {{- define "istio.ingressgateway.k8s" -}}

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -183,6 +183,40 @@ istio:
    # passthrough:
    #   ingressGateway: "passthrough-ingressgateway"
    #   hosts:
+
+    ####
+    # Alternate multi-server configuration method
+    ####
+    # private:
+    #   ingressGateway: "private-ingressgateway"
+    #   servers:
+    #   - hosts:
+    #     - "example.bigbang.dev"
+    #     port:
+    #       name: tls-1
+    #       number: 1234
+    #       protocol: TCP
+    #   # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
+    #     autoHttpRedirect:
+    #       enabled: false
+    #     tls:
+    #       key: ""
+    #       cert: ""
+    #   - hosts:
+    #     - "example.bigbang.dev"
+    #     port:
+    #       name: tls-2
+    #       number: 5678
+    #       protocol: TCP
+    #   # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
+    #     autoHttpRedirect:
+    #       enabled: false
+    #     tls:
+    #       key: ""
+    #       cert: ""
+    # passthrough:
+    #   ingressGateway: "passthrough-ingressgateway"
+    #   hosts:
    #   - "*.{{ .Values.domain }}"
    #   # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
    #   autoHttpRedirect: