{{- if .Values.istio.enabled }}
{{- include "values-secret" (dict "root" $ "package" .Values.istio "name" "istio" "defaults" (include "bigbang.defaults.istio" .)) }}
{{- end }}

{{- define "bigbang.defaults.istio" -}}
# hostname is deprecated and replaced with domain. But if hostname exists then use it.
{{- $domainName := default .Values.domain .Values.hostname }}
domain: {{ $domainName }}

tracing:
  enabled:  {{ .Values.jaeger.enabled }}

imagePullSecrets:
  - private-registry

openshift: {{ .Values.openshift }}

authservice:
  enabled: {{ or .Values.addons.authservice.enabled .Values.monitoring.sso.enabled .Values.jaeger.sso.enabled }}

monitoring:
  enabled: {{ .Values.monitoring.enabled }}

networkPolicies:
  enabled: {{ .Values.networkPolicies.enabled }}
  controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}

{{- if .Values.istio.ingressGateways }}
ingressGateways:
  istio-ingressgateway:
    enabled: false
{{- end }}

{{- range $name, $values := .Values.istio.ingressGateways }}
  {{ $name | nindent 2 }}:
    {{- toYaml (merge (dict "k8s" $values.kubernetesResourceSpec) (fromYaml (include "istio.ingressgateway.k8s" $values))) | nindent 4 }}
    {{- if $values.extraLabels }} 
    {{- toYaml (dict "extraLabels" $values.extraLabels) | nindent 4 }}
    {{- end}}
{{- end }}

{{- if .Values.istio.gateways }}
gateways:
  main: null
{{- end }}
{{- range $name, $values := .Values.istio.gateways }}
  {{ $name | nindent 2 }}:
    selector:
      app: {{ $values.ingressGateway }}
    autoHttpRedirect:
      enabled: {{ dig "autoHttpRedirect" "enabled" "true" $values }}
    servers:
      {{- if ($values.ports) }}
        {{- range $values.ports }}
    - hosts:
      {{- tpl ($values.hosts | default (list) | toYaml) $ | nindent 8 }}
      port:
      {{- tpl ( . | default (list) | toYaml) $ | nindent 8 }}
      tls:
        credentialName: {{ $name }}-cert
        mode: {{ dig "tls" "mode" "SIMPLE" $values }}
        {{- end }}
      {{ else }} 
    - hosts:
      {{- tpl ($values.hosts | default (list) | toYaml) $ | nindent 8 }} 
      port:
        name: https
        number: 8443
        protocol: HTTPS
      tls:
        credentialName: {{ $name }}-cert
        mode: {{ dig "tls" "mode" "SIMPLE" $values }}
      {{- end }}  
{{- end }}
{{- end }}

{{- define "istio.ingressgateway.k8s" -}}
k8s:
  service:
    type: {{ .type }}
    {{- if .nodePortBase }}
    ports: # Pulled from Istio gateway defaults (https://github.com/istio/istio/blob/master/manifests/charts/gateways/istio-ingress/values.yaml)
    # Ports default to "protocol: TCP" and "targetPort = port"
    # AWS ELB will by default perform health checks on the first port on this list. https://github.com/istio/istio/issues/12503
    - port: 15021
      name: status-port
      nodePort: {{ add .nodePortBase 0 }}
    - port: 80
      targetPort: 8080
      name: http2
      nodePort: {{ add .nodePortBase 1 }}
    - port: 443
      targetPort: 8443
      name: https
      nodePort: {{ add .nodePortBase 2 }}
    # SNI Routing port
    - port: 15443
      name: tls
      nodePort: {{ add .nodePortBase 3 }}
    {{- end }}
{{- end }}