feat: override gateway in packages

cbccb755 · Michael McLeroy · 3c44d1fe · cbccb755 · cbccb755 · cbccb755
Commit cbccb755 authored 3 years ago by Michael McLeroy
--- a/chart/templates/NOTES.txt
+++ b/chart/templates/NOTES.txt
@@ -149,13 +149,4 @@ PLATFORM ONE MATTERMOST WARNING:
  You have enabled enterprise Mattermost in the values configuration, but not provided a license.
  Make sure to go back and edit your values or ensure you add the license through the mattermost settings page.
 {{- end }}
-{{- end }}
-
-{{ if $.Values.addons.keycloak.enabled }}
-PLATFORM ONE KEYCLOAK WARNING:
-  You have enabled keycloak in the values configuration.
-  Core packages are automatically moved to an `admin` subdomain (e.g. prometheus.admin.bigbang.dev).
-  Addons are not accessible and not supported in the same cluster as Keycloak.
-  Keycloak is still in a BETA status.  This means we don't fully recommend it for production workloads quite yet, but will be rolling out support in the near future to move it to STABLE.
-  Specifically, the way that multiple ingressgateways are created and specified within BigBang will make the automatic `admin` creation of core packages obsolete, and will also allow Keycloak to better function alongside other addons.
-{{- end }}
+{{- end }}
\ No newline at end of file
--- a/chart/templates/anchore/values.yaml
+++ b/chart/templates/anchore/values.yaml
@@ -7,12 +7,22 @@ hostname: {{ .Values.hostname }}

 istio:
  enabled: {{ .Values.istio.enabled }}
+  ui:
+    gateways:
+    - istio-system/{{ default "public" .Values.addons.anchore.ingress.gateway }}
+  api:
+    gateways:
+    - istio-system/{{ default "public" .Values.addons.anchore.ingress.gateway }}

 monitoring:
  enabled: {{ .Values.monitoring.enabled }}

 networkPolicies:
  enabled: {{ .Values.networkPolicies.enabled }}
+  ingressLabels:
+    {{- $gateway := (default "public" .Values.addons.anchore.ingress.gateway) }}
+    app: {{ (get .Values.istio.gateways $gateway).ingressGateway }}
+    istio: null

 {{- if and .Values.addons.anchore.enterprise.enabled .Values.addons.anchore.enterprise.licenseYaml }}
 enterpriseLicenseYaml: |

--- a/chart/templates/argocd/values.yaml
+++ b/chart/templates/argocd/values.yaml
@@ -26,6 +26,9 @@ redis-bb:

 istio:
  enabled: {{ .Values.istio.enabled }}
+  argocd:
+    gateways:
+    - istio-system/{{ default "public" .Values.addons.argocd.ingress.gateway }}

 monitoring:
  enabled: {{ .Values.monitoring.enabled }}
@@ -33,6 +36,10 @@ monitoring:
 networkPolicies:
  enabled: {{ .Values.networkPolicies.enabled }}
  controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
+  ingressLabels:
+    {{- $gateway := (default "public" .Values.addons.argocd.ingress.gateway) }}
+    app: {{ (get .Values.istio.gateways $gateway).ingressGateway }}
+    istio: null

 {{- if .Values.addons.argocd.sso.enabled }}
 sso:

--- a/chart/templates/gitlab/values.yaml
+++ b/chart/templates/gitlab/values.yaml
@@ -7,13 +7,23 @@ hostname: {{ .Values.hostname }}

 istio:
  enabled: {{ .Values.istio.enabled }}
+  gitlab:
+    gateways:
+    - istio-system/{{ default "public" .Values.addons.gitlab.ingress.gateway }}
+  registry:
+    gateways:
+    - istio-system/{{ default "public" .Values.addons.gitlab.ingress.gateway }}

 monitoring:
  enabled: {{ .Values.monitoring.enabled }}

 networkPolicies:
  enabled: {{ .Values.networkPolicies.enabled }}
-  
+  ingressLabels:
+    {{- $gateway := (default "public" .Values.addons.gitlab.ingress.gateway) }}
+    app: {{ (get .Values.istio.gateways $gateway).ingressGateway }}
+    istio: null
+
 {{- if .Values.addons.gitlab.database.host }}
 postgresql:
  install: false

--- a/chart/templates/istio/controlplane/values.yaml
+++ b/chart/templates/istio/controlplane/values.yaml
@@ -71,20 +71,4 @@ gateways:
        credentialName: {{ $name }}-cert
        mode: {{ default "SIMPLE" $values.tls.mode }}
 {{- end }}
-
-{{- if .Values.addons.keycloak.enabled }}
-extraServers:
- port:
-    name: https-keycloak
-    protocol: TLS
-    number: 8443
-  hosts:
-    - keycloak.{{ .Values.hostname }}
-  tls:
-    mode: PASSTHROUGH
-
-gateway:
-  hosts:
-    - "*.admin.{{ .Values.hostname }}"
-{{- end }}
-{{- end -}}
+{{- end }}
\ No newline at end of file
--- a/chart/templates/jaeger/values.yaml
+++ b/chart/templates/jaeger/values.yaml
@@ -9,8 +9,9 @@ hostname: {{ .Values.hostname }}
 istio:
  enabled: {{ .Values.istio.enabled }}
  jaeger:
-    hosts:
-    - tracing{{ if .Values.addons.keycloak.enabled }}.admin{{ end }}.{{ .Values.hostname }}
+    gateways:
+    - istio-system/{{ default "public" .Values.jaeger.ingress.gateway }}
+
 monitoring:
  enabled: {{ .Values.monitoring.enabled }}
 elasticsearch:
@@ -25,5 +26,9 @@ jaeger:
        protect: keycloak
 networkPolicies:
  enabled: {{ .Values.networkPolicies.enabled }}
-  controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}        
+  controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
+  ingressLabels:
+    {{- $gateway := (default "public" .Values.jaeger.ingress.gateway) }}
+    app: {{ (get .Values.istio.gateways $gateway).ingressGateway }}
+    istio: null
 {{- end -}}
\ No newline at end of file
--- a/chart/templates/keycloak/values.yaml
+++ b/chart/templates/keycloak/values.yaml
@@ -14,8 +14,16 @@ istio:
  enabled: {{ .Values.istio.enabled }}
  keycloak:
    enabled: true
-    hosts:
-      - keycloak.{{ .Values.hostname }}
+    gateways:
+    - istio-system/{{ default "public" .Values.addons.keycloak.ingress.gateway }}
+
+networkPolicies:
+  enabled: {{ .Values.networkPolicies.enabled }}
+  controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
+  ingressLabels:
+    {{- $gateway := (default "public" .Values.addons.keycloak.ingress.gateway) }}
+    app: {{ (get .Values.istio.gateways $gateway).ingressGateway }}
+    istio: null

 networkPolicies:
  enabled: {{ .Values.networkPolicies.enabled }}

--- a/chart/templates/kiali/values.yaml
+++ b/chart/templates/kiali/values.yaml
@@ -7,8 +7,9 @@ hostname: {{ .Values.hostname }}
 istio:
  enabled: {{ .Values.istio.enabled }}
  kiali:
-    hosts:
-      - kiali{{ if .Values.addons.keycloak.enabled }}.admin{{ end }}.{{ .Values.hostname }}
+    gateways:
+    - istio-system/{{ default "public" .Values.kiali.ingress.gateway }}
+
 monitoring:
  enabled: {{ .Values.monitoring.enabled }}
 elasticsearch:
@@ -38,4 +39,8 @@ cr:
 networkPolicies:
  enabled: {{ .Values.networkPolicies.enabled }}
  controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
+  ingressLabels:
+    {{- $gateway := (default "public" .Values.kiali.ingress.gateway) }}
+    app: {{ (get .Values.istio.gateways $gateway).ingressGateway }}
+    istio: null
 {{- end -}}
--- a/chart/templates/logging/elasticsearch-kibana/values.yaml
+++ b/chart/templates/logging/elasticsearch-kibana/values.yaml
@@ -7,11 +7,15 @@ hostname: {{ .Values.hostname }}
 istio:
  enabled: {{ .Values.istio.enabled }}
  kibana:
-    hosts:
-      - kibana{{ if .Values.addons.keycloak.enabled }}.admin{{ end }}.{{ .Values.hostname }}
+    gateways:
+    - istio-system/{{ default "public" .Values.logging.ingress.gateway }}

 networkPolicies:
  enabled: {{ .Values.networkPolicies.enabled }}
+  ingressLabels:
+    {{- $gateway := (default "public" .Values.logging.ingress.gateway) }}
+    app: {{ (get .Values.istio.gateways $gateway).ingressGateway }}
+    istio: null

 {{- with .Values.logging.sso }}
 {{- if .enabled }}

--- a/chart/templates/mattermost/mattermost/values.yaml
+++ b/chart/templates/mattermost/mattermost/values.yaml
@@ -7,6 +7,9 @@ hostname: {{ .Values.hostname }}

 istio:
  enabled: {{ .Values.istio.enabled }}
+  virtualService:
+    gateways:
+    - istio-system/{{ default "public" .Values.addons.mattermost.ingress.gateway }}

 monitoring:
  enabled: {{ .Values.monitoring.enabled }}
@@ -23,6 +26,10 @@ sso:

 networkPolicies:
  enabled: {{ .Values.networkPolicies.enabled }}
+  ingressLabels:
+    {{- $gateway := (default "public" .Values.addons.mattermost.ingress.gateway) }}
+    app: {{ (get .Values.istio.gateways $gateway).ingressGateway }}
+    istio: null

 global:
  imagePullSecrets:

--- a/chart/templates/minio/minio/values.yaml
+++ b/chart/templates/minio/minio/values.yaml
@@ -7,6 +7,9 @@ hostname: {{ .Values.hostname }}

 istio:
  enabled: {{ .Values.istio.enabled }}
+  minio-console:
+    gateways:
+    - istio-system/{{ default "public" .Values.addons.minio.ingress.gateway }}

 minioRootCreds: minio-root-creds-secret

@@ -15,6 +18,10 @@ monitoring:

 networkPolicies:
  enabled: {{ .Values.networkPolicies.enabled }}
+  ingressLabels:
+    {{- $gateway := (default "public" .Values.addons.minio.ingress.gateway) }}
+    app: {{ (get .Values.istio.gateways $gateway).ingressGateway }}
+    istio: null

 podAnnotations:
  sidecar.istio.io/inject: "true"

--- a/chart/templates/monitoring/values.yaml
+++ b/chart/templates/monitoring/values.yaml
@@ -10,6 +10,10 @@ flux:

 networkPolicies:
  enabled: {{ .Values.networkPolicies.enabled }}
+  ingressLabels:
+    {{- $gateway := (default "public" .Values.monitoring.ingress.gateway) }}
+    app: {{ (get .Values.istio.gateways $gateway).ingressGateway }}
+    istio: null

 istio:
  enabled: {{ .Values.istio.enabled }}
@@ -20,8 +24,8 @@ istio:
    port: 8080
    namespace: authservice
    {{- end }}
-    hosts:
-    - prometheus{{ if .Values.addons.keycloak.enabled }}.admin{{ end }}.{{ .Values.hostname }}
+    gateways:
+    - istio-system/{{ default "public" .Values.monitoring.ingress.gateway }}
  alertmanager:
    enabled: true
    {{- if .Values.monitoring.sso.enabled }}
@@ -29,12 +33,12 @@ istio:
    port: 8080
    namespace: authservice
    {{- end }}
-    hosts:
-    - alertmanager{{ if .Values.addons.keycloak.enabled }}.admin{{ end }}.{{ .Values.hostname }}
+    gateways:
+    - istio-system/{{ default "public" .Values.monitoring.ingress.gateway }}
  grafana:
    enabled: true
-    hosts:
-    - grafana{{ if .Values.addons.keycloak.enabled }}.admin{{ end }}.{{ .Values.hostname }}
+    gateways:
+    - istio-system/{{ default "public" .Values.monitoring.ingress.gateway }}

 global:
  imagePullSecrets:
@@ -51,7 +55,7 @@ grafana:
  grafana.ini:
    {{- if .Values.istio.enabled }}
    server:
-      root_url: https://grafana{{ if .Values.addons.keycloak.enabled }}.admin{{ end }}.{{ .Values.hostname }}/
+      root_url: https://grafana.{{ .Values.hostname }}/
    {{- end }}

    auth:

--- a/chart/templates/nexus-repository-manager/values.yaml
+++ b/chart/templates/nexus-repository-manager/values.yaml
@@ -7,12 +7,19 @@ domain: {{ .Values.hostname }}
 hostname: nexus
 istio:
  enabled: {{ .Values.istio.enabled }}
+  nexus:
+    gateways:
+    - istio-system/{{ default "public" .Values.addons.nexus.ingress.gateway }}

 monitoring:
  enabled: {{ .Values.monitoring.enabled }}

 networkPolicies:
  enabled: {{ .Values.networkPolicies.enabled }}
+  ingressLabels:
+    {{- $gateway := (default "public" .Values.addons.nexus.ingress.gateway) }}
+    app: {{ (get .Values.istio.gateways $gateway).ingressGateway }}
+    istio: null

 nexus:
  imagePullSecrets:

--- a/chart/templates/sonarqube/values.yaml
+++ b/chart/templates/sonarqube/values.yaml
@@ -7,12 +7,19 @@ hostname: {{ .Values.hostname }}

 istio:
  enabled: {{ .Values.istio.enabled }}
+  sonarqube:
+    gateways:
+    - istio-system/{{ default "public" .Values.addons.sonarqube.ingress.gateway }}

 monitoring:
  enabled: {{ .Values.monitoring.enabled }}

 networkPolicies:
  enabled: {{ .Values.networkPolicies.enabled }}
+  ingressLabels:
+    {{- $gateway := (default "public" .Values.addons.sonarqube.ingress.gateway) }}
+    app: {{ (get .Values.istio.gateways $gateway).ingressGateway }}
+    istio: null

 image:
  pullSecret: private-registry

--- a/chart/templates/twistlock/values.yaml
+++ b/chart/templates/twistlock/values.yaml
@@ -14,10 +14,15 @@ imagePullSecrets:

 networkPolicies:
  enabled: {{ .Values.networkPolicies.enabled }}
+  ingressLabels:
+    {{- $gateway := (default "public" .Values.twistlock.ingress.gateway) }}
+    app: {{ (get .Values.istio.gateways $gateway).ingressGateway }}
+    istio: null

 istio:
  enabled: {{ .Values.istio.enabled }}
  console:
-    hosts:
-      - twistlock{{ if .Values.addons.keycloak.enabled }}.admin{{ end }}.{{ .Values.hostname }}
+    gateways:
+    - istio-system/{{ default "public" .Values.twistlock.ingress.gateway }}
+
 {{- end -}}
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -194,6 +194,10 @@ jaeger:
  # -- Flux reconciliation overrides specifically for the Jaeger Package
  flux: {}

+  # Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
+  ingress:
+    gateway: ""
+
  sso:
    # -- Toggle SSO for Jaeger on and off
    enabled: false
@@ -221,6 +225,10 @@ kiali:
  # -- Flux reconciliation overrides specifically for the Kiali Package
  flux: {}

+  # Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
+  ingress:
+    gateway: ""
+
  sso:
    # -- Toggle SSO for Kiali on and off
    enabled: false
@@ -296,6 +304,10 @@ logging:
  flux:
    timeout: 20m

+  # Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
+  ingress:
+    gateway: ""
+
  sso:
    # -- Toggle OIDC SSO for Kibana/Elasticsearch on and off.
    # Enabling this option will auto-create any required secrets.
@@ -366,6 +378,10 @@ monitoring:
  # -- Flux reconciliation overrides specifically for the Monitoring Package
  flux: {}

+  # Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
+  ingress:
+    gateway: ""
+
  sso:
    # -- Toggle SSO for monitoring components on and off
    enabled: false
@@ -419,6 +435,10 @@ twistlock:
  # -- Flux reconciliation overrides specifically for the Twistlock Package
  flux: {}

+  # Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
+  ingress:
+    gateway: ""
+
  # -- Values to passthrough to the twistlock chart: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git
  values: {}

@@ -440,6 +460,10 @@ addons:
    # -- Flux reconciliation overrides specifically for the ArgoCD Package
    flux: {}

+    # Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
+    ingress:
+      gateway: ""
+
    sso:
      # -- Toggle SSO for ArgoCD on and off
      enabled: false
@@ -520,6 +544,10 @@ addons:
    # -- Flux reconciliation overrides specifically for the Minio Package
    flux: {}

+    # Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
+    ingress:
+      gateway: ""
+
    # -- Default access key to use for minio.
    accesskey: ""

@@ -548,6 +576,10 @@ addons:
    # -- Flux reconciliation overrides specifically for the Gitlab Package
    flux: {}

+    # Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
+    ingress:
+      gateway: ""
+
    sso:
      # -- Toggle OIDC SSO for Gitlab on and off.
      # Enabling this option will auto-create any required secrets.
@@ -636,6 +668,10 @@ addons:
    # -- Base64 encoded license file.
    license_key: ""

+    # Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
+    ingress:
+      gateway: ""
+
    sso:
      # -- Toggle SAML SSO for NXRM.
      # -- handles SAML SSO, a Client must be configured in Keycloak or IdP
@@ -688,6 +724,10 @@ addons:
    # -- Flux reconciliation overrides specifically for the Sonarqube Package
    flux: {}

+    # Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
+    ingress:
+      gateway: ""
+
    sso:
      # -- Toggle SAML SSO for SonarQube.
      # Enabling this option will auto-create any required secrets.
@@ -780,6 +820,10 @@ addons:
      licenseYaml: |
        FULL LICENSE

+    # Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
+    ingress:
+      gateway: ""
+
    sso:
      # -- Toggle OIDC SSO for Anchore on and off.
      # Enabling this option will auto-create any required secrets (Note: SSO requires an Enterprise license).
@@ -874,6 +918,10 @@ addons:
      # license: "eyJpZCI6InIxM205bjR3eTdkYjludG95Z3RiOD---REST---IS---HIDDEN
      license: ""

+    # Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
+    ingress:
+      gateway: ""
+
    sso:
      # -- Toggle OIDC SSO for Mattermost on and off.
      # Enabling this option will auto-create any required secrets.
@@ -1005,5 +1053,9 @@ addons:
    # -- Flux reconciliation overrides specifically for the OPA Gatekeeper Package
    flux: {}

+    # Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
+    ingress:
+      gateway: ""
+
    # -- Values to passthrough to the keycloak chart: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak.git
    values: {}