julian/scale-catalog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add an example library

Browse Source
This commit is contained in:
kjeld Schouten-Lebbing
2021-05-08 12:42:35 +02:00
parent cb1c04726c
commit 1e939116ce
37 changed files with 2608 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
library/common/templates/classes/ingress/_externalService.tpl Normal file
View File

@@ -0,0 +1,63 @@
{{- define "common.classes.externalService" -}}
{{- $serviceName := include "common.names.fullname" . -}}
{{- $values := .Values -}}
{{- $svcPort := 80 }}
{{- $ingressService := $.Values }}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.ingress -}}
{{- $values = . -}}
{{- end -}}
{{ end -}}
{{- if hasKey $values "nameSuffix" -}}
{{- $serviceName = printf "%v-%v" $serviceName $values.nameSuffix -}}
{{ end -}}
{{- $svcName := $values.serviceName | default $serviceName -}}
{{- if $values.servicePort }}
{{- $svcPort = $values.servicePort -}}
{{- end }}
apiVersion: v1
kind: Service
metadata:
name: {{ $svcName }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
{{- if eq ( $values.serviceType | default "" ) "HTTPS" }}
traefik.ingress.kubernetes.io/service.serversscheme: https
{{- end }}
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ports:
{{- if eq $values.type "UDP"}}
- protocol: UDP
port: {{ $values.servicePort }}
targetPort: {{ $values.servicePort }}
{{- else }}
- protocol: TCP
port: {{ $values.servicePort }}
targetPort: {{ $values.servicePort }}
{{- end }}
---
apiVersion: v1
kind: Endpoints
metadata:
name: {{ $svcName }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
subsets:
- addresses:
- ip: {{ $values.serviceTarget }}
ports:
- port: {{ $values.servicePort }}
{{- end }}

148
library/common/templates/classes/ingress/_ingress.tpl Normal file
View File

@@ -0,0 +1,148 @@
{{/*
This template serves as a blueprint for all Ingress objects that are created
within the common library.
*/}}
{{- define "common.classes.ingress" -}}
{{- $ingressName := include "common.names.fullname" . -}}
{{- $values := .Values -}}
{{- $svcPort := 80 -}}
{{- $portProtocol := "" -}}
{{- $ingressService := $.Values -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.ingress -}}
{{- $values = . -}}
{{- end -}}
{{ end -}}
{{- if hasKey $values "nameSuffix" -}}
{{- $ingressName = printf "%v-%v" $ingressName $values.nameSuffix -}}
{{- if not $values.servicePort }}
{{- $ingressService := index $.Values.services ( $values.nameSuffix | quote ) }}
{{- if $ingressService.enabled }}
{{- $svcPort = $ingressService.port.port -}}
{{- $portProtocol = $ingressService.port.protocol | default "" }}
{{- else if $.Values.services.main.enabled }}
{{- $svcPort = $.Values.services.main.port.port -}}
{{- $portProtocol = $.Values.services.main.port.protocol | default "" -}}
{{ end -}}
{{ end -}}
{{- else if and ( $.Values.services.main.enabled ) ( not $values.servicePort ) }}
{{- $svcPort = $.Values.services.main.port.port -}}
{{- $portProtocol = $.Values.services.main.port.protocol | default "" -}}
{{ end -}}
{{- $authForwardName := ( printf "%v-%v" $ingressName "auth-forward" ) -}}
{{- $svcName := $values.serviceName | default $ingressName -}}
{{- if $values.dynamicServiceName }}
{{- $dynamicServiceName := printf "%v-%v" .Release.Name $values.dynamicServiceName -}}
{{- $svcName = $dynamicServiceName -}}
{{- end }}
{{- if $values.servicePort }}
{{- $svcPort = $values.servicePort -}}
{{- end }}
{{- if $values.serviceType }}
{{- $portProtocol = $values.serviceType -}}
{{- end }}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ $ingressName }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
{{- if eq $portProtocol "HTTPS" }}
traefik.ingress.kubernetes.io/service.serversscheme: https
{{- end }}
traefik.ingress.kubernetes.io/router.entrypoints: {{ $values.entrypoint | default "websecure" }}
traefik.ingress.kubernetes.io/router.middlewares: traefik-middlewares-chain-public@kubernetescrd{{ if $values.authForwardURL }},{{ printf "%v-%v@%v" .Release.Namespace $authForwardName "kubernetescrd" }}{{ end }}
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }}
{{- if $values.ingressClassName }}
ingressClassName: {{ $values.ingressClassName }}
{{- end }}
{{- end }}
{{- if or ( eq $values.certType "selfsigned") (eq $values.certType "ixcert") }}
tls:
- hosts:
{{- if $values.host}}
- {{ $values.host | quote }}
{{- else }}
{{- range $values.hosts }}
- {{ .host | quote }}
{{- end }}
{{- end }}
{{- if eq $values.certType "ixcert" }}
secretName: {{ $ingressName }}
{{- end }}
{{- end }}
rules:
{{- if $values.host }}
- host: {{ $values.host | quote }}
http:
paths:
- path: {{ $values.path | default "/" }}
{{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $svcName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $svcName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- range $values.hosts }}
- host: {{ .host | quote }}
http:
paths:
- path: {{ .path | default "/" }}
{{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $svcName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $svcName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- if $values.authForwardURL }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $authForwardName }}
spec:
forwardAuth:
address: {{ $values.authForwardURL | quote }}
tls:
insecureSkipVerify: true
trustForwardHeader: true
authResponseHeaders:
- Remote-User
- Remote-Groups
- Remote-Name
- Remote-Email
{{- end }}
{{- end }}

127
library/common/templates/classes/ingress/_ingressRoute.tpl Normal file
View File

@@ -0,0 +1,127 @@
{{/*
This template serves as a blueprint for all ingressRoute objects that are created
within the common library.
*/}}
{{- define "common.classes.ingressRoute" -}}
{{- $ingressName := include "common.names.fullname" . -}}
{{- $values := .Values -}}
{{- $svcPort := 80 }}
{{- $portProtocol := "" }}
{{- $ingressService := $.Values }}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.ingress -}}
{{- $values = . -}}
{{- end -}}
{{ end -}}
{{- if hasKey $values "nameSuffix" -}}
{{- $ingressName = printf "%v-%v" $ingressName $values.nameSuffix -}}
{{- if and ( $.Values.services ) ( not $values.servicePort ) }}
{{- $ingressService := index $.Values.services ( $values.nameSuffix | quote) }}
{{- $svcPort = $ingressService.port.port }}
{{- $portProtocol = $ingressService.port.protocol | default "" }}
{{ end -}}
{{- else if and ( $.Values.services ) ( not $values.servicePort ) }}
{{- $svcPort = $.Values.services.main.port.port }}
{{- $portProtocol = $.Values.services.main.port.protocol | default "" }}
{{ end -}}
{{- $authForwardName := ( printf "%v-%v" $ingressName "auth-forward" ) -}}
{{- $svcName := $values.serviceName | default $ingressName -}}
{{- if $values.servicePort }}
{{- $svcPort = $values.servicePort }}
{{- end }}
{{- if $values.serviceType }}
{{- $portProtocol = $values.serviceType }}
{{- end }}
apiVersion: traefik.containo.us/v1alpha1
{{- if eq $values.type "UDP" }}
kind: IngressRouteUDP
{{- else if eq $values.type "TCP" }}
kind: IngressRouteTCP
{{- else }}
kind: IngressRoute
{{- end }}
metadata:
name: {{ $ingressName }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
entryPoints:
- {{ $values.entrypoint }}
routes:
{{- if eq $values.type "UDP" }}
- services:
- name: {{ $svcName }}
port: {{ $svcPort }}
weight: 10
{{- else if eq $values.type "TCP" }}
- match: HostSNI(`*`)
services:
- name: {{ $svcName }}
port: {{ $svcPort }}
weight: 10
terminationDelay: 400
{{- else }}
- kind: Rule
match: Host(`{{ (index $values.hosts 0).host }}`) && PathPrefix(`{{ (index $values.hosts 0).path | default "/" }}`)
services:
- name: {{ $svcName }}
{{- if $values.serviceKind }}
kind: {{ $values.serviceKind }}
{{- else }}
port: {{ $svcPort }}
{{- end }}
middlewares:
- name: traefik-middlewares-chain-public@kubernetescrd
{{- if $values.authForwardURL }}
- name: "{{ printf "%v-%v@%v" .Release.Namespace $authForwardName "kubernetescrd" }}"
{{- end }}
{{- end }}
{{- if not ( eq $values.type "UDP" ) }}
{{- if or ( eq $values.certType "selfsigned") (eq $values.certType "ixcert") }}
tls:
domains:
- main: {{ (index $values.hosts 0).host }}
sans:
{{- range $values.hosts }}
- {{ .host | quote }}
{{- end }}
{{- if eq $values.certType "ixcert" }}
secretName: {{ $ingressName }}
{{- end }}
passthrough: false
{{- end }}
{{- end }}
{{- if $values.authForwardURL }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $authForwardName }}
spec:
forwardAuth:
address: {{ $values.authForwardURL | quote }}
tls:
insecureSkipVerify: true
trustForwardHeader: true
authResponseHeaders:
- Remote-User
- Remote-Groups
- Remote-Name
- Remote-Email
{{- end }}
{{- end }}