80 lines
1.6 KiB
YAML
80 lines
1.6 KiB
YAML
{{ if .Values.istio }}
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: {{ .Values.name }}-cert
|
|
namespace: istio-system
|
|
spec:
|
|
secretName: {{ .Values.name }}-cert
|
|
commonName: {{ .Values.istio.commonName }}
|
|
dnsNames:
|
|
- {{ .Values.istio.commonName }}
|
|
{{- range .Values.istio.sans }}
|
|
- {{ . }}
|
|
{{- end }}
|
|
issuerRef:
|
|
name: {{ .Values.istio.issuer }}
|
|
kind: ClusterIssuer
|
|
group: cert-manager.io
|
|
...
|
|
---
|
|
apiVersion: networking.istio.io/v1beta1
|
|
kind: Gateway
|
|
metadata:
|
|
name: {{ .Values.name }}-gateway
|
|
namespace: {{ .Values.namespace }}
|
|
spec:
|
|
selector:
|
|
istio: {{ .Values.istio.ingressSelector }}
|
|
servers:
|
|
- port:
|
|
number: 443
|
|
name: https
|
|
protocol: HTTPS
|
|
tls:
|
|
mode: SIMPLE
|
|
credentialName: {{ .Values.name }}-cert
|
|
hosts:
|
|
- {{ .Values.istio.commonName }}
|
|
{{- range .Values.istio.sans }}
|
|
- {{ . }}
|
|
{{- end }}
|
|
- port:
|
|
number: 80
|
|
name: http
|
|
protocol: HTTP
|
|
tls:
|
|
httpsRedirect: true
|
|
hosts:
|
|
- {{ .Values.istio.commonName }}
|
|
{{- range .Values.istio.sans }}
|
|
- {{ . }}
|
|
{{- end }}
|
|
...
|
|
---
|
|
apiVersion: networking.istio.io/v1beta1
|
|
kind: VirtualService
|
|
metadata:
|
|
name: {{ .Values.name }}
|
|
namespace: {{ .Values.namespace }}
|
|
spec:
|
|
hosts:
|
|
- {{ .Values.istio.commonName }}
|
|
gateways:
|
|
- {{ .Values.name }}-gateway
|
|
http:
|
|
- match:
|
|
- uri:
|
|
prefix: /
|
|
route:
|
|
- destination:
|
|
port:
|
|
number: {{ .Values.istio.port }}
|
|
host: {{ .Values.istio.backendHost }}
|
|
headers:
|
|
response:
|
|
set:
|
|
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
...
|
|
{{ end }}
|