k8s/argo/istio-ingress/templates/istio-ingress.yaml

80 lines
1.6 KiB
YAML

{{ if .Values.istio }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ .Values.name }}-cert
namespace: istio-system
spec:
secretName: {{ .Values.name }}-cert
commonName: {{ .Values.istio.commonName }}
dnsNames:
- {{ .Values.istio.commonName }}
{{- range .Values.istio.sans }}
- {{ . }}
{{- end }}
issuerRef:
name: {{ .Values.istio.issuer }}
kind: ClusterIssuer
group: cert-manager.io
...
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: {{ .Values.name }}-gateway
namespace: {{ .Values.namespace }}
spec:
selector:
istio: {{ .Values.istio.ingressSelector }}
servers:
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
credentialName: {{ .Values.name }}-cert
hosts:
- {{ .Values.istio.commonName }}
{{- range .Values.istio.sans }}
- {{ . }}
{{- end }}
- port:
number: 80
name: http
protocol: HTTP
tls:
httpsRedirect: true
hosts:
- {{ .Values.istio.commonName }}
{{- range .Values.istio.sans }}
- {{ . }}
{{- end }}
...
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: {{ .Values.name }}
namespace: {{ .Values.namespace }}
spec:
hosts:
- {{ .Values.istio.commonName }}
gateways:
- {{ .Values.name }}-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
port:
number: {{ .Values.istio.port }}
host: {{ .Values.istio.backendHost }}
headers:
response:
set:
Strict-Transport-Security: max-age=31536000; includeSubDomains
...
{{ end }}