rancher-partner-charts/charts/kasten/k10/6.0.201/templates/gateway.yaml

{{- $container_port := .Values.service.internalPort -}}
{{- $service_port := .Values.service.externalPort -}}
{{- $admin_port := default 8877 .Values.service.gatewayAdminPort -}}
---
apiVersion: v1
kind: Service
metadata:
  namespace: {{ $.Release.Namespace }}
  labels:
    service: gateway
{{ include "helm.labels" . | indent 4 }}
  name: gateway
  annotations:
    getambassador.io/config: |
      ---
      apiVersion: getambassador.io/v3alpha1
      kind:  AuthService
      name:  authentication
      auth_service: "auth-svc:8000"
      path_prefix: "/v0/authz"
      ambassador_id: [ {{ include "k10.ambassadorId" . }} ]
      allowed_authorization_headers:
      - x-cluster-name
      allowed_request_headers:
      - "x-forwarded-access-token"
      ---
      apiVersion: getambassador.io/v3alpha1
      kind: Host
      name: ambassadorhost
      hostname: "*"
      ambassador_id: [ {{ include "k10.ambassadorId" . }} ]      
{{- if .Values.secrets.tlsSecret }}
      tlsSecret:
        name: {{ .Values.secrets.tlsSecret }}
{{- else if and .Values.secrets.apiTlsCrt .Values.secrets.apiTlsKey }}
      tlsSecret:
        name: gateway-certs
{{- end }}
      requestPolicy:
        insecure:
          action: Route
      ---
      apiVersion: getambassador.io/v3alpha1
      kind: Listener
      name: ambassadorlistener
      port: {{ $container_port }}
      securityModel: XFP
      protocol: HTTPS
      hostBinding:
        namespace:
          from: SELF
      ambassador_id: [ {{ include "k10.ambassadorId" . }} ]
      ---
{{- if (eq "endpoint" .Values.apigateway.serviceResolver) }}
      apiVersion: getambassador.io/v3alpha1
      kind: KubernetesEndpointResolver
      name: endpoint
      ambassador_id: [ {{ include "k10.ambassadorId" . }} ]
      ---
{{- end }}
      apiVersion: getambassador.io/v3alpha1
      kind:  Module
      name:  ambassador
      config:
        service_port: {{ $container_port }}
{{- if .Values.global.network.enable_ipv6 }}
        enable_ipv6: true
{{- end }}
      ambassador_id: [ {{ include "k10.ambassadorId" . }} ]
{{- if (eq "endpoint" .Values.apigateway.serviceResolver) }}
        resolver: endpoint
        load_balancer:
          policy: round_robin
{{- end }}
spec:
  ports:
  - name: http
    port: {{ $service_port }}
    targetPort: {{ $container_port }}
  selector:
    service: gateway
---
{{- if .Values.gateway.exposeAdminPort }}
apiVersion: v1
kind: Service
metadata:
  namespace: {{ $.Release.Namespace }}
  name: gateway-admin
  labels:
    service: gateway
{{ include "helm.labels" . | indent 4 }}
spec:
  ports:
  - name: metrics
    port: {{ $admin_port }}
    targetPort: {{ $admin_port }}
  selector:
    service: gateway
---
{{- end }}
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: {{ $.Release.Namespace }}
  labels:
{{ include "helm.labels" . | indent 4 }}
    component: gateway
  name: gateway
spec:
  replicas: 1
  selector:
    matchLabels:
      service: gateway
  template:
    metadata:
      annotations:
        checksum/config: {{ include (print .Template.BasePath "/k10-config.yaml") . | sha256sum }}
        checksum/secret: {{ include (print .Template.BasePath "/secrets.yaml") . | sha256sum }}
      labels:
        service: gateway
        component: gateway
{{ include "helm.labels" . | indent 8 }}
    spec:
      serviceAccountName: {{ template "serviceAccountName" . }}
      {{- include "k10.imagePullSecrets" . | indent 6 }}
      containers:
      - name: ambassador
        image: {{ include "get.emissaryImage" . }}
        resources:
          limits:
            cpu: {{ .Values.gateway.resources.limits.cpu | quote }}
            memory: {{ .Values.gateway.resources.limits.memory | quote }}
          requests:
            cpu: {{ .Values.gateway.resources.requests.cpu | quote }}
            memory: {{ .Values.gateway.resources.requests.memory | quote }}
        env:
        - name: AMBASSADOR_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: AMBASSADOR_SINGLE_NAMESPACE
          value: "true"
        - name: "AMBASSADOR_VERIFY_SSL_FALSE"
          value: {{ .Values.gateway.insecureDisableSSLVerify | quote }}
        - name: AMBASSADOR_ID
          value: {{ include "k10.ambassadorId" . }}
{{- if .Values.global.network.enable_ipv6}}
        - name: AMBASSADOR_ENVOY_BIND_ADDRESS
          value: '::'
        - name: AMBASSADOR_DIAGD_BIND_ADDREASS
          value: '[::]'
{{- end }}
        livenessProbe:
          httpGet:
            path: /ambassador/v0/check_alive
            port: {{ $admin_port }}
          initialDelaySeconds: 30
          periodSeconds: 3
        readinessProbe:
          httpGet:
            path: /ambassador/v0/check_ready
            port: {{ $admin_port }}
          initialDelaySeconds: 30
          periodSeconds: 3
      restartPolicy: Always