From 17545c5f54ee7e5a467e1e1c0a30a4d86e320838 Mon Sep 17 00:00:00 2001
From: Markus Blank-Burian <blankburian@wwu.de>
Date: Tue, 23 May 2023 15:09:48 +0200
Subject: [PATCH] add destinationrule to allow configuring a trafficpolicy
---
webserver/Chart.yaml | 2 +-
webserver/templates/istio.yaml | 15 +++++++++++++++
webserver/values.yaml | 4 ++++
3 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/webserver/Chart.yaml b/webserver/Chart.yaml
index 0582d9a..a5fe7ee 100644
--- a/webserver/Chart.yaml
+++ b/webserver/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v2
name: webserver
description: A Helm chart to deploy a simple web server on the WWU Kube
type: application
-version: 0.0.9
+version: 0.0.10
diff --git a/webserver/templates/istio.yaml b/webserver/templates/istio.yaml
index 41a9af2..fd4b6b7 100644
--- a/webserver/templates/istio.yaml
+++ b/webserver/templates/istio.yaml
@@ -57,6 +57,21 @@ spec:
host: {{ include "webserver.fullname" . }}
port:
number: 80
+{{- if .Values.ingress.trafficPolicy }}
+---
+apiVersion: networking.istio.io/v1beta1
+kind: DestinationRule
+metadata:
+ name: {{ include "webserver.fullname" . }}
+ labels:
+ {{- include "webserver.labels" . | nindent 4 }}
+spec:
+ exportTo:
+ - istio-ingressgateway
+ host: {{ include "webserver.fullname" . }}
+ trafficPolicy:
+ {{- toYaml .Values.ingress.trafficPolicy | nindent 4 }}
+{{- end }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
diff --git a/webserver/values.yaml b/webserver/values.yaml
index 38d8812..cf0f72c 100644
--- a/webserver/values.yaml
+++ b/webserver/values.yaml
@@ -30,6 +30,10 @@ ingress:
algorithm: RSA
size: 3072
+ # Istio traffic policy for incoming traffic to webserver.
+ # see https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy
+ trafficPolicy: {}
+
# Additional ingress and egress rules for the firewall.
# Per default all network traffic is blocked.
# If ingress is enabled, the ingress traffic from istio-ingressgateway is
--
GitLab