Skip to content

Commit

Permalink
allow TLS as optional for gateways
Browse files Browse the repository at this point in the history
  • Loading branch information
willswire committed Nov 20, 2024
1 parent 871bdad commit a310342
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 1 deletion.
7 changes: 7 additions & 0 deletions src/istio/chart/templates/gateway.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ spec:
{{- range $server.hosts | default (list "*") }}
- "{{ . }}.{{ $domain }}"
{{- end }}
{{- if $.Values.tls.enabled }}
port:
name: "https-{{ $name }}"
number: 443
Expand All @@ -38,5 +39,11 @@ spec:
# if supportTLSV1_2 is both defined and true, use TLSV1_2, otherwise use TLSV1_3
minProtocolVersion: {{ if $.Values.tls.supportTLSV1_2 }}TLSV1_2{{ else }}TLSV1_3{{ end }}
{{- end }}
{{ else }}
port:
name: "https-{{ $name }}"
number: 443
protocol: HTTP
{{- end }}
{{ end }}
{{ end }}
2 changes: 1 addition & 1 deletion src/istio/chart/templates/tls-cert.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial

{{- $tls := .Values.tls }}
{{ if $tls.cert }}
{{ if $tls.enabled }}
apiVersion: v1
kind: Secret
metadata:
Expand Down
1 change: 1 addition & 0 deletions src/istio/values/config-admin.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
name: admin
domain: "admin.###ZARF_VAR_DOMAIN###"
tls:
enabled: true
servers:
keycloak:
mode: OPTIONAL_MUTUAL
Expand Down
1 change: 1 addition & 0 deletions src/istio/values/config-passthrough.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
name: passthrough

tls:
enabled: true
servers:
passthrough:
mode: PASSTHROUGH
1 change: 1 addition & 0 deletions src/istio/values/config-tenant.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

name: tenant
tls:
enabled: true
servers:
keycloak:
mode: OPTIONAL_MUTUAL
Expand Down

0 comments on commit a310342

Please sign in to comment.