Support for Multiple Gateways (#6350)

* Support multiple ingress gateways in helm

* Support multiple egress gateways in helm

* Comments

* Merged all gateways into a single list and removed ingressgatway / egressgateway

* Changed to a different structure to overcome Helm issues dealing with arrays

* Description updated

* Minor correction

* Conversion of tests values to new gateways format

* Merge cleanup

* Adding the 31400 port back because of testdata dependency

Makefile

@@ -632,15 +632,15 @@ generate_yaml-envoyv2_transition_loadbalancer_ingressgateway: $(HELM)
 		--namespace=istio-system \
 		--set global.hub=${HUB} \
 		--values install/kubernetes/helm/istio/values-envoyv2-transition.yaml \
-		--set ingressgateway.service.type=LoadBalancer \
+		--set gateways.istio-ingressgateway.type=LoadBalancer \
 		--set ingress.enabled=false \
 		install/kubernetes/helm/istio >> install/kubernetes/istio.yaml
 	cat install/kubernetes/templates/namespace.yaml > install/kubernetes/istio-auth.yaml
 	$(HELM) template --set global.tag=${TAG} \
 		--namespace=istio-system \
 		--set global.hub=${HUB} \
 		--values install/kubernetes/helm/istio/values-envoyv2-transition.yaml \
-		--set ingressgateway.service.type=LoadBalancer \
+		--set gateways.istio-ingressgateway.type=LoadBalancer \
 		--set ingress.enabled=false \
 		--set global.mtls.enabled=true \
 		install/kubernetes/helm/istio >> install/kubernetes/istio-auth.yaml

install/kubernetes/helm/istio/README.md

@@ -79,8 +79,8 @@ Helm charts expose configuration options which are currently in alpha.  The curr
 | `global.arch.s390x` | Specifies the scheduling policy for `s390x` architectures | 0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred | `2` |
 | `global.arch.ppc64le` | Specifies the scheduling policy for `ppc64le` architectures | 0 = never, 1 = least preferred, 2 = no preference, 3 = most preferred | `2` |
 | `ingress.enabled` | Specifies whether Ingress should be installed | true/false | `true` |
-| `ingressgateway.enabled` | Specifies whether Ingress gateway should be installed | true/false | `true` |
-| `egressgateway.enabled` | Specifies whether Egress gateway should be installed | true/false | `true` |
+| `gateways.istio-ingressgateway.enabled` | Specifies whether Ingress gateway should be installed | true/false | `true` |
+| `gateways.istio-egressgateway.enabled` | Specifies whether Egress gateway should be installed | true/false | `true` |
 | `sidecarInjectorWebhook.enabled` | Specifies whether automatic sidecar-injector should be installed | `true` |
 | `galley.enabled` | Specifies whether Galley should be installed for server-side config validation | true/false | `true` |
 | `mixer.enabled` | Specifies whether Mixer should be installed | true/false | `true` |

install/kubernetes/helm/istio/charts/egressgateway/Chart.yaml → install/kubernetes/helm/istio/charts/gateways/Chart.yaml

@@ -1,13 +1,14 @@
 apiVersion: v1
-name: egressgateway
+name: gateways
 version: 0.8.0
 appVersion: 0.8.0
 tillerVersion: ">=2.7.2"
-description: Helm chart for deploying Istio egress gateway
+description: Helm chart for deploying Istio gateways
 keywords:
   - istio
-  - egress
-  - gateway
+  - ingressgateway
+  - egressgateway
+  - gateways
 sources:
   - http://github.com/istio/istio
 engine: gotpl

install/kubernetes/helm/istio/charts/gateways/templates/autoscale.yaml

@@ -0,0 +1,24 @@
+{{- range $key, $spec := .Values -}}
+{{- if and (ne $key "global") (ne $key "enabled") -}}
+{{- if and $spec.enabled $spec.autoscaleMin -}}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+    name: {{ $key }}
+    namespace: {{ $spec.namespace | default $.Release.Namespace }}
+spec:
+    maxReplicas: {{ $spec.autoscaleMax }}
+    minReplicas: {{ $spec.autoscaleMin }}
+    scaleTargetRef:
+      apiVersion: apps/v1beta1
+      kind: Deployment
+      name: {{ $key }}
+    metrics:
+      - type: Resource
+        resource:
+          name: cpu
+          targetAverageUtilization: 80
+---
+{{ end }}
+{{ end }}
+{{ end }}

install/kubernetes/helm/istio/charts/ingressgateway/templates/deployment.yaml → install/kubernetes/helm/istio/charts/gateways/templates/deployment.yaml

@@ -1,35 +1,38 @@
+{{- range $key, $spec := .Values -}}
+{{- if and (ne $key "global") (ne $key "enabled") -}}
+{{- if $spec.enabled -}}
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
-  name: {{ .Values.service.name }}
-  namespace: {{ .Values.service.namespace | default .Release.Namespace }}
+  name: {{ $key }}
+  namespace: {{ $spec.namespace | default $.Release.Namespace }}
   labels:
-    app: {{ template "istio.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-    {{- range $key, $val := .Values.service.labels }}
+    app: {{ $spec.labels.istio }}
+    chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }}
+    release: {{ $.Release.Name }}
+    heritage: {{ $.Release.Service }}
+    {{- range $key, $val := $spec.labels }}
     {{ $key }}: {{ $val }}
     {{- end }}
 spec:
-  replicas: {{ .Values.replicaCount }}
+  replicas: {{ $spec.replicaCount }}
   template:
     metadata:
       labels:
-        {{- range $key, $val := .Values.deployment.labels }}
+        {{- range $key, $val := $spec.labels }}
         {{ $key }}: {{ $val }}
         {{- end }}
       annotations:
         sidecar.istio.io/inject: "false"
     spec:
-      serviceAccountName: {{ .Values.serviceAccountName }}
+      serviceAccountName: {{ $key }}-service-account
       containers:
-        - name: {{ template "istio.name" . }}
-          image: "{{ .Values.global.hub }}/proxyv2:{{ .Values.global.tag }}"
-          imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        - name: {{ $spec.labels.istio }}
+          image: "{{ $.Values.global.hub }}/proxyv2:{{ $.Values.global.tag }}"
+          imagePullPolicy: {{ $.Values.global.imagePullPolicy }}
           ports:
-            {{- range $key, $val := .Values.deployment.ports }}
-            - containerPort: {{ $val.containerPort }}
+            {{- range $key, $val := $spec.ports }}
+            - containerPort: {{ $val.port }}
             {{- end }}
           args:
           - proxy
@@ -45,16 +48,16 @@ spec:
           - --connectTimeout
           - '10s' #connectTimeout
           - --serviceCluster
-          - {{ .Values.service.name }}
+          - {{ $key }}
           - --zipkinAddress
           - zipkin:9411
-        {{- if .Values.global.proxy.envoyStatsd.enabled }}
+        {{- if $.Values.global.proxy.envoyStatsd.enabled }}
           - --statsdUdpAddress
-          - {{ .Values.global.proxy.envoyStatsd.host }}:{{ .Values.global.proxy.envoyStatsd.port }}
+          - {{ $.Values.global.proxy.envoyStatsd.host }}:{{ $.Values.global.proxy.envoyStatsd.port }}
         {{- end }}
           - --proxyAdminPort
           - "15000"
-        {{- if .Values.global.controlPlaneSecurityEnabled }}
+        {{- if $.Values.global.controlPlaneSecurityEnabled }}
           - --controlPlaneAuthPolicy
           - MUTUAL_TLS
           - --discoveryAddress
@@ -66,7 +69,7 @@ spec:
           - istio-pilot:8080
         {{- end }}
           resources:
-{{ toYaml .Values.resources | indent 12 }}
+{{ toYaml $spec.resources | indent 12 }}
           env:
           - name: POD_NAME
             valueFrom:
@@ -91,21 +94,25 @@ spec:
           - name: istio-certs
             mountPath: /etc/certs
             readOnly: true
-          {{- range .Values.deployment.secretVolumes }}
-          - name: {{.name }}
-            mountPath: {{.mountPath | quote}}
+          {{- range $spec.secretVolumes }}
+          - name: {{ .name }}
+            mountPath: {{ .mountPath | quote }}
             readOnly: true
           {{- end }}
       volumes:
       - name: istio-certs
         secret:
           secretName: "istio.default"
           optional: true
-      {{- range .Values.deployment.secretVolumes }}
-      - name: {{.name }}
+      {{- range $spec.secretVolumes }}
+      - name: {{ .name }}
         secret:
-          secretName: {{.secretName | quote}}
+          secretName: {{ .secretName | quote }}
           optional: true
       {{- end }}
       affinity:
-      {{- include "nodeaffinity" . | indent 6 }}
+      {{- include "nodeaffinity" $ | indent 6 }}
+---
+{{ end }}
+{{ end }}
+{{ end }}