Source

Implementation

Provisioner Type

Resource Type

Flavor

Tool

route-with-shared-gateway-with-netpol

Generates an HTTPRoute attached to a default Gateway in default Namespace, and a NetworkPolicy between them.

type: route
supported_params:
  - path
  - host
  - port

10-shared-gateway-httproute-with-netpol.provisioners.yaml (view on GitHub) :

- uri: template://community-provisioners/route-with-shared-gateway-with-netpol
  type: route
  description: Generates an HTTPRoute attached to a default Gateway in default Namespace, and a NetworkPolicy between them.
  supported_params:
    - path
    - host
    - port
  init: |
    {{ if not (regexMatch "^/|(/([^/]+))+$" .Params.path) }}{{ fail "params.path start with a / but cannot end with /" }}{{ end }}
    {{ if not (regexMatch "^[a-z0-9_.-]{1,253}$" .Params.host) }}{{ fail (cat "params.host must be a valid hostname but was" .Params.host) }}{{ end }}
    {{ $ports := (index .WorkloadServices .SourceWorkload).Ports }}
    {{ if not $ports }}{{ fail "no service ports exist" }}{{ end }}
    {{ $port := index $ports (print .Params.port) }}
    {{ if not $port.TargetPort }}{{ fail "params.port is not a named service port" }}{{ end }}
    targetPort: {{ $port.TargetPort }}
    gatewayNamespace: default
    gatewayName: default    
  state: |
    routeName: route-{{ .SourceWorkload }}-{{ substr 0 8 .Guid | lower }}    
  manifests: |
    - apiVersion: gateway.networking.k8s.io/v1
      kind: HTTPRoute
      metadata:
        name: {{ .State.routeName }}
        annotations:
          k8s.score.dev/source-workload: {{ .SourceWorkload }}
          k8s.score.dev/resource-uid: {{ .Uid }}
          k8s.score.dev/resource-guid: {{ .Guid }}
        labels:
          app.kubernetes.io/managed-by: score-k8s
          app.kubernetes.io/name: {{ .State.routeName }}
          app.kubernetes.io/instance: {{ .State.routeName }}
      spec:
        parentRefs:
        - name: {{ .Init.gatewayName }}
          namespace: {{ .Init.gatewayNamespace }}
        hostnames:
        - {{ .Params.host | quote }}
        rules:
        - matches:
          - path:
              type: PathPrefix
              value: {{ .Params.path | quote }}
          backendRefs:
          - name: {{ (index .WorkloadServices .SourceWorkload).ServiceName }}
            port: {{ .Params.port }}
    - apiVersion: networking.k8s.io/v1
      kind: NetworkPolicy
      metadata:
        name: gateway-to-{{ .SourceWorkload }}
      spec:
        podSelector:
          matchLabels:
            app.kubernetes.io/name: {{ .SourceWorkload }}
        policyTypes:
          - Ingress
        ingress:
        - from:
          - namespaceSelector:
              matchLabels:
                kubernetes.io/metadata.name: nginx-gateway
            podSelector:
              matchLabels:
                app.kubernetes.io/name: nginx-gateway-fabric
          ports:
          - protocol: TCP
            port: {{ .Init.targetPort }}