feat(base): add features to gateways deploys

charts/base/templates/gateways.yaml

@@ -1,9 +1,12 @@
 {{- if or (eq .Values.global.provider "aks") (eq .Values.global.provider "gke") (eq .Values.global.provider "oke") (eq .Values.global.provider "eks") }}
 {{- $secretName := "" }}
+{{- $secretPrivateName := "" }}
 {{- if .Values.tls.required  }}
 {{- $secretName = required "The 'tls.secretName' field is required" .Values.tls.secretName }}
+{{- $secretPrivateName = required "The 'tls.secretPrivateName' field is required" .Values.tls.secretPrivateName }}
 {{- else }}
 {{- $secretName = .Values.tls.secretName | default "" }}
+{{- $secretPrivateName = .Values.tls.secretPrivateName | default "" }}
 {{- end }}
 {{- if not (lookup "v1" "Namespace" "" .Values.namespaces.gateway) }}
 apiVersion: v1
@@ -21,12 +24,16 @@ metadata:
   name: {{ .Values.gateway.internal.name }}
   namespace: {{ .Values.namespaces.gateway }}
   annotations:
+    {{- if .Values.gateway.useClusterIP }}
+    networking.istio.io/service-type: ClusterIP
+    external-dns.alpha.kubernetes.io/target: {{ .Values.gateway.internal.aws.dns_name }}
+    {{- else }}
     {{- if eq .Values.global.provider "eks" }}
     {{- if eq .Values.gateway.internal.loadBalancerType "internal" }}
     service.beta.kubernetes.io/aws-load-balancer-name:  {{ .Values.gateway.internal.aws.name }}
     service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
     {{- else }}
-    service.beta.kubernetes.io/aws-load-balancer-name: {{ .Values.gateway.public.aws.name }}
+    service.beta.kubernetes.io/aws-load-balancer-name: {{ .Values.gateway.internal.aws.name }}
     service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
     {{- end }}
     service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
@@ -35,7 +42,7 @@ metadata:
     service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
     service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "15021"
     service.beta.kubernetes.io/aws-load-balancer-healthcheck-path: "/healthz/ready"
-    service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol: "http" 
+    service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol: "http"
     {{- if .Values.gateway.internal.aws.securityGroups }}
     service.beta.kubernetes.io/aws-load-balancer-security-groups: {{ .Values.gateway.internal.aws.securityGroups | quote }}
     service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules: "false"
@@ -86,6 +93,7 @@ metadata:
     {{- /* Default annotations for other providers */ -}}
     service.beta.kubernetes.io/port_443_health-probe_protocol: "tcp"
     {{- end }}
+    {{- end }}
 spec:
   gatewayClassName: istio
   {{- with .Values.gateway.internal.addresses }}
@@ -105,12 +113,12 @@ spec:
     - name: https
       port: 443
       protocol: HTTPS
-    {{- if $secretName }}
+    {{- if $secretPrivateName }}
       tls:
         certificateRefs:
           - group: ''
             kind: Secret
-            name: {{ .Values.tls.secretPrivateName }}
+            name: {{ $secretPrivateName }}
     {{- end }}
       allowedRoutes:
         namespaces:
@@ -154,12 +162,17 @@ spec:
       istio.io/gateway-name: {{ .Values.gateway.internal.name }}
 ---
 {{- end }}
+{{- if and .Values.gateways.enabled .Values.gateway.public.enabled }}
 apiVersion: gateway.networking.k8s.io/v1beta1
 kind: Gateway
 metadata:
   name: {{ .Values.gateway.public.name }}
   namespace: {{ .Values.namespaces.gateway }}
   annotations:
+    {{- if .Values.gateway.useClusterIP }}
+    networking.istio.io/service-type: ClusterIP
+    external-dns.alpha.kubernetes.io/target: {{ .Values.gateway.public.aws.dns_name }}
+    {{- else }}
     {{- if eq .Values.global.provider "eks" }}
     {{- if eq .Values.gateway.public.loadBalancerType "internal" }}
     service.beta.kubernetes.io/aws-load-balancer-name: {{ .Values.gateway.internal.aws.name }}
@@ -224,6 +237,7 @@ metadata:
     {{- /* Default annotations for other providers */ -}}
     service.beta.kubernetes.io/port_443_health-probe_protocol: "tcp"
     {{- end }}
+    {{- end }}
 spec:
   gatewayClassName: istio
   {{- with .Values.gateway.public.addresses }}
@@ -291,3 +305,4 @@ spec:
       istio.io/gateway-name: {{ .Values.gateway.public.name }}
 ---
 {{- end }}
+{{- end }}

charts/base/values.yaml

@@ -25,20 +25,23 @@ ingressControllers:
     domain: ""
 # TLS configuration
 tls:
-  required: true
+  required: false
   # Name of the TLS secret
   secretName: "wildcard-tls"
   secretPrivateName: "wildcard-tls-internal"
   # Gateway configurations
 gateway:
+  useClusterIP: true
   http:
     enabled: false
   internal:
     enabled: true
+    name: "gateway-private"
     azure_load_balancer_subnet:
     # AWS-specific configuration (EKS)
     aws:
       name: "k8s-nullplatform-internal"
+      dns_name: ""
       # Security Group ID for the internal gateway (restricts health check port 15021 to VPC CIDR)
       # If empty, the AWS LB Controller will create a default SG with 0.0.0.0/0 access
       securityGroups: ""
@@ -71,17 +74,18 @@ gateway:
     # For internal gateway, this should be set to VNet/VPC CIDR
     # Example: ["10.0.0.0/16"]
     loadBalancerSourceRanges: []
-    name: "gateway-private"
     addresses: {}
     autoscaling:
       minReplicas: 2
       maxReplicas: 10
     loadBalancerType: "internal"  # internal, external
   public:
     name: "gateway-public"
+    enabled: true
     # AWS-specific configuration (EKS)
     aws:
       name: "k8s-nullplatform-internet-facing"
+      dns_name: ""
       # Security Group ID for the public gateway (restricts health check port 15021 to VPC CIDR while allowing 443 from internet)
       # If empty, the AWS LB Controller will create a default SG with 0.0.0.0/0 access on all ports
       securityGroups: ""