initial stash

Author: jshum2479

electron/app/locales/en/webui.json

@@ -623,7 +623,12 @@
   "ingress-design-ingress-route-targetservice-label": "Target Service",
   "ingress-design-ingress-route-targetport-label": "Target Port",
   "ingress-design-ingress-route-path-label": "Path Expression",
-  "ingress-design-ingress-route-tls-label": "Enable TLS",
+  "ingress-design-ingress-route-tls-label": "Transport Options",
+  "ingress-design-ingress-route-tlsoption-plain": "Plain HTTP",
+  "ingress-design-ingress-route-tlsoption-ssl-passthrough": "HTTPS pass through to the target service",
+  "ingress-design-ingress-route-tlsoption-ssl-terminate-ingress": "HTTPS terminate at ingress and plain HTTP traffic from ingress to target service",
+  "ingress-design-ingress-route-is-console-svc-label": "Check if target service is WebLogic Console Service",
+  "ingress-design-ingress-route-yes-console-svc": "WebLogic Console Service",
   "ingress-design-ingress-route-name-label": "Name",
   "ingress-design-ingress-route-dialog-title": "Edit Ingress Route",
   "ingress-design-ingress-route-annotation-label": "Annotation",
@@ -639,6 +644,8 @@
   "ingress-design-ingress-route-annotation-value-help": "The value for the annotation used for this ingress route.",
   "ingress-design-ingress-route-annotation-add-row": "Add Annotation",
   "ingress-design-ingress-route-annotation-delete-row": "Delete Annotation",
+  "ingress-design-ingress-route-traefik-mw-label": "Traefik Middleware",
+  "ingress-design-ingress-route-traefik-mw-help": "Customize Traefik Middlewares Object",
 
   "ingress-design-ingress-route-name-field-validation-error": "Route {{routeName}}",
   "ingress-design-ingress-route-field-validation-error": "Route: {{routeName}}, Field: {{fieldName}}",

webui/src/js/models/ingress-definition.js

@@ -42,7 +42,7 @@ define(['knockout', 'utils/observable-properties', 'utils/validation-helper'],
 
         this.ingressRouteKeys = [
           'uid', 'name', 'virtualHost', 'targetServiceNameSpace', 'targetService', 'targetPort',
-          'path', 'tlsEnabled', 'annotations', 'accessPoint', 'markedForDeletion'
+          'path', 'annotations', 'accessPoint', 'tlsOption', 'markedForDeletion', 'isConsoleService'
         ];
         this.ingressRoutes = props.createListProperty(this.ingressRouteKeys).persistByKey('uid');
 

webui/src/js/utils/ingress-resource-generator.js

@@ -23,7 +23,14 @@ define(['models/wkt-project', 'js-yaml'],
                 break;
 
               case 'traefik':
-                ingressRouteData = this.createTraefikRoutesAsYaml(route);
+                let ingressTraefikMiddlewares = this.createTraefikMiddlewaresAsYaml(route);
+                let useMiddlewares = false;
+                if (ingressTraefikMiddlewares) {
+                  lines.push(ingressTraefikMiddlewares, '');
+                  lines.push('---');
+                  useMiddlewares = true;
+                }
+                ingressRouteData = this.createTraefikRoutesAsYaml(route, useMiddlewares);
                 break;
 
               case 'nginx':
@@ -67,6 +74,7 @@ define(['models/wkt-project', 'js-yaml'],
             ]
           }
         };
+
         this.addTlsSpec(result, item);
         this.addVirtualHost(result, item);
         this.addAnnotations(result, item);
@@ -77,8 +85,136 @@ define(['models/wkt-project', 'js-yaml'],
         return this._createStandardRoutesAsYaml(item);
       }
 
-      createTraefikRoutesAsYaml(item) {
-        return this._createStandardRoutesAsYaml(item);
+      isTraefikSSLTerminateAtIngress(item) {
+        if (item && item['tlsOption'] === 'ssl_terminate_ingress') {
+          return true;
+        } else {
+          return false;
+        }
+      }
+
+      isTraefikSSLPassThrough(item) {
+        if (item && item['tlsOption'] === 'ssl_passthrough') {
+          return true;
+        } else {
+          return false;
+        }
+      }
+
+      isTraefikPlain(item) {
+        if (item && item['tlsOption'] === 'plain') {
+          return true;
+        } else {
+          return false;
+        }
+      }
+
+      createTraefikMiddlewaresAsYaml(item) {
+
+        const namespace = item['targetServiceNameSpace'] || 'default';
+
+        const result = {
+          apiVersion: 'traefik.containo.us/v1alpha1',
+          kind: 'Middleware',
+          metadata: {
+            name: item['name'] + '-middleware',
+            namespace: namespace,
+          }
+        };
+
+        if (this.isTraefikSSLTerminateAtIngress(item)) {
+          if (item['isConsoleService'].includes('yes')) {
+            console.log('at tthere');
+            result.spec = {
+              sslRedirct: true,
+              headers: {
+                customRequestHeaders: {
+                  'X-Custom-Request-Header': '',
+                  'X-Forwarded-For': '',
+                  'WL-Proxy-Client-IP': '',
+                  'WL-Proxy-SSL': 'true'
+                }
+              }
+            };
+
+            return jsYaml.dump(result);
+          }
+
+          if (item['path'].indexOf('.') < 0) {
+            console.log('at here');
+            result.spec = { replacePathRegex: { regex: '^' + item['path'] + '(.*)'}, replacement: item['path'] + '/$1'};
+            return jsYaml.dump(result);
+          }
+
+        }
+
+      }
+
+      createTraefikRoutesAsYaml(item, useMiddlewares) {
+        const namespace = item['targetServiceNameSpace'] || 'default';
+
+        const result = {
+          apiVersion: 'traefik.containo.us/v1alpha1',
+          kind: 'IngressRoute',
+          metadata: {
+            name: item['name'],
+            namespace: namespace,
+          },
+          spec: {
+            routes: [
+              {
+                kind: 'Rule',
+                match: {},
+                services: [{
+                  kind: 'Service',
+                  name: item['targetService'],
+                  port: Number(item['targetPort'])
+                }]
+              }
+            ]
+          }
+        };
+
+        let matchExpression = '';
+
+        if (item && item['path']) {
+          matchExpression += 'PathPrefix(`' + item['path'] + '`)';
+        }
+
+        if (item['virtualHost']) {
+          if (matchExpression !== '') {
+            matchExpression += ' && ';
+          }
+          matchExpression += 'Host(`' + item['virtualHost'] + '`)';
+        }
+
+        result.spec.routes[0].match = matchExpression;
+
+        // if SSL terminate at ingress
+        if (this.project.ingress.specifyIngressTLSSecret.value && this.isTraefikSSLTerminateAtIngress(item)) {
+          if (!item['tlsSecretName']) {
+            item['tlsSecretName'] = this.project.ingress.ingressTLSSecretName.value;
+          }
+          result.spec.tls = { secretName: item['tlsSecretName'] };
+        }
+        // SSL passthrough
+        console.log(item);
+        if (this.project.ingress.specifyIngressTLSSecret.value && this.isTraefikSSLPassThrough(item)) {
+          const obj = { passthrough: true };
+          result.spec.tls = [ obj ];
+
+          // Set HostSNI
+          if (item && item['virtualHost']) {
+            result.spec.routes[0].match = 'HostSNI(`' + item['virtualHost'] + '`)';
+          }
+        }
+
+        if (useMiddlewares) {
+          result.spec.routes[0].middleware = item['name'] + '-middleware';
+        }
+
+        this.addAnnotations(result, item);
+        return jsYaml.dump(result);
       }
 
       _createStandardRoutesAsYaml(item) {
@@ -122,7 +258,7 @@ define(['models/wkt-project', 'js-yaml'],
 
       addTlsSpec(result, item) {
         // If the Ingress TLS secret is not enabled, do not add the ingress TLS secret name even if it exists.
-        if (this.project.ingress.specifyIngressTLSSecret.value && item && item['tlsEnabled'] === true) {
+        if (this.project.ingress.specifyIngressTLSSecret.value && !this.isTraefikPlain(item)) {
           if (!item['tlsSecretName']) {
             item['tlsSecretName'] = this.project.ingress.ingressTLSSecretName.value;
           }

webui/src/js/utils/ingress-routes-updater.js

@@ -191,7 +191,7 @@ function(IngressActionsBase, project, wktConsole, k8sHelper, i18n, projectIo, di
             // Currently UI for tls secret is created/assumed in the same namespace of the domain to avoid too many
             // inputs and handling another table.  Once we moved to dialog format, then this can be accomplished.
             //
-            if (route['tlsEnabled'] === true) {
+            if (route['tlsOption'] === 'ssl_terminate_ingress') {
               route['tlsSecretName'] = this.project.ingress.ingressTLSSecretName.value;
             }
             let ingressRouteData = {};
@@ -491,15 +491,15 @@ function(IngressActionsBase, project, wktConsole, k8sHelper, i18n, projectIo, di
             });
           }
         }
-
+        console.log(ingressDefinition);
         if (useNodePort) {
-          if (ingressDefinition['tLSEnabled'] === true) {
+          if (ingressDefinition['tlsOption'] !== 'plain') {
             results['accessPoint'] = 'https:' + externalLoadBalancerHost + ':' + ingressSSLPort  + ingressDefinition.path;
           } else {
             results['accessPoint'] = 'http:' + externalLoadBalancerHost + ':' + ingressPlainPort  + ingressDefinition.path;
           }
         } else {
-          if (ingressDefinition['tLSEnabled'] === true) {
+          if (ingressDefinition['tlsOption'] !== 'plain') {
             results['accessPoint'] = 'https:' + externalLoadBalancerHost + ingressDefinition.path;
           } else {
             results['accessPoint'] = 'http:' + externalLoadBalancerHost +  ingressDefinition.path;
@@ -619,7 +619,7 @@ function(IngressActionsBase, project, wktConsole, k8sHelper, i18n, projectIo, di
           validationHelper.validateField(validators, data[attribute], isRequired), routeConfig);
       });
 
-      if (data['tlsEnabled'] && !tlsSecretSpecified) {
+      if (data['tlsOption'] === 'ssl_terminate_ingress' && !tlsSecretSpecified) {
         errFieldMessage = i18n.t('ingress-design-ingress-route-field-validation-error', {
           routeName: data['name'],
           fieldName: i18n.t('ingress-design-ingress-route-tls-label')

webui/src/js/viewModels/ingress-design-view-impl.js

@@ -176,7 +176,9 @@ function(i18n, accUtils, ko, ArrayDataProvider, BufferingDataProvider, project,
         uid: getAnnotationUid(nextIndex),
         name: `new-route-${nextIndex}`,
         targetServiceNameSpace: this.project.k8sDomain.kubernetesNamespace.value,
-        accessPoint: ''
+        accessPoint: '',
+        tlsOption: 'plain',
+        isConsoleService: []
       };
 
       // if controller is Voyager and provider is baremetal only nodeport is supported, set the default in the UI
@@ -188,6 +190,9 @@ function(i18n, accUtils, ko, ArrayDataProvider, BufferingDataProvider, project,
       if (project.ingress.ingressControllerProvider.value === 'nginx') {
         newRoute.annotations = {'kubernetes.io/ingress.class': 'nginx'};
       }
+      if (project.ingress.ingressControllerProvider.value === 'traefik') {
+        newRoute.annotations = {'kubernetes.io/ingress.class': 'traefik'};
+      }
 
       project.ingress.ingressRoutes.addNewItem(newRoute);
     };
@@ -213,6 +218,8 @@ function(i18n, accUtils, ko, ArrayDataProvider, BufferingDataProvider, project,
           // no result indicates operation was cancelled
           if (result) {
             let changed = false;
+            console.log('after calls');
+            console.log(result);
             project.ingress.ingressRouteKeys.forEach(key => {
               if ((key !== 'uid') && result.hasOwnProperty(key)) {
                 route[key] = result[key];

webui/src/js/viewModels/route-edit-dialog.js

@@ -38,9 +38,20 @@ function(accUtils, ko, i18n, project, viewHelper, ArrayDataProvider, BufferingDa
 
     this.project = project;
     this.route = args.route;
+    this.route.isConsoleService = [];
 
     this.savedAnnotations = args.route.annotations || {};
 
+    this.tlsOptions = [
+      { id: 'plain', value: 'plain', text: this.labelMapper('route-tlsoption-plain') },
+      { id: 'ssl_terminate_ingress', value: 'ssl_terminate_ingress', text: this.labelMapper('route-tlsoption-ssl-terminate-ingress') },
+      { id: 'ssl_passthrough', value: 'ssl_passthrough', text: this.labelMapper('route-tlsoption-ssl-passthrough') },
+    ];
+
+    this.isConsoleOptions = [
+      { id: 'isConsole', value: 'yes', text: this.labelMapper('route-yes-console-svc') }
+    ];
+
     // this is dynamic to allow i18n fields to load correctly
     this.annotationColumns = [
       {
@@ -124,6 +135,19 @@ function(accUtils, ko, i18n, project, viewHelper, ArrayDataProvider, BufferingDa
       return Object.entries(one).sort().toString() !== Object.entries(two).sort().toString();
     }
 
+    function addOrDeleteAnnotation(annotations, addAction, key, value, deleteKey) {
+      if (addAction) {
+        annotations[key] = value;
+      } else {
+        if (key in annotations) {
+          delete annotations[key];
+        }
+      }
+      if (deleteKey in annotations) {
+        delete annotations[deleteKey];
+      }
+    }
+
     this.okInput = () => {
       let tracker = document.getElementById('ingressTracker');
       if (tracker.valid !== 'valid') {
@@ -144,12 +168,36 @@ function(accUtils, ko, i18n, project, viewHelper, ArrayDataProvider, BufferingDa
           result[propertyName] = property.value;
         }
       });
+      console.log(result);
 
       // add annotations if any value has changed
       const changedAnnotations = {};
       this.annotations.observable().forEach(annotation => {
         changedAnnotations[annotation.key] = annotation.value ? annotation.value : '';
       });
+
+      if (this.project.ingress.ingressControllerProvider.value === 'traefik') {
+        const sslKey = 'traefik.ingress.kubernetes.io/router.tls';
+        const tlsOption = result['tlsOption'];
+        addOrDeleteAnnotation(changedAnnotations, (tlsOption !== 'plain'),
+          sslKey, 'true', '');
+        // if user switched to plain
+        if (tlsOption === 'plain') {
+          if (sslKey in changedAnnotations) {
+            delete changedAnnotations[sslKey];
+          }
+        }
+      }
+
+      if (this.project.ingress.ingressControllerProvider.value === 'nginx') {
+        const sslKey = 'nginx.ingress.kubernetes.io/backend-protocol';
+        const sslPassThroughKey = 'nginx.ingress.kubernetes.io/ssl-passthrough';
+        const tlsOption = result['tlsOption'];
+        addOrDeleteAnnotation(changedAnnotations, (tlsOption === 'ssl_terminate_ingress'),
+          sslKey, 'HTTPS', sslPassThroughKey);
+        addOrDeleteAnnotation(changedAnnotations, (tlsOption === 'ssl_passthrough'), 'true', sslKey);
+      }
+
       if(compareObjects(changedAnnotations, this.savedAnnotations)) {
         result['annotations'] = changedAnnotations;
       }
@@ -161,6 +209,7 @@ function(accUtils, ko, i18n, project, viewHelper, ArrayDataProvider, BufferingDa
       $(DIALOG_SELECTOR)[0].close();
       args.setValue();
     };
+
   }
 
   /*

webui/src/js/views/route-edit-dialog.html

@@ -44,9 +44,33 @@
                          help.instruction="[[labelMapper('route-targetport-help')]]"
                          validators="[[project.ingress.validators.targetPortValidator]]">
         </oj-input-number>
-        <oj-switch label-hint="[[labelMapper('route-tls-label')]]"
-                   value="{{tlsEnabled.observable}}">
-        </oj-switch>
+
+        <oj-radioset id="tlsOptionId"
+                     label-hint="[[labelMapper('route-tls-label')]]"
+                     label-edge="inside"
+                     value="{{tlsOption.observable}}">
+          <oj-bind-for-each data="[[tlsOptions]]">
+            <template>
+              <oj-option value="[[$current.data.value]]">
+                <oj-bind-text value="[[$current.data.text]]"></oj-bind-text>
+              </oj-option>
+            </template>
+          </oj-bind-for-each>
+        </oj-radioset>
+
+        <oj-checkboxset id="isConsoleSetId"
+                        label-hint="[[labelMapper('route-is-console-svc-label')]]"
+                        label-edge="inside"
+                        value="{{isConsoleService.observable}}">
+          <oj-bind-for-each data="[[isConsoleOptions]]">
+            <template>
+              <oj-option value="[[$current.data.value]]">
+                <oj-bind-text value="[[$current.data.text]]"></oj-bind-text>
+              </oj-option>
+            </template>
+          </oj-bind-for-each>
+        </oj-checkboxset>
+
       </oj-form-layout>
 
       <h6 class="wkt-subheading">