diff --git a/charts/ziti-router/templates/configmap.yaml b/charts/ziti-router/templates/configmap.yaml index 21c84d14..322c67db 100644 --- a/charts/ziti-router/templates/configmap.yaml +++ b/charts/ziti-router/templates/configmap.yaml @@ -133,7 +133,7 @@ data: listeners: - binding: transport bind: tls:0.0.0.0:{{ .Values.linkListeners.transport.containerPort }} - advertise: tls:{{ coalesce .Values.linkListeners.transport.advertisedHost .Values.advertisedHost (printf "%s-transport.%s.svc" (include "ziti-router.fullname" . ) .Release.Namespace) }}:{{ .Values.linkListeners.transport.advertisedPort }} + advertise: tls:{{ coalesce .Values.linkListeners.transport.advertisedHost (printf "%s-transport.%s.svc" (include "ziti-router.fullname" . ) .Release.Namespace) }}:{{ .Values.linkListeners.transport.advertisedPort }} options: outQueueSize: 4 {{- end }} @@ -142,11 +142,22 @@ data: # bindings of edge and tunnel requires an "edge" section below {{- if (eq .Values.edge.enabled true) }} - binding: edge - address: tls:0.0.0.0:{{ .Values.edge.containerPort }} + address: {{ .Values.edge.protocol }}:0.0.0.0:{{ .Values.edge.containerPort }} options: - advertise: {{ required "You must set either .Values.advertisedHost or .Values.edge.advertisedHost to the to advertise for this router. Try adding --set edge.advertisedHost=router.zitinetwork.example.org to your Helm command" (coalesce .Values.edge.advertisedHost .Values.advertisedHost) }}:{{ .Values.edge.advertisedPort }} - connectTimeoutMs: 1000 - getSessionTimeout: 60 + advertise: {{ required "You must set .Values.edge.advertisedHost to the domain name to advertise for this router's edge listener. Try adding --set edge.advertisedHost=router11.ziti.example.org to your Helm command" .Values.edge.advertisedHost }}:{{ .Values.edge.advertisedPort }} + {{- if .Values.edge.options }} + {{- toYaml .Values.edge.options | nindent 10 }} + {{- end } + {{- end }} + {{- if .Values.edge.additionalListeners }} + {{- range .Values.edge.additionalListeners }} + - binding: edge + address: {{ $element.protocol }}:0.0.0.0:{{ $element.containerPort }} + options: + advertise: {{ required (printf "You must set .Values.edge.additionalListeners[%d].advertisedHost to the domain name to advertise for this router's additional edge listener. Try adding --set edge.additionalListeners[%d].advertisedHost=router11-wss.ziti.example.org to your Helm command" $index $index) $element.advertisedHost }}:{{ $element.advertisedPort }} + {{- if $element.options }} + {{- toYaml $element.options | nindent 10 }} + {{- end }} {{- end }} {{- if and .Values.tunnel.mode (ne .Values.tunnel.mode "none" ) }} - binding: tunnel diff --git a/charts/ziti-router/templates/ingress.yaml b/charts/ziti-router/templates/ingress.yaml index 01d8c77d..a259049c 100644 --- a/charts/ziti-router/templates/ingress.yaml +++ b/charts/ziti-router/templates/ingress.yaml @@ -24,7 +24,7 @@ spec: {{- end }} {{- end }} rules: - - host: {{ (coalesce .Values.edge.advertisedHost .Values.advertisedHost) }} + - host: {{ .Values.edge.advertisedHost }} http: paths: # This rule gives internal access to the pingaccess admin services. @@ -63,7 +63,7 @@ spec: {{- end }} {{- end }} rules: - - host: {{ (coalesce .Values.linkListeners.transport.advertisedHost .Values.advertisedHost) }} + - host: {{ .Values.linkListeners.transport.advertisedHost }} http: paths: # This rule gives internal access to the pingaccess admin services. diff --git a/charts/ziti-router/values.yaml b/charts/ziti-router/values.yaml index c1e9480b..2f305226 100644 --- a/charts/ziti-router/values.yaml +++ b/charts/ziti-router/values.yaml @@ -1,11 +1,10 @@ ctrl: # -- required control plane endpoint - endpoint: # ctrl.example.com:6262 + endpoint: # ctrl.ziti.example.com:443 -# -- common advertise-host for transport and edge listeners can also be -# specified separately via `edge.advertisedHost` and -# `linkListeners.transport.advertisedHost` +# -- decommissioned value must be specified separately as edge.advertisedHost, +# edge.additionalListeners[].advertisedHost, and linkListeners.transport.advertisedHost advertisedHost: @@ -62,12 +61,16 @@ linkListeners: edge: # -- enable the edge listener in the router config enabled: true + # -- edge listener protocol: tls, wss + protocol: tls # -- cluster service target port on the container containerPort: 3022 - # -- DNS name that edge clients will use to reach this router's edge listener + # -- Domain name that edge clients will use to reach this router's edge listener advertisedHost: #router11-edge.ziti.example.com # -- cluster service, node port, load balancer, and ingress port advertisedPort: 443 + # -- additional common xgress options + options: service: # -- create a cluster service for the edge listener enabled: true @@ -82,6 +85,25 @@ edge: enabled: false # -- ingress annotations, e.g., to configure ingress-nginx annotations: + # -- additional edge listeners have the same shape as the default edge listener, except there is no "enabled" (they're + # enabled if defined), and you must specify a unique name for each additional edge listener. The name distinguishes + # their respective cluster services. + additionalListeners: + #- name: router11-edge-wss + # protocol: wss + # containerPort: 3023 + # advertisedHost: # router11-edge-wss.ziti.example.com + # advertisedPort: 443 + # # -- additional edge listeners can have their own cluster services + # service: + # enabled: true + # type: ClusterIP + # labels: + # annotations: + # # -- additional edge listeners can have their own ingresses + # ingress: + # enabled: false + # annotations: tunnel: # -- run mode for the router's built-in tunnel component: host, tproxy, proxy, or none @@ -155,7 +177,7 @@ podAnnotations: {} podSecurityContext: # -- this is the GID of "ziggy" run-as user in the container that has access # to any files created by the router process in the emptyDir volume used to - # persist the endpoints state file + # persist the list of ctrl endpoints fsGroup: 2171 # -- deployment container security context