From ddb5ea5d0e440ecc887645eca8f53a5253e62f4c Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Fri, 30 May 2025 06:04:11 +0200
Subject: [PATCH 1/3] Fixed database url

---
 var/helm/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/var/helm/values.yaml b/var/helm/values.yaml
index 40dbaae..e436581 100644
--- a/var/helm/values.yaml
+++ b/var/helm/values.yaml
@@ -29,4 +29,4 @@ ingress:
   hostname: mpafastapi.nostromo.k8s
 
 config:
-  db_url: "sqlite://data/db.sqlite3"
+  db_url: "sqlite:////data/db.sqlite3"

From 48836e5e1ce9f4d9da9a16e1b90d6c1815d8e3b3 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Fri, 30 May 2025 06:04:27 +0200
Subject: [PATCH 2/3] Labelling the namespace for Istio

---
 Makefile | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 187aa14..a2c860a 100644
--- a/Makefile
+++ b/Makefile
@@ -15,6 +15,8 @@ CONTAINER_SOURCES := $(shell find var/container)
 HELM_SOURCES := $(shell find var/helm)
 HELM_TARGET := dist/mrmat-python-api-fastapi-$(VERSION).tgz
 
+ISTIO := ambient
+
 all: python container helm
 python: $(PYTHON_TARGET)
 helm: $(HELM_TARGET)
@@ -40,11 +42,13 @@ container: $(PYTHON_TARGET) $(CONTAINER_SOURCES)
 
 helm-install: $(HELM_TARGET)
 	kubectl create ns mpafastapi || true
-	kubectl label --overwrite ns mpafastapi istio-injection=true
+	if test "$(ISTIO)" == "sidecar"; then kubectl label --overwrite ns mpafastapi istio-injection=true; fi
+	if test "$(ISTIO)" == "ambient"; then kubectl label --overwrite ns mpafastapi istio.io/dataplane-mode=ambient; fi
 	helm upgrade \
 		mrmat-python-api-fastapi \
 		${HELM_TARGET} \
 		--install \
+		--wait \
 		--force \
 		--namespace mpafastapi
 

From 57336d624594dcde6ee633235ac615903cf9b3bc Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Sat, 31 May 2025 14:33:17 +0200
Subject: [PATCH 3/3] Integration with more edge variants

---
 Makefile                                           |  4 +++-
 src/mrmat_python_api_fastapi/app.py                |  2 ++
 var/helm/templates/deployment.yaml                 |  2 +-
 .../templates/{ingress.yaml => edge-ingress.yaml}  |  2 +-
 .../{route.yaml => edge-istio-gateway-api.yaml}    |  8 +++-----
 var/helm/templates/edge-istio.yaml                 | 14 ++++++++++++++
 var/helm/values.yaml                               | 11 +++++++++--
 7 files changed, 33 insertions(+), 10 deletions(-)
 rename var/helm/templates/{ingress.yaml => edge-ingress.yaml} (93%)
 rename var/helm/templates/{route.yaml => edge-istio-gateway-api.yaml} (80%)
 create mode 100644 var/helm/templates/edge-istio.yaml

diff --git a/Makefile b/Makefile
index a2c860a..119f439 100644
--- a/Makefile
+++ b/Makefile
@@ -15,6 +15,7 @@ CONTAINER_SOURCES := $(shell find var/container)
 HELM_SOURCES := $(shell find var/helm)
 HELM_TARGET := dist/mrmat-python-api-fastapi-$(VERSION).tgz
 
+# Can be either 'sidecar' or 'ambient'
 ISTIO := ambient
 
 all: python container helm
@@ -50,7 +51,8 @@ helm-install: $(HELM_TARGET)
 		--install \
 		--wait \
 		--force \
-		--namespace mpafastapi
+		--namespace mpafastapi \
+		--set istio=$(ISTIO)
 
 helm-uninstall:
 	helm delete -n mpafastapi mrmat-python-api-fastapi
diff --git a/src/mrmat_python_api_fastapi/app.py b/src/mrmat_python_api_fastapi/app.py
index 277d4a2..1e78f03 100644
--- a/src/mrmat_python_api_fastapi/app.py
+++ b/src/mrmat_python_api_fastapi/app.py
@@ -21,6 +21,7 @@
 #  SOFTWARE.
 
 from fastapi import FastAPI
+from fastapi.security import OAuth2PasswordBearer
 
 from prometheus_fastapi_instrumentator import Instrumentator
 
@@ -29,6 +30,7 @@
 from mrmat_python_api_fastapi.apis.platform import api_platform_v1
 
 app = FastAPI(title='MrMat :: Python :: API :: FastAPI')
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl='token')
 app.include_router(api_healthz, prefix='/api/healthz', tags=['health'])
 app.include_router(api_greeting_v1, prefix='/api/greeting/v1', tags=['greeting'])
 app.include_router(api_greeting_v2, prefix='/api/greeting/v2', tags=['greeting'])
diff --git a/var/helm/templates/deployment.yaml b/var/helm/templates/deployment.yaml
index e293fd0..81701c5 100644
--- a/var/helm/templates/deployment.yaml
+++ b/var/helm/templates/deployment.yaml
@@ -37,7 +37,7 @@ spec:
           - name: APP_CONFIG
             value: /config/app_config.json
           - name: OTEL_SERVICE_NAME
-            value: "mrmat-python-api-fastapi"
+            value: "{{ .Release.Namespace }}.mpafastapi"
           - name: OTEL_TRACES_EXPORTER
             value: "otlp"
           - name: OTEL_METRICS_EXPORTER
diff --git a/var/helm/templates/ingress.yaml b/var/helm/templates/edge-ingress.yaml
similarity index 93%
rename from var/helm/templates/ingress.yaml
rename to var/helm/templates/edge-ingress.yaml
index 42aaf69..290972b 100644
--- a/var/helm/templates/ingress.yaml
+++ b/var/helm/templates/edge-ingress.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.ingress.enabled }}
+{{- if eq .Values.edge.kind "ingress" }}
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
diff --git a/var/helm/templates/route.yaml b/var/helm/templates/edge-istio-gateway-api.yaml
similarity index 80%
rename from var/helm/templates/route.yaml
rename to var/helm/templates/edge-istio-gateway-api.yaml
index 2ccaca0..9a462b5 100644
--- a/var/helm/templates/route.yaml
+++ b/var/helm/templates/edge-istio-gateway-api.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.route.enabled -}}
+{{- if eq .Values.edge.kind "istio-gateway-api" -}}
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
@@ -11,13 +11,11 @@ spec:
   - {{ . | quote }}
   {{- end }}
   parentRefs:
-  {{- range .Values.route.parents }}
   - group: gateway.networking.k8s.io
     kind: Gateway
-    name: {{ .name }}
-    namespace: {{ .namespace }}
+    name: {{ .Values.edge.name }}
+    namespace: {{ .Values.edge.ns }}
     sectionName: mpafastapi
-  {{- end }}
   rules:
   - backendRefs:
     - kind: Service
diff --git a/var/helm/templates/edge-istio.yaml b/var/helm/templates/edge-istio.yaml
new file mode 100644
index 0000000..fa743dd
--- /dev/null
+++ b/var/helm/templates/edge-istio.yaml
@@ -0,0 +1,14 @@
+{{- if eq .Values.edge.kind "istio" }}
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: waypoint
+  namespace: {{ .Release.Namespace }}
+spec:
+  gatewayClassName: istio-waypoint
+  listeners:
+  - name: mesh
+    port: 15008
+    protocol: HBONE
+{{- end }}
diff --git a/var/helm/values.yaml b/var/helm/values.yaml
index e436581..f8f1f55 100644
--- a/var/helm/values.yaml
+++ b/var/helm/values.yaml
@@ -15,17 +15,24 @@ svc:
   name: svc-mpafastapi
   port: 80
 
+edge:
+  ns: edge
+  name: edge-ingress
+  kind: istio-gateway-api
+
 route:
   enabled: false
   name: route-mpafastapi
   hostnames:
-  - mpafastapi.covenant.local
+  - mpafastapi.nostromo.k8s
   parents:
   - name: edge-ingress
     namespace: edge
 
+istio: ambient
+
 ingress:
-  enabled: true
+  enabled: false
   hostname: mpafastapi.nostromo.k8s
 
 config: