From c0342bc37729832ed6fb90343f06a53a725e9bc9 Mon Sep 17 00:00:00 2001 From: niam0522 Date: Mon, 2 Mar 2026 13:44:30 +0530 Subject: [PATCH 1/2] add Gateway-API support --- charts/site-manager/templates/httproute.yaml | 33 ++++++++++++++++++++ charts/site-manager/templates/ingress.yaml | 5 +++ charts/site-manager/values.yaml | 8 +++++ 3 files changed, 46 insertions(+) create mode 100644 charts/site-manager/templates/httproute.yaml diff --git a/charts/site-manager/templates/httproute.yaml b/charts/site-manager/templates/httproute.yaml new file mode 100644 index 0000000..84fed90 --- /dev/null +++ b/charts/site-manager/templates/httproute.yaml @@ -0,0 +1,33 @@ +{{- $hasHttpRouteApi := .Capabilities.APIVersions.Has "gateway.networking.k8s.io/v1" -}} +{{- $isKubernetes := eq .Values.PAAS_PLATFORM "KUBERNETES" -}} +{{- if and $hasHttpRouteApi $isKubernetes -}} +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ .Chart.Name }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: {{ .Values.httpRoute.gatewayName | quote }} + namespace: {{ .Values.httpRoute.gatewayNamespace | quote }} + {{- if .Values.ingress.name }} + hostnames: + - {{ .Values.ingress.name | quote }} + {{- end }} + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - group: "" + kind: Service + name: {{ .Chart.Name }} + port: 443 + weight: 1 +{{- end }} diff --git a/charts/site-manager/templates/ingress.yaml b/charts/site-manager/templates/ingress.yaml index 378123d..a362f60 100644 --- a/charts/site-manager/templates/ingress.yaml +++ b/charts/site-manager/templates/ingress.yaml @@ -1,9 +1,13 @@ +{{- if .Values.ingress.create }} apiVersion: {{ include "site-manager.ingress.apiVersion" . }} kind: Ingress metadata: name: {{ .Chart.Name }} namespace: {{ .Release.Namespace }} annotations: + # Prevent gateway-api-converter from auto-converting this legacy Ingress + # when Gateway API resources (HTTPRoute, etc) are managed by chart. + gateway-api-converter.netcracker.com/ignore: "true" {{- if .Values.tls.enabled }} nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" {{- if .Values.tls.defaultIngressTls }} @@ -44,3 +48,4 @@ spec: port: number: 443 {{- end }} +{{- end }} diff --git a/charts/site-manager/values.yaml b/charts/site-manager/values.yaml index 09fe95d..016c250 100644 --- a/charts/site-manager/values.yaml +++ b/charts/site-manager/values.yaml @@ -56,6 +56,14 @@ ingress: name: "" className: "" +# Gateway API (HTTPRoute) configuration. +# Resources are created only when: +# 1) gateway.networking.k8s.io/v1 CRDs are present +# 2) PAAS_PLATFORM=KUBERNETES +httpRoute: + gatewayName: default-external-gateway + gatewayNamespace: envoy-gateway + limits: cpu: "20m" memory: "100Mi" From 0a23b9e47d31457f59c50dfefc6eac2ed8282d0e Mon Sep 17 00:00:00 2001 From: niam0522 Date: Thu, 5 Mar 2026 16:33:16 +0530 Subject: [PATCH 2/2] Align Gateway API templates with latest main and add BackendTLSPolicy --- charts/site-manager/templates/_helpers.tpl | 2 -- .../templates/backendtlspolicy.yaml | 23 +++++++++++++++++++ charts/site-manager/templates/httproute.yaml | 4 +--- 3 files changed, 24 insertions(+), 5 deletions(-) create mode 100644 charts/site-manager/templates/backendtlspolicy.yaml diff --git a/charts/site-manager/templates/_helpers.tpl b/charts/site-manager/templates/_helpers.tpl index e1d8ec5..afe426a 100644 --- a/charts/site-manager/templates/_helpers.tpl +++ b/charts/site-manager/templates/_helpers.tpl @@ -8,7 +8,6 @@ Return the appropriate host for ingress. {{- printf "site-manager-%s.%s" .Release.Namespace .Values.CLOUD_PUBLIC_HOST }} {{- end -}} {{- end -}} - {{/* Return the appropriate apiVersion for ingress. */}} @@ -50,4 +49,3 @@ IP addresses used to generate SSL certificate with "Subject Alternative Name" fi {{- define "paas-geo-monitor.port" -}} {{- print ( default 8080 .Values.paasGeoMonitor.config.port ) -}} {{- end -}} - diff --git a/charts/site-manager/templates/backendtlspolicy.yaml b/charts/site-manager/templates/backendtlspolicy.yaml new file mode 100644 index 0000000..398acdd --- /dev/null +++ b/charts/site-manager/templates/backendtlspolicy.yaml @@ -0,0 +1,23 @@ +{{- $hasHttpRouteApi := .Capabilities.APIVersions.Has "gateway.networking.k8s.io/v1" -}} +{{- $isKubernetes := eq .Values.PAAS_PLATFORM "KUBERNETES" -}} +{{- $backendTlsHostname := include "site-manager.ingress.host" . -}} +{{- if and $hasHttpRouteApi $isKubernetes .Values.tls.enabled -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: BackendTLSPolicy +metadata: + name: {{ .Chart.Name }}-backend-tls + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} +spec: + targetRefs: + - group: "" + kind: Service + name: {{ .Chart.Name }} + validation: + hostname: {{ $backendTlsHostname | quote }} + caCertificateRefs: + - group: "" + kind: Secret + name: sm-certs +{{- end }} diff --git a/charts/site-manager/templates/httproute.yaml b/charts/site-manager/templates/httproute.yaml index 84fed90..4d06cb1 100644 --- a/charts/site-manager/templates/httproute.yaml +++ b/charts/site-manager/templates/httproute.yaml @@ -15,10 +15,8 @@ spec: kind: Gateway name: {{ .Values.httpRoute.gatewayName | quote }} namespace: {{ .Values.httpRoute.gatewayNamespace | quote }} - {{- if .Values.ingress.name }} hostnames: - - {{ .Values.ingress.name | quote }} - {{- end }} + - {{ include "site-manager.ingress.host" . | quote }} rules: - matches: - path: