From afc825f8b39f862361c85f9aa98229f9f94d8815 Mon Sep 17 00:00:00 2001 From: Tvion Date: Tue, 17 Feb 2026 12:32:17 +0500 Subject: [PATCH 1/2] feat: [CPCAP-6903] Migrate on K8s Gateway API --- .../templates/powa-gateway-deployment.yaml | 54 +++++++++++++++++++ .../templates/powa-ingress-deployment.yaml | 1 + 2 files changed, 55 insertions(+) create mode 100644 operator/charts/patroni-services/templates/powa-gateway-deployment.yaml diff --git a/operator/charts/patroni-services/templates/powa-gateway-deployment.yaml b/operator/charts/patroni-services/templates/powa-gateway-deployment.yaml new file mode 100644 index 00000000..bf7e768d --- /dev/null +++ b/operator/charts/patroni-services/templates/powa-gateway-deployment.yaml @@ -0,0 +1,54 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: powa-ui-httproute +spec: + parentRefs: + - name: {{ .Values.powaUI.ingress.gatewayName | default "default-external-gateway" }} + namespace: {{ .Values.powaUI.ingress.envoyNamespace | default "envoy-gateway" }} # Note that this "main" route targets port 443 (HTTPS) specifically + port: 443 + hostnames: [{{ .Values.powaUI.ingress.host | quote }}] + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: powa-ui + port: 8080 +--- +{{- if .Values.tls.enabled }} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: powa-ui-frontend-redirect +spec: + parentRefs: + - name: {{ .Values.powaUI.ingress.gatewayName | default "default-external-gateway" }} + namespace: {{ .Values.powaUI.ingress.envoyNamespace | default "envoy-gateway" }} + port: 80 + hostnames: [{{ .Values.powaUI.ingress.host | quote }}] + rules: + - filters: + - type: RequestRedirect + requestRedirect: + scheme: https + statusCode: 301 +{{- end }} +--- +{{- if .Values.tls.enabled }} +apiVersion: gateway.networking.k8s.io/v1 +kind: BackendTLSPolicy +metadata: + name: powa-ui-backend-tls-policy +spec: + targetRefs: + - group: "" + kind: Service + name: powa-ui + validation: + hostname: {{ .Values.powaUI.ingress.host | quote }} + caCertificateRefs: + - kind: Secret + name: {{ include "postgres.certServicesSecret" . }} +{{- end }} \ No newline at end of file diff --git a/operator/charts/patroni-services/templates/powa-ingress-deployment.yaml b/operator/charts/patroni-services/templates/powa-ingress-deployment.yaml index a726a0ff..86a6cfbf 100644 --- a/operator/charts/patroni-services/templates/powa-ingress-deployment.yaml +++ b/operator/charts/patroni-services/templates/powa-ingress-deployment.yaml @@ -13,6 +13,7 @@ metadata: nginx.ingress.kubernetes.io/proxy-ssl-name: '{{ printf "powa-ui.%s" .Release.Namespace }}' nginx.ingress.kubernetes.io/proxy-ssl-secret: '{{ printf "%s/%s" .Release.Namespace (include "postgres.certServicesSecret" .) }}' {{- end }} + gateway-api-converter.netcracker.com/ignore: "true" name: powa-ui-ingress spec: {{- if .Values.tls.enabled }} From 70a80429c67a3625306adda7dbbfc1a4e0e337cf Mon Sep 17 00:00:00 2001 From: Tvion Date: Fri, 20 Feb 2026 18:35:15 +0500 Subject: [PATCH 2/2] feat: [CPCAP-6903] Migrate on K8s Gateway API --- .../templates/powa-gateway-deployment.yaml | 54 ------------------- .../powa-ui/powa-backend-tls-policy.yaml | 18 +++++++ .../powa-ui/powa-gateway-deployment.yaml | 22 ++++++++ .../templates/powa-ui/powa-http-route.yaml | 20 +++++++ .../powa-ingress-deployment.yaml | 0 5 files changed, 60 insertions(+), 54 deletions(-) delete mode 100644 operator/charts/patroni-services/templates/powa-gateway-deployment.yaml create mode 100644 operator/charts/patroni-services/templates/powa-ui/powa-backend-tls-policy.yaml create mode 100644 operator/charts/patroni-services/templates/powa-ui/powa-gateway-deployment.yaml create mode 100644 operator/charts/patroni-services/templates/powa-ui/powa-http-route.yaml rename operator/charts/patroni-services/templates/{ => powa-ui}/powa-ingress-deployment.yaml (100%) diff --git a/operator/charts/patroni-services/templates/powa-gateway-deployment.yaml b/operator/charts/patroni-services/templates/powa-gateway-deployment.yaml deleted file mode 100644 index bf7e768d..00000000 --- a/operator/charts/patroni-services/templates/powa-gateway-deployment.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: powa-ui-httproute -spec: - parentRefs: - - name: {{ .Values.powaUI.ingress.gatewayName | default "default-external-gateway" }} - namespace: {{ .Values.powaUI.ingress.envoyNamespace | default "envoy-gateway" }} # Note that this "main" route targets port 443 (HTTPS) specifically - port: 443 - hostnames: [{{ .Values.powaUI.ingress.host | quote }}] - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - name: powa-ui - port: 8080 ---- -{{- if .Values.tls.enabled }} -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: powa-ui-frontend-redirect -spec: - parentRefs: - - name: {{ .Values.powaUI.ingress.gatewayName | default "default-external-gateway" }} - namespace: {{ .Values.powaUI.ingress.envoyNamespace | default "envoy-gateway" }} - port: 80 - hostnames: [{{ .Values.powaUI.ingress.host | quote }}] - rules: - - filters: - - type: RequestRedirect - requestRedirect: - scheme: https - statusCode: 301 -{{- end }} ---- -{{- if .Values.tls.enabled }} -apiVersion: gateway.networking.k8s.io/v1 -kind: BackendTLSPolicy -metadata: - name: powa-ui-backend-tls-policy -spec: - targetRefs: - - group: "" - kind: Service - name: powa-ui - validation: - hostname: {{ .Values.powaUI.ingress.host | quote }} - caCertificateRefs: - - kind: Secret - name: {{ include "postgres.certServicesSecret" . }} -{{- end }} \ No newline at end of file diff --git a/operator/charts/patroni-services/templates/powa-ui/powa-backend-tls-policy.yaml b/operator/charts/patroni-services/templates/powa-ui/powa-backend-tls-policy.yaml new file mode 100644 index 00000000..4648c065 --- /dev/null +++ b/operator/charts/patroni-services/templates/powa-ui/powa-backend-tls-policy.yaml @@ -0,0 +1,18 @@ +{{ if and (.Capabilities.APIVersions.Has "gateway.networking.k8s.io/v1") (eq .Values.PAAS_PLATFORM "KUBERNETES") -}} +{{ if and .Values.powaUI.install .Values.tls.enabled }} +apiVersion: gateway.networking.k8s.io/v1 +kind: BackendTLSPolicy +metadata: + name: powa-ui-backend-tls-policy +spec: + targetRefs: + - group: "" + kind: Service + name: powa-ui + validation: + hostname: {{ .Values.powaUI.ingress.host | quote }} + caCertificateRefs: + - kind: Secret + name: {{ include "postgres.certServicesSecret" . }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/operator/charts/patroni-services/templates/powa-ui/powa-gateway-deployment.yaml b/operator/charts/patroni-services/templates/powa-ui/powa-gateway-deployment.yaml new file mode 100644 index 00000000..aa0ce467 --- /dev/null +++ b/operator/charts/patroni-services/templates/powa-ui/powa-gateway-deployment.yaml @@ -0,0 +1,22 @@ +{{- if and (.Capabilities.APIVersions.Has "gateway.networking.k8s.io/v1") (eq .Values.PAAS_PLATFORM "KUBERNETES") -}} +{{ if .Values.powaUI.install }} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: powa-ui-httproute +spec: + parentRefs: + - name: {{ .Values.powaUI.ingress.gatewayName | default "default-external-gateway" }} + namespace: {{ .Values.powaUI.ingress.envoyNamespace | default "envoy-gateway" }} # Note that this "main" route targets port 443 (HTTPS) specifically + port: 443 + hostnames: [{{ .Values.powaUI.ingress.host | quote }}] + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: powa-ui + port: 8080 +{{- end }} +{{- end }} \ No newline at end of file diff --git a/operator/charts/patroni-services/templates/powa-ui/powa-http-route.yaml b/operator/charts/patroni-services/templates/powa-ui/powa-http-route.yaml new file mode 100644 index 00000000..27ff3ea4 --- /dev/null +++ b/operator/charts/patroni-services/templates/powa-ui/powa-http-route.yaml @@ -0,0 +1,20 @@ +{{- if and (.Capabilities.APIVersions.Has "gateway.networking.k8s.io/v1") (eq .Values.PAAS_PLATFORM "KUBERNETES") -}} +{{ if and .Values.powaUI.install .Values.tls.enabled }} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: powa-ui-frontend-redirect +spec: + parentRefs: + - name: {{ .Values.powaUI.ingress.gatewayName | default "default-external-gateway" }} + namespace: {{ .Values.powaUI.ingress.envoyNamespace | default "envoy-gateway" }} + port: 80 + hostnames: [{{ .Values.powaUI.ingress.host | quote }}] + rules: + - filters: + - type: RequestRedirect + requestRedirect: + scheme: https + statusCode: 301 +{{- end }} +{{- end }} \ No newline at end of file diff --git a/operator/charts/patroni-services/templates/powa-ingress-deployment.yaml b/operator/charts/patroni-services/templates/powa-ui/powa-ingress-deployment.yaml similarity index 100% rename from operator/charts/patroni-services/templates/powa-ingress-deployment.yaml rename to operator/charts/patroni-services/templates/powa-ui/powa-ingress-deployment.yaml