feat(chart): Add support for gateway API

Filip Chlebowski · Filip Chlebowski · commit b3177e36ee48 · 2025-12-31T13:28:34.000+01:00
diff --git a/deployment/chainloop/templates/cas/httproute.yaml b/deployment/chainloop/templates/cas/httproute.yaml
@@ -0,0 +1,55 @@
+{{- if or .Values.cas.httpRoute.enabled .Values.httpRoute.enabled }}
+{{- /*
+Copyright Chainloop, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+{{- $fullName := include "chainloop.cas.fullname" . -}}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "chainloop.cas.labels" . | nindent 4 }}
+  {{- if or .Values.cas.httpRoute.annotations .Values.httpRoute.annotations }}
+  annotations:
+    {{- if .Values.cas.httpRoute.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.cas.httpRoute.annotations "context" $) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.httpRoute.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.httpRoute.annotations "context" $) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+spec:
+  parentRefs:
+  {{- if .Values.cas.httpRoute.parentRefs }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.httpRoute.parentRefs "context" .) | nindent 4 }}
+  {{- else }}
+    - name: gateway
+      namespace: {{ include "common.names.namespace" . | quote }}
+  {{- end }}
+  hostnames: {{- include "common.tplvalues.render" (dict "value" .Values.cas.httpRoute.hostnames "context" .) | nindent 4 }}
+  rules:
+    {{- $port := coalesce .Values.cas.service.port .Values.cas.service.ports.http }}
+    - backendRefs:
+        - name: {{ include "chainloop.cas.fullname" . }}
+          port: {{ $port }}
+      {{- if .Values.cas.httpRoute.matches }}
+      matches: {{- include "common.tplvalues.render" (dict "value" .Values.cas.httpRoute.matches "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.cas.httpRoute.filters }}
+      filters: {{- include "common.tplvalues.render" (dict "value" .Values.cas.httpRoute.filters "context" .) | nindent 8 }}
+      {{- end }}
+    - matches:
+        - headers:
+            - name: content-type
+              value: application/grpc
+      {{- $portAPI := coalesce .Values.cas.serviceAPI.port .Values.cas.serviceAPI.ports.http }}
+      backendRefs:
+        - name:  {{ include "chainloop.cas.fullname" . }}-api
+          kind: Service
+          namespace: {{ include "common.names.namespace" . | quote }}
+          port: {{ $portAPI }}
+  {{- if .Values.cas.httpRoute.extraRules }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.cas.httpRoute.extraRules "context" .) | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/deployment/chainloop/templates/cas/service-grpc.yaml b/deployment/chainloop/templates/cas/service-grpc.yaml
@@ -40,6 +40,7 @@ spec:
       {{- if not (eq $port .Values.cas.containerPorts.grpc) }}
       targetPort: {{ .Values.cas.containerPorts.grpc }}
       {{- end }}
+      appProtocol: kubernetes.io/h2c
       protocol: TCP
       {{- if and (or (eq .Values.cas.serviceAPI.type "NodePort") (eq .Values.cas.serviceAPI.type "LoadBalancer")) (not (empty .Values.cas.serviceAPI.nodePorts.http)) }}
       nodePort: {{ .Values.cas.serviceAPI.nodePorts.http }}
diff --git a/deployment/chainloop/templates/controlplane/httproute.yaml b/deployment/chainloop/templates/controlplane/httproute.yaml
@@ -0,0 +1,55 @@
+{{- if or .Values.controlplane.httpRoute.enabled .Values.httpRoute.enabled }}
+{{- /*
+Copyright Chainloop, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+{{- $fullName := include "chainloop.controlplane.fullname" . -}}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "chainloop.controlplane.labels" . | nindent 4 }}
+  {{- if or .Values.controlplane.httpRoute.annotations .Values.httpRoute.annotations }}
+  annotations:
+    {{- if .Values.controlplane.httpRoute.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.controlplane.httpRoute.annotations "context" $) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.httpRoute.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.httpRoute.annotations "context" $) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+spec:
+  parentRefs:
+  {{- if .Values.controlplane.httpRoute.parentRefs }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.httpRoute.parentRefs "context" .) | nindent 4 }}
+  {{- else }}
+    - name: gateway
+      namespace: {{ include "common.names.namespace" . | quote }}
+  {{- end }}
+  hostnames: {{- include "common.tplvalues.render" (dict "value" .Values.controlplane.httpRoute.hostnames "context" .) | nindent 4 }}
+  rules:
+    {{- $port := coalesce .Values.controlplane.service.port .Values.controlplane.service.ports.http }}
+    - backendRefs:
+        - name: {{ include "chainloop.controlplane.fullname" . }}
+          port: {{ $port }}
+      {{- if .Values.controlplane.httpRoute.matches }}
+      matches: {{- include "common.tplvalues.render" (dict "value" .Values.controlplane.httpRoute.matches "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.controlplane.httpRoute.filters }}
+      filters: {{- include "common.tplvalues.render" (dict "value" .Values.controlplane.httpRoute.filters "context" .) | nindent 8 }}
+      {{- end }}
+    - matches:
+        - headers:
+            - name: content-type
+              value: application/grpc
+      {{- $portAPI := coalesce .Values.controlplane.serviceAPI.port .Values.controlplane.serviceAPI.ports.http }}
+      backendRefs:
+        - name:  {{ include "chainloop.controlplane.fullname" . }}-api
+          kind: Service
+          namespace: {{ include "common.names.namespace" . | quote }}
+          port: {{ $portAPI }}
+  {{- if .Values.controlplane.httpRoute.extraRules }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.controlplane.httpRoute.extraRules "context" .) | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/deployment/chainloop/templates/controlplane/service-grpc.yaml b/deployment/chainloop/templates/controlplane/service-grpc.yaml
@@ -41,6 +41,7 @@ spec:
       targetPort: {{ .Values.controlplane.containerPorts.grpc }}
       {{- end }}
       protocol: TCP
+      appProtocol: kubernetes.io/h2c
       {{- if and (or (eq .Values.controlplane.serviceAPI.type "NodePort") (eq .Values.controlplane.serviceAPI.type "LoadBalancer")) (not (empty .Values.controlplane.serviceAPI.nodePorts.http)) }}
       nodePort: {{ .Values.controlplane.serviceAPI.nodePorts.http }}
       {{- else if eq .Values.controlplane.serviceAPI.type "ClusterIP" }}
diff --git a/deployment/chainloop/values.yaml b/deployment/chainloop/values.yaml
@@ -601,6 +601,60 @@ controlplane:
     ##             name: http
     ##
     extraRules: []
+  ## Gateway API HTTP routing parameters
+  ## ref: https://gateway-api.sigs.k8s.io/guides/http-routing/
+  ##
+  httpRoute:
+    ## @param httpRoute.enabled Enable HTTPRoute generation for WordPress
+    ##
+    enabled: false
+    ## @param httpRoute.annotations Additional annotations for the HTTPRoute resource
+    ##
+    annotations: {}
+    ## @param httpRoute.labels Additional labels for the HTTPRoute resource
+    ##
+    labels: {}
+    ## @param httpRoute.parentRefs Gateways the HTTPRoute is attached to. If unspecified, it'll be attached to Gateway named 'gateway' in the same namespace.
+    ## e.g:
+    ## parentRefs:
+    ##   - name: my-gateway
+    ##     sectionName: http
+    ##     namespace: default
+    ##
+    parentRefs: []
+    ## @param httpRoute.hostnames [array] List of hostnames matching HTTP header
+    ##
+    hostnames:
+      - cp.dev.local
+    ## @param httpRoute.matches [array] List of match rules applied to the HTTPRoute for the default svc backend reference
+    ##
+    matches:
+      - path:
+          type: PathPrefix
+          value: /
+    ## @param httpRoute.filters List of filter rules applied to the HTTPRoute for the default svc backend reference
+    ##
+    filters: []
+    ## @param httpRoute.extraRules List of extra rules applied to the HTTPRoute
+    ## e.g:
+    ## extraRules:
+    ##   - matches:
+    ##       - path:
+    ##           type: PathPrefix
+    ##           value: /login
+    ##     filters:
+    ##       - type: RequestHeaderModifier
+    ##         requestHeaderModifier:
+    ##           set:
+    ##             - name: My-Overwrite-Header
+    ##               value: this-is-the-only-value
+    ##           remove:
+    ##             - User-Agent
+    ##     backendRefs:
+    ##       - name: wordpress
+    ##         port: 80
+    ##
+    extraRules: []
 
   ## @section Controlplane Misc
 
@@ -1349,7 +1403,60 @@ cas:
     ##             name: http
     ##
     extraRules: []
-
+  ## Gateway API HTTP routing parameters
+  ## ref: https://gateway-api.sigs.k8s.io/guides/http-routing/
+  ##
+  httpRoute:
+    ## @param httpRoute.enabled Enable HTTPRoute generation for WordPress
+    ##
+    enabled: false
+    ## @param httpRoute.annotations Additional annotations for the HTTPRoute resource
+    ##
+    annotations: {}
+    ## @param httpRoute.labels Additional labels for the HTTPRoute resource
+    ##
+    labels: {}
+    ## @param httpRoute.parentRefs Gateways the HTTPRoute is attached to. If unspecified, it'll be attached to Gateway named 'gateway' in the same namespace.
+    ## e.g:
+    ## parentRefs:
+    ##   - name: my-gateway
+    ##     sectionName: http
+    ##     namespace: default
+    ##
+    parentRefs: []
+    ## @param httpRoute.hostnames [array] List of hostnames matching HTTP header
+    ##
+    hostnames:
+      - cas.dev.local
+    ## @param httpRoute.matches [array] List of match rules applied to the HTTPRoute for the default svc backend reference
+    ##
+    matches:
+      - path:
+          type: PathPrefix
+          value: /
+    ## @param httpRoute.filters List of filter rules applied to the HTTPRoute for the default svc backend reference
+    ##
+    filters: []
+    ## @param httpRoute.extraRules List of extra rules applied to the HTTPRoute
+    ## e.g:
+    ## extraRules:
+    ##   - matches:
+    ##       - path:
+    ##           type: PathPrefix
+    ##           value: /login
+    ##     filters:
+    ##       - type: RequestHeaderModifier
+    ##         requestHeaderModifier:
+    ##           set:
+    ##             - name: My-Overwrite-Header
+    ##               value: this-is-the-only-value
+    ##           remove:
+    ##             - User-Agent
+    ##     backendRefs:
+    ##       - name: wordpress
+    ##         port: 80
+    ##
+    extraRules: []
   ## @section CAS Misc
   ## @param cas.sentry.enabled Enable sentry.io alerting
   ## @param cas.sentry.dsn DSN endpoint
