Skip to content

feat(chart): Add Gateway API support and merge HTTP + GRPC traffic #2643

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Filip7656 wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

feat(chart): Add Gateway API support and merge HTTP + GRPC traffic #2643

Filip7656 wants to merge 5 commits into from
+526 −26

Conversation

@Filip7656
Copy link

@Filip7656 Filip7656 commented Jan 2, 2026
edited
Loading

This PR adds support for Gateway API and exposing both HTTP and gRPC traffic through a single Gateway API HTTPRoute in the Helm chart.
Additionaly i had to fix problems with readme-generator by fixing vault params.

Dex changes:

  • I had to add httproutes to dex subchart otherwise users who want to use only gateway api could not have used development mode.
## Used only if .Values.development is true
## Yes, dex.dex, since we are overriding the dex section in the dex subchart
dex:
  dex:
    # Point to the [controlplane http ingress]/auth/callback
    redirectURL: http(s)://[controlplane http ingress]/auth/callback
    httpRoute:
      enabled: false
      hostnames:
        - dex.[domain]
      parentRefs: []
      #    - name: your-gateway
      #      sectionName: http
      #      namespace: your-namespace
    # Expose the dex instance to the outside world
    ingress:
      enabled: false
      tls: false
      hostname: ""
      ingressClassName: ""

Also I have updated helpers with httpRoute configurations.
Example:

{{/*
External URL the CAS can be reached at
This endpoint is used for the cas to redirect downloads
NOTE: Load balancer service type is not supported
*/}}
{{- define "chainloop.cas.external_url" -}}
{{- $service := .Values.cas.service }}
{{- $ingress := .Values.cas.ingress }}
{{- $httpRoute := .Values.cas.httpRoute }}

{{- if .Values.cas.externalURL }}
{{- .Values.cas.externalURL }}
{{- else if (and $ingress $ingress.enabled $ingress.hostname) }}
{{- printf "%s://%s" (ternary "https" "http" $ingress.tls ) $ingress.hostname }}
{{- else if (and $httpRoute $httpRoute.enabled $httpRoute.hostnames) }}
{{- printf "%s://%s" (ternary "https" "http" $httpRoute.tls ) (index $httpRoute.hostnames 0) }}
{{- else if (and (eq $service.type "NodePort") $service.nodePorts (not (empty $service.nodePorts.http))) }}
{{- printf "http://localhost:%s" $service.nodePorts.http }}
{{- end -}}
{{- end -}}

Configuration is made up to bitnami standards

Params added in values.yaml

  ## Gateway API HTTP routing parameters
  ## ref: https://gateway-api.sigs.k8s.io/guides/http-routing/
  ## We dont have to create two http routes for HTTP and API because when we use Gateway API, we can use the same HTTPRoute for both.
  ##
  httpRoute:
    ## @param cas.httpRoute.enabled Enable HTTPRoute generation for CAS
    ##
    enabled: false
    ## @param controlplane.httpRoute.tls Indicate if tls is active for this route
    tls: false
    ## @param cas.httpRoute.annotations Additional annotations for the HTTPRoute resource
    ##
    annotations: {}
    ## @param cas.httpRoute.labels Additional labels for the HTTPRoute resource
    ##
    labels: {}
    ## @param cas.httpRoute.parentRefs Gateways the HTTPRoute is attached to. If unspecified, it'll be attached to Gateway named 'gateway' in the same namespace.
    ## e.g:
    ## parentRefs:
    ##   - name: my-gateway
    ##     sectionName: http
    ##     namespace: default
    ##
    parentRefs: []
    ## @param cas.httpRoute.hostnames [array] List of hostnames matching HTTP header
    ##
    hostnames:
      - cas.dev.local
    ## @param cas.httpRoute.matches [array] List of match rules applied to the HTTPRoute for the default svc backend reference
    ##
    matches:
      - path:
          type: PathPrefix
          value: /
    ## @param cas.httpRoute.filters List of filter rules applied to the HTTPRoute for the default svc backend reference
    ##
    filters: []
    ## @param cas.httpRoute.extraRules List of extra rules applied to the HTTPRoute
    ## e.g:
    ## extraRules:
    ##   - matches:
    ##       - path:
    ##           type: PathPrefix
    ##           value: /login
    ##     filters:
    ##       - type: RequestHeaderModifier
    ##         requestHeaderModifier:
    ##           set:
    ##             - name: My-Overwrite-Header
    ##               value: this-is-the-only-value
    ##           remove:
    ##             - User-Agent
    ##     backendRefs:
    ##       - name: chainloop-cas
    ##         port: 80
    ##
    extraRules: []

TODO:

  • Http - > HTTPS redirection
  • NOTES.txt
  • Configuration when in development mode (dex)

Changes are connected with:
#2641 #2642

@Filip7656 Filip7656 force-pushed the gateway-api-support branch from edac711 to bb8e927 Compare January 20, 2026 21:01
@migmartri migmartri requested review from javirln and migmartri and removed request for javirln January 20, 2026 21:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@migmartri migmartri Awaiting requested review from migmartri

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Filip7656