feat(connect): add Gateway API HTTPRoute support as alternative to Ingress#286
Open
BenjaminBanwart wants to merge 1 commit into
Open
feat(connect): add Gateway API HTTPRoute support as alternative to Ingress#286BenjaminBanwart wants to merge 1 commit into
BenjaminBanwart wants to merge 1 commit into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
✨ Summary
Add support for creating a Gateway API
HTTPRouteresource as an alternative to the existingIngressfor exposing the Connect API server.Gateway API is the successor to the Ingress API, GA since Kubernetes 1.26, and is increasingly the standard for traffic routing in modern clusters. This change introduces a new
connect.httpRoutevalues section that generates agateway.networking.k8s.io/v1HTTPRouteresource when enabled.What's included:
templates/httproute.yaml) — renders anHTTPRoutewith:onepassword-connect.labelshelperbackendRefs(service name and port derived fromconnect.applicationNameandconnect.api.httpPort/connect.api.httpsPortbased on TLS config)backendRefsoverride per rule when neededvalues.yaml) —connect.httpRoutesection with a sensible default rule (PathPrefix: /)failif bothconnect.ingress.enabledandconnect.httpRoute.enabledaretrue(mutually exclusive)failifconnect.httpRoute.enabledistruebutparentRefsis emptyci/with-httproute-values.yaml) for chart-testinghelm-docs🔗 Resolves
Closes #285
✅ Checklist
🕵️ Review Notes &⚠️ Risks
Design decisions:
PathPrefix: /) is declared directly invalues.yamlrather than generated inside the template, following the pattern used by argo-cd's Helm chart. This makes the default behavior transparent and overridable.backendRefsare auto-injected per rule only when the user does not specify them, so the template is zero-config by default but fully customizable.fail— users get a clear error message instead of silently creating both resources.No breaking changes — all new values default to
disabled/empty, so existing deployments are unaffected.Validated scenarios:
backendRefs, port 8080)backendRefsoverrideparentRefswith-httproute-values.yaml)connect.create: falsesuppresses HTTPRoute