diff --git a/charts/generic-service/README.md b/charts/generic-service/README.md index b088feb..325d858 100644 --- a/charts/generic-service/README.md +++ b/charts/generic-service/README.md @@ -112,7 +112,9 @@ app: | `ingress.cors.allowCredentials` | `true` | Indicates whether the caller is allowed to send the actual request (not the preflight) using credentials | | `ingress.cors.exposeHeaders` | `[]` | List of HTTP headers that the browsers are allowed to access | | `ingress.class` | | The ingress controller to use (not applicable if `ingress.istio.enabled`) | -| `ingress.annotations` | `{}` | Annotations for `Ingress` or `VirtualService` resource | +| `ingress.gateway.namespace` | | The namespace containing the `Gateway` to use | +| `ingress.gateway.name` | | The name of the `Gateway` to use (creates an `HTTPRoute` instead of an `Ingress` when set) | +| `ingress.annotations` | `{}` | Annotations for `Ingress`, `HTTPRoute` or `VirtualService` resource | | `ingress.headless` | `false` | Creates an additional `Service` with the suffix `-headless` that directly exposes Pod IPs | | `ingress.headlessExposesAll` | `false` | Exposes all replicas, including unready ones, via the `-headless` `Service` | | `ingress.nodeLocal` | `false` | Creates an additional `Service` with the suffix `-local` that only routes to pods on the same node | @@ -122,6 +124,8 @@ app: | `ingress.istio.httpHeaders` | `{}` | Custom HTTP response headers | | `ingress.istio.retries` | `{}` | [Istio retry policy](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRetry) | | `ingress.extra.*.class` | same as `ingress.class` | Additional ingress controller to use (not applicable if `ingress.istio.enabled`) | +| `ingress.extra.*.gateway.namespace` | | The namespace containing the `Gateway` to use | +| `ingress.extra.*.gateway.name` | | The name of the `Gateway` to use (creates an `HTTPRoute` instead of an `Ingress` when set) | | `ingress.extra.*.port` | same as `ingress.port` | Additional container port ingress traffic is routed to (not applicable if `ingress.istio.enabled`) | | `ingress.extra.*.protocol` | `http` | The protocol used for the port (e.g., `http`, `https`, `h2c`, `grpc`, `http2`/`h2` or `grpcs`) | | `ingress.extra.*.timeoutSeconds` | | Number of seconds after which to timeout waiting for response from service; -1 for infinite | diff --git a/charts/generic-service/ci/ingress-gateway-values.yaml b/charts/generic-service/ci/ingress-gateway-values.yaml new file mode 100644 index 0000000..7453217 --- /dev/null +++ b/charts/generic-service/ci/ingress-gateway-values.yaml @@ -0,0 +1,21 @@ +# Ingress gateway test + +image: + repository: jwilder/whoami + tag: latest + +ingress: + enabled: true + port: 8000 + timeoutSeconds: 5 + domains: ['example.com'] + gateway: + name: my-gateway + extra: + other-port: + port: 1337 + domains: ['custom-port.example.com'] + annotations: + key: value + protocol: grpc + timeoutSeconds: 5 diff --git a/charts/generic-service/templates/httproute-extra.yaml b/charts/generic-service/templates/httproute-extra.yaml new file mode 100644 index 0000000..ebe61f0 --- /dev/null +++ b/charts/generic-service/templates/httproute-extra.yaml @@ -0,0 +1,41 @@ +{{- if and .Values.ingress.enabled .Values.ingress.extra }} +{{- range $name, $extra := .Values.ingress.extra }} +{{- $gateway := deepCopy $.Values.ingress.gateway | mustMerge ($extra.gateway | default dict) }} +{{- if $gateway.name }} + +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: HTTPRoute +metadata: + name: {{ include "generic-service.fullname" $ }}-{{ $name }} + labels: {{- include "generic-service.default-labels" $ | nindent 4 }} + annotations: + {{- $merged := deepCopy ($.Values.ingress.annotations | default dict) | mustMerge ($extra.annotations | default dict) }} + {{- range $mname, $mvalue := $merged }} + {{- if ne $mvalue "nil" }} + {{- dict $mname $mvalue | toYaml | nindent 4 }} + {{- end }} + {{- end }} + +spec: + parentRefs: + - {{ $gateway | toYaml | nindent 6 }} + + hostnames: {{ $extra.domains | toYaml | nindent 4 }} + + rules: + {{- range ($extra.paths | default (list "/")) }} + - matches: + - path: + value: {{ . | quote }} + {{- if or $extra.timeoutSeconds $.Values.ingress.timeoutSeconds }} + timeouts: + backendRequest: {{ $extra.timeoutSeconds | default $.Values.ingress.timeoutSeconds }}s + {{- end }} + backendRefs: + - name: {{ include "generic-service.fullname" $ }} + port: {{ $extra.port | default $.Values.ingress.port }} + {{- end }} +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/generic-service/templates/httproute.yaml b/charts/generic-service/templates/httproute.yaml new file mode 100644 index 0000000..6f49745 --- /dev/null +++ b/charts/generic-service/templates/httproute.yaml @@ -0,0 +1,30 @@ +{{- if and .Values.ingress.enabled .Values.ingress.gateway.name }} + +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: HTTPRoute +metadata: + name: {{ include "generic-service.fullname" . }} + labels: {{- include "generic-service.top-level-labels" . | nindent 4 }} + annotations: {{ .Values.ingress.annotations | toYaml | nindent 4 }} + +spec: + parentRefs: + - {{ .Values.ingress.gateway | toYaml | nindent 6 }} + + hostnames: {{ .Values.ingress.domains | toYaml | nindent 4 }} + + rules: + {{- range ($.Values.ingress.paths | default (list "/")) }} + - matches: + - path: + value: {{ . | quote }} + {{- if $.Values.ingress.timeoutSeconds }} + timeouts: + backendRequest: {{ $.Values.ingress.timeoutSeconds }}s + {{- end }} + backendRefs: + - name: {{ include "generic-service.fullname" $ }} + port: {{ $.Values.ingress.port }} + {{- end }} + +{{- end }} diff --git a/charts/generic-service/templates/ingress-extra.yaml b/charts/generic-service/templates/ingress-extra.yaml index 1c30893..14f1fc3 100644 --- a/charts/generic-service/templates/ingress-extra.yaml +++ b/charts/generic-service/templates/ingress-extra.yaml @@ -1,8 +1,8 @@ {{- if and (and .Values.ingress.enabled .Values.ingress.extra) (not .Values.ingress.istio.enabled) }} {{- range $name, $extra := .Values.ingress.extra }} -{{- if $extra.domains }} -{{ $class := $extra.class | default $.Values.ingress.class }} +{{- $class := $extra.class | default $.Values.ingress.class }} {{ $timeout := $extra.timeoutSeconds | default $.Values.ingress.timeoutSeconds }} +{{- if and $extra.domains (or $class (and (not $extra.gateway) (not $.Values.ingress.gateway.name))) }} apiVersion: networking.k8s.io/v1 kind: Ingress diff --git a/charts/generic-service/templates/ingress.yaml b/charts/generic-service/templates/ingress.yaml index 3ba83bf..62fcf6a 100644 --- a/charts/generic-service/templates/ingress.yaml +++ b/charts/generic-service/templates/ingress.yaml @@ -1,4 +1,4 @@ -{{- if and (and .Values.ingress.enabled .Values.ingress.domains) (not .Values.ingress.istio.enabled) }} +{{- if and (and .Values.ingress.enabled .Values.ingress.domains) (and (not .Values.ingress.istio.enabled) (or .Values.ingress.class (not .Values.ingress.gateway.name))) }} apiVersion: networking.k8s.io/v1 kind: Ingress diff --git a/charts/generic-service/values.schema.json b/charts/generic-service/values.schema.json index f0f668c..2dfefde 100644 --- a/charts/generic-service/values.schema.json +++ b/charts/generic-service/values.schema.json @@ -589,10 +589,23 @@ "type": "string", "description": "The ingress controller to use (not applicable if ingress.istio.enabled)" }, + "gateway": { + "type": "object", + "properties": { + "namespace": { + "type": "string", + "description": "The namespace containing the Gateway to use" + }, + "name": { + "type": "string", + "description": "The name of the Gateway to use (creates an HTTPRoute instead of an Ingress when set)" + } + } + }, "annotations": { "type": "object", "additionalProperties": {"type": "string"}, - "description": "Annotations for Ingress or VirtualService resource" + "description": "Annotations for Ingress, HTTPRoute or VirtualService resource" }, "headless": { "type": "boolean", @@ -648,6 +661,19 @@ "type": "string", "description": "Additional ingress controller to use (not applicable if ingress.istio.enabled)" }, + "gateway": { + "type": "object", + "properties": { + "namespace": { + "type": "string", + "description": "The namespace containing the Gateway to use" + }, + "name": { + "type": "string", + "description": "The name of the Gateway to use (creates an HTTPRoute instead of an Ingress when set)" + } + } + }, "port": { "type": "integer", "description": "The container port ingress traffic is routed to; defaults to value of ingress.port if not set" diff --git a/charts/generic-service/values.yaml b/charts/generic-service/values.yaml index d621d86..4bb097b 100644 --- a/charts/generic-service/values.yaml +++ b/charts/generic-service/values.yaml @@ -121,6 +121,7 @@ ingress: allowCredentials: true exposeHeaders: [] class: '' + gateway: {} annotations: {} headless: false headlessExposesAll: false