Skip to content

feat: http route support #216

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
antoninguyot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: http route support #216

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,8 +94,13 @@ Prints all Horizon allowed hosts.
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.route.enabled }}
{{- range .Values.route.hostnames }}
{{- $allowedHosts = append $allowedHosts . }}
{{- end }}
{{- end }}
{{- $allowedHosts = concat $allowedHosts .Values.allowedHosts }}
{{- toJson $allowedHosts}}
{{- toJson $allowedHosts }}
{{- end }}

{{/*
Expand Down
81 changes: 81 additions & 0 deletions templates/httproute.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
{{- if .Values.route.enabled }}
{{- if empty .Values.route.parentRefs }}
{{- fail "route.parentRefs must be specified when route.enabled is true" }}
{{- end }}
{{- if and .Values.route.redirect.enabled (empty .Values.route.redirect.parentRefs) }}
{{- fail "route.redirect.parentRefs must be specified when route.redirect.enabled is true" }}
{{- end }}
{{- $fullName := include "common.names.fullname" . }}
{{- $hostnames := .Values.route.hostnames }}
{{- if empty $hostnames }}
{{- fail "route.hostnames must contain at least one hostname when route.enabled is true" }}
{{- end }}
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: {{ $fullName }}
labels: {{- include "horizon.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations:
{{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
parentRefs:
{{- include "common.tplvalues.render" (dict "value" .Values.route.parentRefs "context" $ ) | nindent 4 }}
hostnames:
{{- range $hostnames }}
- {{ . | quote }}
{{- end }}
rules:
- matches:
- path:
type: PathPrefix
value: {{ .Values.ingress.path | quote }}
backendRefs:
- name: {{ $fullName }}
port: 9000
{{- if .Values.route.redirect.enabled }}
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: {{ $fullName }}-http
labels: {{- include "horizon.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations:
{{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
parentRefs:
{{- include "common.tplvalues.render" (dict "value" .Values.route.redirect.parentRefs "context" $ ) | nindent 4 }}
hostnames:
{{- range $hostnames }}
- {{ . | quote }}
{{- end }}
rules:
- matches:
{{- range .Values.route.redirect.exceptionPaths }}
- path:
type: PathPrefix
value: {{ . | quote }}
{{- end }}
backendRefs:
- name: {{ $fullName }}
port: 9000
- matches:
- path:
type: PathPrefix
value: /
filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
{{- end }}
{{- end }}
234 changes: 234 additions & 0 deletions tests/httproute_test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,234 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
suite: gateway api httproute
templates:
- httproute.yml
- ingress.yml
- deployment.yml
tests:
- it: should not render httproute resources by default
template: httproute.yml
asserts:
- hasDocuments:
count: 0

- it: should render two httproutes when redirect is enabled
set:
route:
enabled: true
hostnames:
- horizon.example.com
parentRefs:
- name: horizon-gateway
sectionName: https
redirect:
parentRefs:
- name: horizon-gateway
sectionName: http
template: httproute.yml
asserts:
- hasDocuments:
count: 2

- it: should name the HTTP redirect route with -http suffix
set:
route:
enabled: true
hostnames:
- horizon.example.com
parentRefs:
- name: horizon-gateway
sectionName: https
redirect:
parentRefs:
- name: horizon-gateway
sectionName: http
template: httproute.yml
documentIndex: 1
asserts:
- isKind:
of: HTTPRoute
- matchRegex:
path: metadata.name
pattern: ".*-http$"
- equal:
path: spec.parentRefs[0].sectionName
value: http

- it: should require redirect parentRefs when redirect is enabled
set:
route:
enabled: true
hostnames:
- horizon.example.com
parentRefs:
- name: horizon-gateway
sectionName: https
template: httproute.yml
asserts:
- failedTemplate:
errorMessage: route.redirect.parentRefs must be specified when route.redirect.enabled is true

- it: should keep ingress rendering when route is enabled
set:
ingress:
enabled: true
hostname: horizon.example.com
route:
enabled: true
hostnames:
- horizon.example.com
parentRefs:
- name: horizon-gateway
sectionName: https
redirect:
parentRefs:
- name: horizon-gateway
sectionName: http
template: ingress.yml
asserts:
- hasDocuments:
count: 1
- isKind:
of: Ingress

- it: should configure redirect route with path prefix exceptions
set:
route:
enabled: true
hostnames:
- horizon.example.com
parentRefs:
- name: horizon-gateway
sectionName: https
redirect:
parentRefs:
- name: horizon-gateway
sectionName: http
template: httproute.yml
documentIndex: 1
asserts:
- equal:
path: spec.rules[0].matches[0].path.type
value: PathPrefix
- equal:
path: spec.rules[0].matches[0].path.value
value: /scep
- equal:
path: spec.rules[0].matches[1].path.value
value: /certsrv
- equal:
path: spec.rules[0].matches[2].path.value
value: /certSrv
- equal:
path: spec.rules[0].matches[3].path.value
value: /intune
- equal:
path: spec.rules[0].matches[4].path.value
value: /jamf
- equal:
path: spec.rules[0].backendRefs[0].port
value: 9000
- notExists:
path: spec.rules[0].filters
- equal:
path: spec.rules[1].filters[0].type
value: RequestRedirect
- equal:
path: spec.rules[1].filters[0].requestRedirect.scheme
value: https
- equal:
path: spec.rules[1].filters[0].requestRedirect.statusCode
value: 301

- it: should use http backend port for main route when tls is disabled
set:
route:
enabled: true
hostnames:
- horizon.example.com
parentRefs:
- name: horizon-gateway
sectionName: https
redirect:
enabled: false
tls:
enabled: false
template: httproute.yml
documentIndex: 0
asserts:
- equal:
path: spec.rules[0].backendRefs[0].port
value: 9000

- it: should keep using http backend port for main route when tls is enabled
set:
route:
enabled: true
hostnames:
- horizon.example.com
parentRefs:
- name: horizon-gateway
sectionName: https
redirect:
enabled: false
tls:
enabled: true
template: httproute.yml
documentIndex: 0
asserts:
- equal:
path: spec.rules[0].backendRefs[0].port
value: 9000

- it: should fail when route.hostnames is not provided
set:
route:
enabled: true
parentRefs:
- name: horizon-gateway
sectionName: https
redirect:
enabled: false
template: httproute.yml
asserts:
- failedTemplate:
errorMessage: route.hostnames must contain at least one hostname when route.enabled is true

- it: should use explicit route hostnames in the main route
set:
route:
enabled: true
hostnames:
- route.horizon.example.com
parentRefs:
- name: horizon-gateway
sectionName: https
redirect:
enabled: false
template: httproute.yml
documentIndex: 0
asserts:
- equal:
path: spec.hostnames[0]
value: route.horizon.example.com
- notExists:
path: spec.hostnames[1]

- it: should add explicit route hostnames to deployment allowed hosts
set:
route:
enabled: true
hostnames:
- route.horizon.example.com
parentRefs:
- name: horizon-gateway
sectionName: https
redirect:
enabled: false
template: deployment.yml
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: HOSTS_ALLOWED.0
value: route.horizon.example.com
36 changes: 36 additions & 0 deletions values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -427,6 +427,42 @@ ingress:
##
extraRules: []

## @section Horizon Route configuration
##
route:
## @param route.enabled Set to true to enable Gateway API HTTPRoute generation
##
enabled: false
## @param route.parentRefs Parent references used by the HTTPRoute
## e.g:
## parentRefs:
## - name: horizon-gateway
## sectionName: https
##
parentRefs: []
## @param route.hostnames Explicit hostnames for HTTPRoute. Mandatory when route.enabled=true.
##
hostnames: []
redirect:
## @param route.redirect.enabled Set to true to generate HTTP to HTTPS redirects
##
enabled: true
## @param route.redirect.parentRefs Parent references used by the HTTP redirect route (e.g. HTTP listener)
## e.g:
## parentRefs:
## - name: horizon-gateway
## sectionName: http
##
parentRefs: []
## @param route.redirect.exceptionPaths Path prefixes that must not be redirected to HTTPS
##
exceptionPaths:
- /scep
- /certsrv
- /certSrv
- /intune
- /jamf

## @section Prometheus monitor configuration
## @param monitoring.enabled Enable the creation of a ServiceMonitor object for Horizon if the cluster has the monitoring.coreos.com/v1 capability.
monitoring:
Expand Down
Loading