From 21eb1472f9d32dec4d1a93a083c52b072eb7c1c2 Mon Sep 17 00:00:00 2001 From: Joshua Hassler Date: Mon, 16 Feb 2026 14:06:59 -0500 Subject: [PATCH 1/5] Inital gateway implementation Add support for kubernetes Gateway/HTTPRoute resources as an alternative ingress. - Add conditional logic for HTTPRoute/Ingress generation - Add HTTPRoute configuration to values files - Refactor ingress values to seperate common keys - Add option to disable ingress all together - Add optional Gateway resource --- .../matrix-stack/source/common/ingress.json | 55 +- .../source/common/ingress_global.json | 80 ++- .../source/common/ingress_without_host.json | 55 +- .../source/common/sub_schema_values.yaml.j2 | 40 +- .../ingress_with_additional_paths.json | 55 +- .../templates/element-admin/httproute.yaml | 41 ++ .../templates/element-admin/ingress.yaml | 4 +- .../templates/element-web/httproute.yaml | 41 ++ .../templates/element-web/ingress.yaml | 4 +- .../templates/ess-library/_ingress.tpl | 46 ++ .../templates/gateway/_helpers.tpl | 75 +++ .../templates/gateway/gateway.yaml | 17 + .../hookshot/hookshot_httproute.yaml | 51 ++ .../templates/hookshot/hookshot_ingress.yaml | 4 +- .../httproute.yaml | 41 ++ .../ingress.yaml | 4 +- .../templates/matrix-rtc/httproute.yaml | 53 ++ .../templates/matrix-rtc/ingress.yaml | 6 +- .../templates/synapse/_helpers.tpl | 11 + .../templates/synapse/synapse_httproute.yaml | 82 +++ .../templates/synapse/synapse_ingress.yaml | 7 +- .../templates/well-known/_helpers.tpl | 11 + .../templates/well-known/httproute.yaml | 41 ++ .../templates/well-known/ingress.yaml | 6 +- charts/matrix-stack/values.schema.json | 586 +++++++++++++++--- charts/matrix-stack/values.yaml | 219 +++++-- 26 files changed, 1456 insertions(+), 179 deletions(-) create mode 100644 charts/matrix-stack/templates/element-admin/httproute.yaml create mode 100644 charts/matrix-stack/templates/element-web/httproute.yaml create mode 100644 charts/matrix-stack/templates/gateway/_helpers.tpl create mode 100644 charts/matrix-stack/templates/gateway/gateway.yaml create mode 100644 charts/matrix-stack/templates/hookshot/hookshot_httproute.yaml create mode 100644 charts/matrix-stack/templates/matrix-authentication-service/httproute.yaml create mode 100644 charts/matrix-stack/templates/matrix-rtc/httproute.yaml create mode 100644 charts/matrix-stack/templates/synapse/synapse_httproute.yaml create mode 100644 charts/matrix-stack/templates/well-known/httproute.yaml diff --git a/charts/matrix-stack/source/common/ingress.json b/charts/matrix-stack/source/common/ingress.json index 2f055cb73..0fdb45a9f 100644 --- a/charts/matrix-stack/source/common/ingress.json +++ b/charts/matrix-stack/source/common/ingress.json @@ -1,6 +1,52 @@ { "type": "object", "properties": { + "enabled": { + "type": "boolean" + }, + "type": { + "type": "string", + "enum": [ + "HTTPRoute", + "Ingress" + ] + }, + "HTTPRoute": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { "type": "string" }, + "namespace": { "type": "string" }, + "group": { "type": "string" }, + "kind": { "type": "string" }, + "sectionName": { "type": "string" }, + "port": { "type": "integer" } + } + } + } + } + }, + "Ingress": { + "type": "object", + "properties": { + "className": { + "type": "string" + }, + "controllerType": { + "type": "string", + "enum": [ + "ingress-nginx" + ] + } + } + }, "annotations": { "type": "object", "additionalProperties": { @@ -13,21 +59,12 @@ "host": { "type": "string" }, - "className": { - "type": "string" - }, "tlsEnabled": { "type": "boolean" }, "tlsSecret": { "type": "string" }, - "controllerType": { - "type": "string", - "enum": [ - "ingress-nginx" - ] - }, "service": { "$ref": "file://common/service.json" } diff --git a/charts/matrix-stack/source/common/ingress_global.json b/charts/matrix-stack/source/common/ingress_global.json index edb1c228d..1c4c10002 100644 --- a/charts/matrix-stack/source/common/ingress_global.json +++ b/charts/matrix-stack/source/common/ingress_global.json @@ -1,27 +1,89 @@ { "type": "object", + "required": [ + "enabled", + "type" + ], "properties": { + "enabled": { + "type": "boolean", + "default": true + }, + "type": { + "type": "string", + "enum": [ + "HTTPRoute", + "Ingress" + ], + "default": "Ingress" + }, + "HTTPRoute": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { "type": "string" }, + "namespace": { "type": "string" }, + "group": { "type": "string" }, + "kind": { "type": "string" }, + "sectionName": { "type": "string" }, + "port": { "type": "integer" } + } + }, + "minItems": 1 + } + } + }, + "Ingress": { + "type": "object", + "properties": { + "className": { + "type": "string" + }, + "controllerType": { + "type": "string", + "enum": [ + "ingress-nginx" + ] + } + } + }, + "gateway": { + "type": "object", + "properties": { + "create": { + "type": "boolean", + "default": false + }, + "className": { + "type": "string" + }, + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + } + }, "annotations": { "type": "object", "additionalProperties": { "type": "string" } }, - "className": { - "type": "string" - }, "tlsEnabled": { "type": "boolean" }, "tlsSecret": { "type": "string" }, - "controllerType": { - "type": "string", - "enum": [ - "ingress-nginx" - ] - }, "service": { "type": "object", "required": [ diff --git a/charts/matrix-stack/source/common/ingress_without_host.json b/charts/matrix-stack/source/common/ingress_without_host.json index 8ea0aab31..8a35e9a0d 100644 --- a/charts/matrix-stack/source/common/ingress_without_host.json +++ b/charts/matrix-stack/source/common/ingress_without_host.json @@ -1,6 +1,52 @@ { "type": "object", "properties": { + "enabled": { + "type": "boolean" + }, + "type": { + "type": "string", + "enum": [ + "HTTPRoute", + "Ingress" + ] + }, + "HTTPRoute": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { "type": "string" }, + "namespace": { "type": "string" }, + "group": { "type": "string" }, + "kind": { "type": "string" }, + "sectionName": { "type": "string" }, + "port": { "type": "integer" } + } + } + } + } + }, + "Ingress": { + "type": "object", + "properties": { + "className": { + "type": "string" + }, + "controllerType": { + "type": "string", + "enum": [ + "ingress-nginx" + ] + } + } + }, "annotations": { "type": "object", "additionalProperties": { @@ -10,21 +56,12 @@ ] } }, - "className": { - "type": "string" - }, "tlsEnabled": { "type": "boolean" }, "tlsSecret": { "type": "string" }, - "controllerType": { - "type": "string", - "enum": [ - "ingress-nginx" - ] - }, "service": { "$ref": "file://common/service.json" } diff --git a/charts/matrix-stack/source/common/sub_schema_values.yaml.j2 b/charts/matrix-stack/source/common/sub_schema_values.yaml.j2 index 387fe581b..28ad4c10c 100644 --- a/charts/matrix-stack/source/common/sub_schema_values.yaml.j2 +++ b/charts/matrix-stack/source/common/sub_schema_values.yaml.j2 @@ -167,12 +167,14 @@ networking: ## What hostname should be used for this Ingress # host: {% endif %} + ## Should we generate {{ 'any' if global else 'this' }} Ingress {{ 'resources' if global else 'resource' }} + enabled: true + ## What type of ingress resource should be used (Ingress, HTTPRoute) + type: Ingress + ## Annotations to be added to {{ 'all Ingresses. Will be merged with component specific Ingress annotations' if global else 'this Ingress' }} annotations: {} - ## What Ingress Class Name that should be used for {{ 'all Ingresses by default' if global else 'this Ingress' }} - # className: - ## Disable TLS configuration by setting it to false tlsEnabled: true @@ -199,9 +201,35 @@ networking: # externalIPs: [] service: {} {%- endif %} - ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. - ## This can be set to `ingress-nginx`. - # controllerType: + + ## Ingress specific configuration + Ingress: {} + ## What Ingress Class Name that should be used for {{ 'all Ingresses by default' if global else 'this Ingress' }} + # className: + + ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. + ## This can be set to `ingress-nginx`. + # controllerType: + + ## HTTPRoute specific configuration + HTTPRoute: {} + ## List of existing Gateway parent refs to connect the routes to. + ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference + # existingGateways: {} + + {%- if global %} + + ## Configuration for the generated Gateway + gateway: + ## Should we generate a Gateway resource for the HTTPRoutes + create: false + + ## Gateway controller class name to use + # className: "" + + ## Additional annotations for the Gateway + annotations: {} + {%- endif %} {%- endmacro %} {% macro labels(global=false, key='labels') %} diff --git a/charts/matrix-stack/source/synapse/ingress_with_additional_paths.json b/charts/matrix-stack/source/synapse/ingress_with_additional_paths.json index ed7da656a..2e14df852 100644 --- a/charts/matrix-stack/source/synapse/ingress_with_additional_paths.json +++ b/charts/matrix-stack/source/synapse/ingress_with_additional_paths.json @@ -1,6 +1,52 @@ { "type": "object", "properties": { + "enabled": { + "type": "boolean" + }, + "type": { + "type": "string", + "enum": [ + "HTTPRoute", + "Ingress" + ] + }, + "HTTPRoute": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { "type": "string" }, + "namespace": { "type": "string" }, + "group": { "type": "string" }, + "kind": { "type": "string" }, + "sectionName": { "type": "string" }, + "port": { "type": "integer" } + } + } + } + } + }, + "Ingress": { + "type": "object", + "properties": { + "className": { + "type": "string" + }, + "controllerType": { + "type": "string", + "enum": [ + "ingress-nginx" + ] + } + } + }, "annotations": { "type": "object", "additionalProperties": { @@ -13,21 +59,12 @@ "host": { "type": "string" }, - "className": { - "type": "string" - }, "tlsEnabled": { "type": "boolean" }, "tlsSecret": { "type": "string" }, - "controllerType": { - "type": "string", - "enum": [ - "ingress-nginx" - ] - }, "service": { "$ref": "file://common/service.json" }, diff --git a/charts/matrix-stack/templates/element-admin/httproute.yaml b/charts/matrix-stack/templates/element-admin/httproute.yaml new file mode 100644 index 000000000..d08e819b7 --- /dev/null +++ b/charts/matrix-stack/templates/element-admin/httproute.yaml @@ -0,0 +1,41 @@ +{{- /* +SPDX-License-Identifier: AGPL-3.0-only +*/ -}} +{{- with .Values.elementAdmin -}} +{{- if eq (include "element-io.ess-library.ingress.isEnabled" (dict "root" $ "context" (dict "ingress" .ingress "type" "HTTPRoute"))) "true" -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: +{{- include "element-io.ess-library.ingress.annotations" (dict "root" $ "context" (dict "ingress" .ingress)) | nindent 2 }} + labels: + {{- include "element-io.element-admin.labels" (dict "root" $ "context" .) | nindent 4 }} + name: {{ $.Release.Name }}-element-admin + namespace: {{ $.Release.Namespace }} +spec: + parentRefs: + {{- include "element-io.ess-library.ingress.parentRefs" (dict "root" $ "context" (dict "serviceName" "element-admin" "HTTPRoute" .ingress.HTTPRoute)) | nindent 4 }} + hostnames: + - {{ (tpl .ingress.host $) | quote }} + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: {{ $.Release.Name }}-element-admin + port: 8080 + group: "" + kind: Service + {{- if eq (include "element-io.ess-library.ingress.tls.isEnabled" (dict "root" $ "context" .ingress)) "true" }} + - matches: + - path: + type: PathPrefix + value: / + filters: + - requestRedirect: + scheme: https + statusCode: 301 + type: RequestRedirect + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/matrix-stack/templates/element-admin/ingress.yaml b/charts/matrix-stack/templates/element-admin/ingress.yaml index 0550e16a7..2bd590793 100644 --- a/charts/matrix-stack/templates/element-admin/ingress.yaml +++ b/charts/matrix-stack/templates/element-admin/ingress.yaml @@ -5,7 +5,7 @@ Copyright 2025 Element Creations Ltd SPDX-License-Identifier: AGPL-3.0-only */ -}} {{- with .Values.elementAdmin -}} -{{- if .enabled -}} +{{- if eq (include "element-io.ess-library.ingress.isEnabled" (dict "root" $ "context" (dict "ingress" .ingress "type" "Ingress"))) "true" -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -16,7 +16,7 @@ metadata: namespace: {{ $.Release.Namespace }} spec: {{- include "element-io.ess-library.ingress.tls" (dict "root" $ "context" (dict "ingress" .ingress "ingressName" "element-admin")) | nindent 2 }} -{{- include "element-io.ess-library.ingress.className" (dict "root" $ "context" .ingress.className) | nindent 2 }} +{{- include "element-io.ess-library.ingress.className" (dict "root" $ "context" .ingress.Ingress.className) | nindent 2 }} rules: - host: {{ (tpl .ingress.host $) | quote }} http: diff --git a/charts/matrix-stack/templates/element-web/httproute.yaml b/charts/matrix-stack/templates/element-web/httproute.yaml new file mode 100644 index 000000000..0e99ca554 --- /dev/null +++ b/charts/matrix-stack/templates/element-web/httproute.yaml @@ -0,0 +1,41 @@ +{{- /* +SPDX-License-Identifier: AGPL-3.0-only +*/ -}} +{{- with .Values.elementWeb -}} +{{- if eq (include "element-io.ess-library.ingress.isEnabled" (dict "root" $ "context" (dict "ingress" .ingress "type" "HTTPRoute"))) "true" -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: +{{- include "element-io.ess-library.ingress.annotations" (dict "root" $ "context" (dict "ingress" .ingress)) | nindent 2 }} + labels: + {{- include "element-io.element-web.labels" (dict "root" $ "context" .) | nindent 4 }} + name: {{ $.Release.Name }}-element-web + namespace: {{ $.Release.Namespace }} +spec: + parentRefs: + {{- include "element-io.ess-library.ingress.parentRefs" (dict "root" $ "context" (dict "serviceName" "element-web" "HTTPRoute" .ingress.HTTPRoute)) | nindent 4 }} + hostnames: + - {{ (tpl .ingress.host $) | quote }} + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: {{ $.Release.Name }}-element-web + port: 80 + group: "" + kind: Service + {{- if eq (include "element-io.ess-library.ingress.tls.isEnabled" (dict "root" $ "context" .ingress)) "true" }} + - matches: + - path: + type: PathPrefix + value: / + filters: + - requestRedirect: + scheme: https + statusCode: 301 + type: RequestRedirect + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/matrix-stack/templates/element-web/ingress.yaml b/charts/matrix-stack/templates/element-web/ingress.yaml index cfad0d7b6..5aaa573b5 100644 --- a/charts/matrix-stack/templates/element-web/ingress.yaml +++ b/charts/matrix-stack/templates/element-web/ingress.yaml @@ -5,7 +5,7 @@ Copyright 2025 Element Creations Ltd SPDX-License-Identifier: AGPL-3.0-only */ -}} {{- with .Values.elementWeb -}} -{{- if .enabled -}} +{{- if eq (include "element-io.ess-library.ingress.isEnabled" (dict "root" $ "context" (dict "ingress" .ingress "type" "Ingress"))) "true" -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -16,7 +16,7 @@ metadata: namespace: {{ $.Release.Namespace }} spec: {{- include "element-io.ess-library.ingress.tls" (dict "root" $ "context" (dict "ingress" .ingress "ingressName" "element-web")) | nindent 2 }} -{{- include "element-io.ess-library.ingress.className" (dict "root" $ "context" .ingress.className) | nindent 2 }} +{{- include "element-io.ess-library.ingress.className" (dict "root" $ "context" .ingress.Ingress.className) | nindent 2 }} rules: - host: {{ (tpl .ingress.host $) | quote }} http: diff --git a/charts/matrix-stack/templates/ess-library/_ingress.tpl b/charts/matrix-stack/templates/ess-library/_ingress.tpl index a1cad314a..1fe6a241a 100644 --- a/charts/matrix-stack/templates/ess-library/_ingress.tpl +++ b/charts/matrix-stack/templates/ess-library/_ingress.tpl @@ -70,6 +70,13 @@ ipFamilyPolicy: PreferDualStack {{- end }} {{- end }} +{{- define "element-io.ess-library.ingress.tls.isEnabled" -}} +{{- $root := .root -}} +{{- with required "element-io.ess-library.ingress.tls.isEnabled missing context" .context -}} +{{- and $root.Values.ingress.tlsEnabled .tlsEnabled -}} +{{- end -}} +{{- end -}} + {{- define "element-io.ess-library.ingress.tls" -}} {{- $root := .root -}} {{- with required "element-io.ess-library.ingress.tls missing context" .context -}} @@ -133,3 +140,42 @@ ImplementationSpecific Prefix {{- end -}} {{- end -}} + +{{- define "element-io.ess-library.ingress.parentRefs" -}} +{{- $root := .root -}} +{{- with required "element-io.ess-library.ingress.parentRefs missing context" .context -}} +{{- $serviceName := required "element-io.ess-library.ingress.parentRefs missing serviceName" .serviceName -}} +{{- $globalHTTPRouteConfig := $root.Values.ingress.HTTPRoute | default dict -}} +{{- $httpRouteConfig := .HTTPRoute | default dict -}} +{{- $gateways := concat + ($globalHTTPRouteConfig.existingGateways | default list) + ($httpRouteConfig.existingGateways | default list) +-}} +{{- $builtinGateway := $root.Values.ingress.gateway | default dict -}} +{{- if or (gt (len $gateways) 0) $builtinGateway.create -}} +{{- if gt (len $gateways) 0 -}} +{{ toYaml $gateways }} +{{- end -}} +{{ if $builtinGateway.create }} +- name: {{ $root.Release.Name | quote }} + namespace: {{ $root.Release.Namespace | quote }} + kind: gateway + group: gateway.networking.k8s.io + sectionname: {{ printf "%s-%s" $root.Release.Name $serviceName | quote }} +{{ end }} +{{- else -}} +[] +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "element-io.ess-library.ingress.isEnabled" -}} +{{- $root := .root -}} +{{- with required "element-io.ess-library.ingress.isEnabled missing context" .context -}} +{{- $ingress := required "element-io.ess-library.ingress.isEnabled missing ingress" .ingress -}} +{{- $type := required "element-io.ess-library.ingress.isEnabled missing type" .type -}} +{{- $desiredType := coalesce $ingress.type $root.Values.ingress.type -}} +{{- $enabled := or $ingress.enabled $root.Values.ingress.enabled -}} +{{- and $enabled (eq $type $desiredType) -}} +{{- end -}} +{{- end -}} diff --git a/charts/matrix-stack/templates/gateway/_helpers.tpl b/charts/matrix-stack/templates/gateway/_helpers.tpl new file mode 100644 index 000000000..4a0ccefdd --- /dev/null +++ b/charts/matrix-stack/templates/gateway/_helpers.tpl @@ -0,0 +1,75 @@ +{{- /* +SPDX-License-Identifier: AGPL-3.0-only +*/ -}} +{{- define "element-io.gateway.tlsConfig" -}} +{{- $root := .root -}} +{{- with required "element-io.gateway.tlsConfig missing context" .context -}} +{{- $tlsSecret := coalesce + .tlsSecret + $root.Values.ingress.tlsSecret + (printf "%s-%s-certmanager-tls" $root.Release.Name .name) +-}} +tls: + certificateRefs: + - group: "" + kind: Secret + name: {{ $tlsSecret | quote }} + mode: Terminate +{{- end -}} +{{- end -}} + +{{- define "element-io.gateway.listeners" -}} +{{- $root := .root -}} +{{- $contexts := dict + "element-admin" $root.Values.elementAdmin + "element-web" $root.Values.elementWeb + "hookshot" $root.Values.hookshot + "matrix-authentication-service" $root.Values.matrixAuthenticationService + "matrix-rtc" $root.Values.matrixRTC + "synapse" $root.Values.synapse + "well-known" $root.Values.wellKnownDelegation +-}} +{{- $listenFor := $root.Values.ingress.gateway.listenFor | default (list + "element-admin" + "element-web" + "matrix-authentication-service" + "matrix-rtc" + "synapse" + "well-known") +-}} +{{- if and (not $root.Values.ingress.gateway.listenFor) $root.Values.hookshot.enabled -}} +{{- $listenFor = append $listenFor "hookshot" -}} +{{- end -}} +{{- range $listenFor -}} +{{- $service := . -}} +{{- with required "element-io.gateway.listener missing context" (index $contexts $service) -}} +{{- if eq (include "element-io.ess-library.ingress.isEnabled" (dict "root" $root "context" (dict "ingress" .ingress "type" "HTTPRoute"))) "true" }} +- hostname: {{ .ingress.host | default $root.Values.serverName | quote }} + {{- if eq (include "element-io.ess-library.ingress.tls.isEnabled" (dict "root" $root "context" .ingress)) "true" }} + port: 443 + protocol: HTTPS + {{- include "element-io.gateway.tlsConfig" (dict "root" $root "context" (dict "tlsSecret" .ingress.tlsSecret "name" $service)) | nindent 2 }} + {{- else }} + port: 80 + protocol: HTTP + {{- end }} + name: {{ printf "%s-%s" $root.Release.Name $service | quote }} + allowedRoutes: + namespaces: + from: Same +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "element-io.gateway.labels" -}} +{{- $root := .root -}} +{{- with required "element-io.gateway.labels missing context" .context -}} +{{- $labels := .labels | default dict -}} +{{ include "element-io.ess-library.labels.common" (dict "root" $root "context" (dict "labels" $labels)) }} +app.kubernetes.io/component: matrix-stack-ingress +app.kubernetes.io/name: {{ $root.Release.Name }} +app.kubernetes.io/instance: {{ $root.Release.Name }}-gateway +app.kubernetes.io/version: {{ include "element-io.ess-library.labels.makeSafe" $root.Chart.Version }} +{{- end -}} +{{- end -}} diff --git a/charts/matrix-stack/templates/gateway/gateway.yaml b/charts/matrix-stack/templates/gateway/gateway.yaml new file mode 100644 index 000000000..d6623b14e --- /dev/null +++ b/charts/matrix-stack/templates/gateway/gateway.yaml @@ -0,0 +1,17 @@ +{{- /* +SPDX-License-Identifier: AGPL-3.0-only +*/ -}} +{{- if and .Values.ingress.gateway .Values.ingress.gateway.create }} +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: +{{- include "element-io.ess-library.ingress.annotations" (dict "root" $ "context" (dict "ingress" .Values.ingress.gateway)) | nindent 2 }} + labels: + {{- include "element-io.gateway.labels" (dict "root" $ "context" .Values.ingress.gateway) | nindent 4 }} + name: {{ $.Release.Name }} + namespace: {{ $.Release.Namespace }} +spec: + gatewayClassName: {{ .Values.ingress.gateway.className }} + listeners: + {{- include "element-io.gateway.listeners" (dict "root" $) | nindent 4 -}} +{{- end }} diff --git a/charts/matrix-stack/templates/hookshot/hookshot_httproute.yaml b/charts/matrix-stack/templates/hookshot/hookshot_httproute.yaml new file mode 100644 index 000000000..5c813f39e --- /dev/null +++ b/charts/matrix-stack/templates/hookshot/hookshot_httproute.yaml @@ -0,0 +1,51 @@ +{{- /* +SPDX-License-Identifier: AGPL-3.0-only +*/ -}} +{{- with $.Values.hookshot -}} +{{- if and (eq (include "element-io.ess-library.ingress.isEnabled" (dict "root" $ "context" (dict "ingress" .ingress "type" "HTTPRoute"))) "true") .ingress.host -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: +{{- $extraAnnotations := dict }} +{{- include "element-io.ess-library.ingress.annotations" (dict "root" $ "context" (dict "ingress" .ingress "extraAnnotations" $extraAnnotations)) | nindent 2 }} + labels: + {{- include "element-io.hookshot.labels" (dict "root" $ "context" $.Values.haproxy) | nindent 4 }} + name: {{ $.Release.Name }}-hookshot + namespace: {{ $.Release.Namespace }} +spec: + parentRefs: + {{- include "element-io.ess-library.ingress.parentRefs" (dict "root" $ "context" (dict "serviceName" "hookshot" "HTTPRoute" .ingress.HTTPRoute)) | nindent 4 }} + hostnames: + - {{ (tpl .ingress.host $) | quote }} + rules: + - matches: + - path: + type: PathPrefix + value: /widgetapi/v1 + backendRefs: + - name: "{{ $.Release.Name }}-hookshot" + port: 7778 + group: "" + kind: Service + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: "{{ $.Release.Name }}-hookshot" + port: 7775 + group: "" + kind: Service + {{- if eq (include "element-io.ess-library.ingress.tls.isEnabled" (dict "root" $ "context" .ingress)) "true" }} + - matches: + - path: + type: PathPrefix + value: / + filters: + - requestRedirect: + scheme: https + statusCode: 301 + type: RequestRedirect + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/matrix-stack/templates/hookshot/hookshot_ingress.yaml b/charts/matrix-stack/templates/hookshot/hookshot_ingress.yaml index 6a9d1ad16..3eb5593ac 100644 --- a/charts/matrix-stack/templates/hookshot/hookshot_ingress.yaml +++ b/charts/matrix-stack/templates/hookshot/hookshot_ingress.yaml @@ -6,7 +6,7 @@ SPDX-License-Identifier: AGPL-3.0-only {{- with $.Values.hookshot -}} -{{- if and .enabled .ingress.host }} +{{- if and (eq (include "element-io.ess-library.ingress.isEnabled" (dict "root" $ "context" (dict "ingress" .ingress "type" "Ingress"))) "true") .ingress.host -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -18,7 +18,7 @@ metadata: namespace: {{ $.Release.Namespace }} spec: {{- include "element-io.ess-library.ingress.tls" (dict "root" $ "context" (dict "ingress" .ingress "ingressName" "hookshot")) | nindent 2 }} -{{- include "element-io.ess-library.ingress.className" (dict "root" $ "context" .ingress.className) | nindent 2 }} +{{- include "element-io.ess-library.ingress.className" (dict "root" $ "context" .ingress.Ingress.className) | nindent 2 }} rules: - host: {{ (tpl .ingress.host $) | quote }} http: diff --git a/charts/matrix-stack/templates/matrix-authentication-service/httproute.yaml b/charts/matrix-stack/templates/matrix-authentication-service/httproute.yaml new file mode 100644 index 000000000..6b17fd446 --- /dev/null +++ b/charts/matrix-stack/templates/matrix-authentication-service/httproute.yaml @@ -0,0 +1,41 @@ +{{- /* +SPDX-License-Identifier: AGPL-3.0-only +*/ -}} +{{- with .Values.matrixAuthenticationService -}} +{{- if eq (include "element-io.ess-library.ingress.isEnabled" (dict "root" $ "context" (dict "ingress" .ingress "type" "HTTPRoute"))) "true" -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: +{{- include "element-io.ess-library.ingress.annotations" (dict "root" $ "context" (dict "ingress" .ingress)) | nindent 2 }} + labels: + {{- include "element-io.matrix-authentication-service.labels" (dict "root" $ "context" .) | nindent 4 }} + name: {{ $.Release.Name }}-matrix-authentication-service + namespace: {{ $.Release.Namespace }} +spec: + parentRefs: + {{- include "element-io.ess-library.ingress.parentRefs" (dict "root" $ "context" (dict "serviceName" "matrix-authentication-service" "HTTPRoute" .ingress.HTTPRoute)) | nindent 4 }} + hostnames: + - {{ (tpl .ingress.host $) | quote }} + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: {{ $.Release.Name }}-matrix-authentication-service + port: 8080 + group: "" + kind: Service + {{- if eq (include "element-io.ess-library.ingress.tls.isEnabled" (dict "root" $ "context" .ingress)) "true" }} + - matches: + - path: + type: PathPrefix + value: / + filters: + - requestRedirect: + scheme: https + statusCode: 301 + type: RequestRedirect + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/matrix-stack/templates/matrix-authentication-service/ingress.yaml b/charts/matrix-stack/templates/matrix-authentication-service/ingress.yaml index e413d9954..1431d338b 100644 --- a/charts/matrix-stack/templates/matrix-authentication-service/ingress.yaml +++ b/charts/matrix-stack/templates/matrix-authentication-service/ingress.yaml @@ -6,7 +6,7 @@ SPDX-License-Identifier: AGPL-3.0-only */ -}} {{- with .Values.matrixAuthenticationService -}} -{{- if .enabled -}} +{{- if eq (include "element-io.ess-library.ingress.isEnabled" (dict "root" $ "context" (dict "ingress" .ingress "type" "Ingress"))) "true" -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -17,7 +17,7 @@ metadata: namespace: {{ $.Release.Namespace }} spec: {{- include "element-io.ess-library.ingress.tls" (dict "root" $ "context" (dict "ingress" .ingress "ingressName" "matrix-authentication-service")) | nindent 2 }} -{{- include "element-io.ess-library.ingress.className" (dict "root" $ "context" .ingress.className) | nindent 2 }} +{{- include "element-io.ess-library.ingress.className" (dict "root" $ "context" .ingress.Ingress.className) | nindent 2 }} rules: - host: {{ (tpl .ingress.host $) | quote }} http: diff --git a/charts/matrix-stack/templates/matrix-rtc/httproute.yaml b/charts/matrix-stack/templates/matrix-rtc/httproute.yaml new file mode 100644 index 000000000..dd2365988 --- /dev/null +++ b/charts/matrix-stack/templates/matrix-rtc/httproute.yaml @@ -0,0 +1,53 @@ +{{- /* +SPDX-License-Identifier: AGPL-3.0-only +*/ -}} +{{- with .Values.matrixRTC -}} +{{- if eq (include "element-io.ess-library.ingress.isEnabled" (dict "root" $ "context" (dict "ingress" .ingress "type" "HTTPRoute"))) "true" -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: +{{- $extraAnnotations := dict }} +{{- include "element-io.ess-library.ingress.annotations" (dict "root" $ "context" (dict "ingress" .ingress "extraAnnotations" $extraAnnotations)) | nindent 2 }} + labels: + {{- include "element-io.matrix-rtc-ingress.labels" (dict "root" $ "context" .) | nindent 4 }} + name: {{ $.Release.Name }}-matrix-rtc + namespace: {{ $.Release.Namespace }} +spec: + parentRefs: + {{- include "element-io.ess-library.ingress.parentRefs" (dict "root" $ "context" (dict "serviceName" "matrix-rtc" "HTTPRoute" .ingress.HTTPRoute)) | nindent 4 }} + hostnames: + - {{ (tpl .ingress.host $) | quote }} + rules: + - matches: + - path: + type: PathPrefix + value: /sfu/get + backendRefs: + - name: {{ $.Release.Name }}-matrix-rtc-authorisation-service + port: 8080 + group: "" + kind: Service + {{- if .sfu.enabled }} + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: {{ $.Release.Name }}-matrix-rtc-sfu + port: 7880 + group: "" + kind: Service + {{- end }} + {{- if eq (include "element-io.ess-library.ingress.tls.isEnabled" (dict "root" $ "context" .ingress)) "true" }} + - matches: + - path: + type: PathPrefix + value: / + filters: + - requestRedirect: + scheme: https + statusCode: 301 + type: RequestRedirect + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/matrix-stack/templates/matrix-rtc/ingress.yaml b/charts/matrix-stack/templates/matrix-rtc/ingress.yaml index 76195a508..dd38e4a8f 100644 --- a/charts/matrix-stack/templates/matrix-rtc/ingress.yaml +++ b/charts/matrix-stack/templates/matrix-rtc/ingress.yaml @@ -5,13 +5,13 @@ Copyright 2025-2026 Element Creations Ltd SPDX-License-Identifier: AGPL-3.0-only */ -}} {{- with .Values.matrixRTC -}} -{{- if .enabled -}} +{{- if eq (include "element-io.ess-library.ingress.isEnabled" (dict "root" $ "context" (dict "ingress" .ingress "type" "Ingress"))) "true" -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: {{- $extraAnnotations := dict }} {{- if .sfu.enabled }} -{{- if eq "ingress-nginx" (include "element-io.ess-library.ingress-controller-type" (dict "root" $ "context" .ingress.controllerType)) }} +{{- if eq "ingress-nginx" (include "element-io.ess-library.ingress-controller-type" (dict "root" $ "context" .ingress.Ingress.controllerType)) }} {{- $_ := set $extraAnnotations "nginx.ingress.kubernetes.io/proxy-send-timeout" "120" }} {{- $_ := set $extraAnnotations "nginx.ingress.kubernetes.io/proxy-read-timeout" "120" }} {{- $_ := set $extraAnnotations "nginx.ingress.kubernetes.io/proxy-buffering" "off" }} @@ -24,7 +24,7 @@ metadata: namespace: {{ $.Release.Namespace }} spec: {{- include "element-io.ess-library.ingress.tls" (dict "root" $ "context" (dict "ingress" .ingress "ingressName" "matrix-rtc")) | nindent 2 }} -{{- include "element-io.ess-library.ingress.className" (dict "root" $ "context" .ingress.className) | nindent 2 }} +{{- include "element-io.ess-library.ingress.className" (dict "root" $ "context" .ingress.Ingress.className) | nindent 2 }} rules: - host: {{ (tpl .ingress.host $) | quote }} http: diff --git a/charts/matrix-stack/templates/synapse/_helpers.tpl b/charts/matrix-stack/templates/synapse/_helpers.tpl index 4875ba221..07946e88b 100644 --- a/charts/matrix-stack/templates/synapse/_helpers.tpl +++ b/charts/matrix-stack/templates/synapse/_helpers.tpl @@ -108,6 +108,8 @@ env: {{- define "element-io.synapse.ingress.additionalPaths" -}} {{- $root := .root -}} +{{- $ingress := $root.Values.synapse.ingress | default dict }} +{{- $type := coalesce $ingress.type $root.Values.ingress.type }} {{- with required "element-io.synapse.ingress.additionalPaths missing context" .context -}} {{- if include "element-io.matrix-authentication-service.readyToHandleAuth" (dict "root" $root) }} {{- range $apiVersion := list "api/v1" "r0" "v3" "unstable" }} @@ -118,6 +120,9 @@ env: name: "{{ $root.Release.Name }}-matrix-authentication-service" port: name: http + {{- if eq $type "HTTPRoute" }} + number: 8080 + {{- end }} {{- end }} {{- end }} {{- end }} @@ -128,12 +133,18 @@ env: name: "{{ $root.Release.Name }}-hookshot" port: name: widgets + {{- if eq $type "HTTPRoute" }} + number: 7778 + {{- end }} - path: "/_matrix/hookshot" availability: only_externally service: name: "{{ $root.Release.Name }}-hookshot" port: name: webhooks + {{- if eq $type "HTTPRoute" }} + number: 7775 + {{- end }} {{- end -}} {{- range $root.Values.synapse.ingress.additionalPaths }} - {{ . | toYaml | indent 2 | trim }} diff --git a/charts/matrix-stack/templates/synapse/synapse_httproute.yaml b/charts/matrix-stack/templates/synapse/synapse_httproute.yaml new file mode 100644 index 000000000..e4caaebd9 --- /dev/null +++ b/charts/matrix-stack/templates/synapse/synapse_httproute.yaml @@ -0,0 +1,82 @@ +{{- /* +SPDX-License-Identifier: AGPL-3.0-only +*/ -}} +{{- with $.Values.synapse -}} +{{- if eq (include "element-io.ess-library.ingress.isEnabled" (dict "root" $ "context" (dict "ingress" .ingress "type" "HTTPRoute"))) "true" -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: +{{- $extraAnnotations := dict }} +{{- include "element-io.ess-library.ingress.annotations" (dict "root" $ "context" (dict "ingress" .ingress "extraAnnotations" $extraAnnotations)) | nindent 2 }} + labels: + {{- include "element-io.synapse-ingress.labels" (dict "root" $ "context" $.Values.haproxy) | nindent 4 }} + name: {{ $.Release.Name }}-synapse + namespace: {{ $.Release.Namespace }} +spec: + parentRefs: + {{- include "element-io.ess-library.ingress.parentRefs" (dict "root" $ "context" (dict "serviceName" "synapse" "HTTPRoute" .ingress.HTTPRoute)) | nindent 4 }} + hostnames: + - {{ (tpl .ingress.host $) | quote }} + rules: +{{- if eq (include "element-io.ess-library.ingress.tls.isEnabled" (dict "root" $ "context" .ingress)) "true" }} + - matches: + - path: + type: PathPrefix + value: / + filters: + - requestRedirect: + scheme: https + statusCode: 301 + type: RequestRedirect +{{- end }} +{{- range (include "element-io.synapse.ingress.additionalPaths" (dict "root" $ "context" .)) | fromYamlArray -}} +{{- if eq .availability "only_externally" }} + - matches: + - path: + type: PathPrefix + value: {{ .path }} + backendRefs: + - name: {{ (tpl .service.name $) | quote }} + port: {{ .service.port.number }} + group: "" + kind: Service +{{- else if eq .availability "blocked" }} + - matches: + - path: + type: PathPrefix + value: {{ .path }} + backendRefs: + - name: "{{ $.Release.Name }}-synapse" + port: 8009 + group: "" + kind: Service +{{- end }} +{{- end }} +{{- range $synapsePath := (list "/_matrix" "/_synapse") -}} +{{- /* Determine if this path is equal to, or a subset of, one of the + defined additional paths. If so, let the other service handle it and don't + add it here. */}} +{{- $_pathAlreadyDefined := false }} +{{- range (include "element-io.synapse.ingress.additionalPaths" (dict "root" $ "context" .)) | fromYamlArray -}} +{{- if has .availability (list "only_externally" "blocked") }} +{{- if hasPrefix .path $synapsePath }} +{{- $_pathAlreadyDefined = true }} +{{- end }} +{{- end }} +{{- end -}} +{{- /* The path, or a superset of, has not already been defined in _additional_paths. + Define it here.*/}} +{{- if not $_pathAlreadyDefined }} + - matches: + - path: + type: PathPrefix + value: {{ $synapsePath }} + backendRefs: + - name: "{{ $.Release.Name }}-synapse" + port: 8008 + group: "" + kind: Service +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/matrix-stack/templates/synapse/synapse_ingress.yaml b/charts/matrix-stack/templates/synapse/synapse_ingress.yaml index 9a85a5172..514f3a75a 100644 --- a/charts/matrix-stack/templates/synapse/synapse_ingress.yaml +++ b/charts/matrix-stack/templates/synapse/synapse_ingress.yaml @@ -6,22 +6,23 @@ SPDX-License-Identifier: AGPL-3.0-only */ -}} {{- with $.Values.synapse -}} -{{- if .enabled -}} +{{- if eq (include "element-io.ess-library.ingress.isEnabled" (dict "root" $ "context" (dict "ingress" .ingress "type" "Ingress"))) "true" -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: {{- $extraAnnotations := dict }} -{{- if eq (include "element-io.ess-library.ingress-controller-type" (dict "root" $ "context" .ingress.controllerType)) "ingress-nginx" }} +{{- if eq (include "element-io.ess-library.ingress-controller-type" (dict "root" $ "context" .ingress.Ingress.controllerType)) "ingress-nginx" }} {{- $_ := set $extraAnnotations "nginx.ingress.kubernetes.io/proxy-body-size" .media.maxUploadSize }} {{- end }} {{- include "element-io.ess-library.ingress.annotations" (dict "root" $ "context" (dict "ingress" .ingress "extraAnnotations" $extraAnnotations)) | nindent 2 }} + test: {{ include "element-io.ess-library.ingress.isEnabled" (dict "root" $ "context" (dict "ingress" .ingress "type" "Ingress")) }} labels: {{- include "element-io.synapse-ingress.labels" (dict "root" $ "context" $.Values.haproxy) | nindent 4 }} name: {{ $.Release.Name }}-synapse namespace: {{ $.Release.Namespace }} spec: {{- include "element-io.ess-library.ingress.tls" (dict "root" $ "context" (dict "ingress" .ingress "ingressName" "synapse")) | nindent 2 }} -{{- include "element-io.ess-library.ingress.className" (dict "root" $ "context" .ingress.className) | nindent 2 }} +{{- include "element-io.ess-library.ingress.className" (dict "root" $ "context" .ingress.Ingress.className) | nindent 2 }} rules: - host: {{ (tpl .ingress.host $) | quote }} http: diff --git a/charts/matrix-stack/templates/well-known/_helpers.tpl b/charts/matrix-stack/templates/well-known/_helpers.tpl index 1862ec332..98264e7b4 100644 --- a/charts/matrix-stack/templates/well-known/_helpers.tpl +++ b/charts/matrix-stack/templates/well-known/_helpers.tpl @@ -93,3 +93,14 @@ support: | {{- (tpl (include "element-io.well-known-delegation.support" (dict "root" $root "context" .)) $root) | nindent 2 }} {{- end -}} {{- end -}} + +{{- define "element-io.well-known-delegation.httproute-path" -}} +{{- $root := .root -}} +{{- with required "element-io.well-known-delegation.httproute-path missing context" .context -}} +{{- if and .enabled (or $root.Values.elementWeb.enabled .url) -}} +/ +{{- else -}} +/.well-known/matrix +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/matrix-stack/templates/well-known/httproute.yaml b/charts/matrix-stack/templates/well-known/httproute.yaml new file mode 100644 index 000000000..12944b7dc --- /dev/null +++ b/charts/matrix-stack/templates/well-known/httproute.yaml @@ -0,0 +1,41 @@ +{{- /* +SPDX-License-Identifier: AGPL-3.0-only +*/ -}} +{{- with $.Values.wellKnownDelegation -}} +{{- if eq (include "element-io.ess-library.ingress.isEnabled" (dict "root" $ "context" (dict "ingress" .ingress "type" "HTTPRoute"))) "true" -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: +{{- include "element-io.ess-library.ingress.annotations" (dict "root" $ "context" (dict "ingress" .ingress)) | nindent 2 }} + labels: + {{- include "element-io.well-known-delegation-ingress.labels" (dict "root" $ "context" $.Values.haproxy) | nindent 4 }} + name: {{ $.Release.Name }}-well-known + namespace: {{ $.Release.Namespace }} +spec: + parentRefs: + {{- include "element-io.ess-library.ingress.parentRefs" (dict "root" $ "context" (dict "serviceName" "well-known" "HTTPRoute" .ingress.HTTPRoute)) | nindent 4 }} + hostnames: + - {{ tpl $.Values.serverName $ }} + rules: + - matches: + - path: + type: PathPrefix + value: {{ include "element-io.well-known-delegation.httproute-path" (dict "root" $ "context" .baseDomainRedirect) }} + backendRefs: + - name: {{ $.Release.Name }}-well-known + port: 8010 + group: "" + kind: Service + {{- if eq (include "element-io.ess-library.ingress.tls.isEnabled" (dict "root" $ "context" .ingress)) "true" }} + - matches: + - path: + type: PathPrefix + value: {{ include "element-io.well-known-delegation.httproute-path" (dict "root" $ "context" .baseDomainRedirect) }} + filters: + - requestRedirect: + scheme: https + statusCode: 301 + type: RequestRedirect + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/matrix-stack/templates/well-known/ingress.yaml b/charts/matrix-stack/templates/well-known/ingress.yaml index 68da34af8..3df03a445 100644 --- a/charts/matrix-stack/templates/well-known/ingress.yaml +++ b/charts/matrix-stack/templates/well-known/ingress.yaml @@ -6,7 +6,7 @@ SPDX-License-Identifier: AGPL-3.0-only */ -}} {{- with $.Values.wellKnownDelegation -}} -{{- if .enabled -}} +{{- if eq (include "element-io.ess-library.ingress.isEnabled" (dict "root" $ "context" (dict "ingress" .ingress "type" "Ingress"))) "true" -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -17,7 +17,7 @@ metadata: namespace: {{ $.Release.Namespace }} spec: {{- include "element-io.ess-library.ingress.tls" (dict "root" $ "context" (dict "host" $.Values.serverName "ingress" .ingress "ingressName" "well-known")) | nindent 2 }} -{{- include "element-io.ess-library.ingress.className" (dict "root" $ "context" .ingress.className) | nindent 2 }} +{{- include "element-io.ess-library.ingress.className" (dict "root" $ "context" .ingress.Ingress.className) | nindent 2 }} rules: - host: "{{ tpl $.Values.serverName $ }}" http: @@ -32,7 +32,7 @@ spec: name: haproxy-wkd {{- else }} - path: /.well-known/matrix - pathType: {{ include "element-io.ess-library.ingress.ingress-nginx-dot-path-type" (dict "root" $ "context" .ingress.controllerType) }} + pathType: {{ include "element-io.ess-library.ingress.ingress-nginx-dot-path-type" (dict "root" $ "context" .ingress.Ingress.controllerType) }} backend: service: name: "{{ $.Release.Name }}-well-known" diff --git a/charts/matrix-stack/values.schema.json b/charts/matrix-stack/values.schema.json index f837fd4cd..cc691a076 100644 --- a/charts/matrix-stack/values.schema.json +++ b/charts/matrix-stack/values.schema.json @@ -161,28 +161,106 @@ }, "ingress": { "type": "object", + "required": [ + "enabled", + "type" + ], "properties": { + "enabled": { + "type": "boolean", + "default": true + }, + "type": { + "type": "string", + "enum": [ + "HTTPRoute", + "Ingress" + ], + "default": "Ingress" + }, + "HTTPRoute": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "sectionName": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "minItems": 1 + } + }, + "additionalProperties": false + }, + "Ingress": { + "type": "object", + "properties": { + "className": { + "type": "string" + }, + "controllerType": { + "type": "string", + "enum": [ + "ingress-nginx" + ] + } + }, + "additionalProperties": false + }, + "gateway": { + "type": "object", + "properties": { + "create": { + "type": "boolean", + "default": false + }, + "className": { + "type": "string" + }, + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, "annotations": { "type": "object", "additionalProperties": { "type": "string" } }, - "className": { - "type": "string" - }, "tlsEnabled": { "type": "boolean" }, "tlsSecret": { "type": "string" }, - "controllerType": { - "type": "string", - "enum": [ - "ingress-nginx" - ] - }, "service": { "type": "object", "required": [ @@ -1480,6 +1558,67 @@ "ingress": { "type": "object", "properties": { + "enabled": { + "type": "boolean" + }, + "type": { + "type": "string", + "enum": [ + "HTTPRoute", + "Ingress" + ] + }, + "HTTPRoute": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "sectionName": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "Ingress": { + "type": "object", + "properties": { + "className": { + "type": "string" + }, + "controllerType": { + "type": "string", + "enum": [ + "ingress-nginx" + ] + } + }, + "additionalProperties": false + }, "annotations": { "type": "object", "additionalProperties": { @@ -1492,21 +1631,12 @@ "host": { "type": "string" }, - "className": { - "type": "string" - }, "tlsEnabled": { "type": "boolean" }, "tlsSecret": { "type": "string" }, - "controllerType": { - "type": "string", - "enum": [ - "ingress-nginx" - ] - }, "service": { "type": "object", "properties": { @@ -3117,6 +3247,67 @@ "ingress": { "type": "object", "properties": { + "enabled": { + "type": "boolean" + }, + "type": { + "type": "string", + "enum": [ + "HTTPRoute", + "Ingress" + ] + }, + "HTTPRoute": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "sectionName": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "Ingress": { + "type": "object", + "properties": { + "className": { + "type": "string" + }, + "controllerType": { + "type": "string", + "enum": [ + "ingress-nginx" + ] + } + }, + "additionalProperties": false + }, "annotations": { "type": "object", "additionalProperties": { @@ -3129,21 +3320,12 @@ "host": { "type": "string" }, - "className": { - "type": "string" - }, "tlsEnabled": { "type": "boolean" }, "tlsSecret": { "type": "string" }, - "controllerType": { - "type": "string", - "enum": [ - "ingress-nginx" - ] - }, "service": { "type": "object", "properties": { @@ -3895,6 +4077,67 @@ "ingress": { "type": "object", "properties": { + "enabled": { + "type": "boolean" + }, + "type": { + "type": "string", + "enum": [ + "HTTPRoute", + "Ingress" + ] + }, + "HTTPRoute": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "sectionName": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "Ingress": { + "type": "object", + "properties": { + "className": { + "type": "string" + }, + "controllerType": { + "type": "string", + "enum": [ + "ingress-nginx" + ] + } + }, + "additionalProperties": false + }, "annotations": { "type": "object", "additionalProperties": { @@ -3907,21 +4150,12 @@ "host": { "type": "string" }, - "className": { - "type": "string" - }, "tlsEnabled": { "type": "boolean" }, "tlsSecret": { "type": "string" }, - "controllerType": { - "type": "string", - "enum": [ - "ingress-nginx" - ] - }, "service": { "type": "object", "properties": { @@ -5220,6 +5454,67 @@ "ingress": { "type": "object", "properties": { + "enabled": { + "type": "boolean" + }, + "type": { + "type": "string", + "enum": [ + "HTTPRoute", + "Ingress" + ] + }, + "HTTPRoute": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "sectionName": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "Ingress": { + "type": "object", + "properties": { + "className": { + "type": "string" + }, + "controllerType": { + "type": "string", + "enum": [ + "ingress-nginx" + ] + } + }, + "additionalProperties": false + }, "annotations": { "type": "object", "additionalProperties": { @@ -5232,21 +5527,12 @@ "host": { "type": "string" }, - "className": { - "type": "string" - }, "tlsEnabled": { "type": "boolean" }, "tlsSecret": { "type": "string" }, - "controllerType": { - "type": "string", - "enum": [ - "ingress-nginx" - ] - }, "service": { "type": "object", "properties": { @@ -6659,6 +6945,67 @@ "ingress": { "type": "object", "properties": { + "enabled": { + "type": "boolean" + }, + "type": { + "type": "string", + "enum": [ + "HTTPRoute", + "Ingress" + ] + }, + "HTTPRoute": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "sectionName": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "Ingress": { + "type": "object", + "properties": { + "className": { + "type": "string" + }, + "controllerType": { + "type": "string", + "enum": [ + "ingress-nginx" + ] + } + }, + "additionalProperties": false + }, "annotations": { "type": "object", "additionalProperties": { @@ -6671,21 +7018,12 @@ "host": { "type": "string" }, - "className": { - "type": "string" - }, "tlsEnabled": { "type": "boolean" }, "tlsSecret": { "type": "string" }, - "controllerType": { - "type": "string", - "enum": [ - "ingress-nginx" - ] - }, "service": { "type": "object", "properties": { @@ -9411,6 +9749,67 @@ "ingress": { "type": "object", "properties": { + "enabled": { + "type": "boolean" + }, + "type": { + "type": "string", + "enum": [ + "HTTPRoute", + "Ingress" + ] + }, + "HTTPRoute": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "sectionName": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "Ingress": { + "type": "object", + "properties": { + "className": { + "type": "string" + }, + "controllerType": { + "type": "string", + "enum": [ + "ingress-nginx" + ] + } + }, + "additionalProperties": false + }, "annotations": { "type": "object", "additionalProperties": { @@ -9423,21 +9822,12 @@ "host": { "type": "string" }, - "className": { - "type": "string" - }, "tlsEnabled": { "type": "boolean" }, "tlsSecret": { "type": "string" }, - "controllerType": { - "type": "string", - "enum": [ - "ingress-nginx" - ] - }, "service": { "type": "object", "properties": { @@ -15202,6 +15592,67 @@ "ingress": { "type": "object", "properties": { + "enabled": { + "type": "boolean" + }, + "type": { + "type": "string", + "enum": [ + "HTTPRoute", + "Ingress" + ] + }, + "HTTPRoute": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "sectionName": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "Ingress": { + "type": "object", + "properties": { + "className": { + "type": "string" + }, + "controllerType": { + "type": "string", + "enum": [ + "ingress-nginx" + ] + } + }, + "additionalProperties": false + }, "annotations": { "type": "object", "additionalProperties": { @@ -15211,21 +15662,12 @@ ] } }, - "className": { - "type": "string" - }, "tlsEnabled": { "type": "boolean" }, "tlsSecret": { "type": "string" }, - "controllerType": { - "type": "string", - "enum": [ - "ingress-nginx" - ] - }, "service": { "type": "object", "properties": { diff --git a/charts/matrix-stack/values.yaml b/charts/matrix-stack/values.yaml index 823865483..ff5c72bae 100644 --- a/charts/matrix-stack/values.yaml +++ b/charts/matrix-stack/values.yaml @@ -53,12 +53,14 @@ labels: {} ## How all ingresses should be constructed by default, unless overridden ingress: + ## Should we generate any Ingress resources + enabled: true + ## What type of ingress resource should be used (Ingress, HTTPRoute) + type: Ingress + ## Annotations to be added to all Ingresses. Will be merged with component specific Ingress annotations annotations: {} - ## What Ingress Class Name that should be used for all Ingresses by default - # className: - ## Disable TLS configuration by setting it to false tlsEnabled: true @@ -73,9 +75,32 @@ ingress: # External traffic policy will be configured on services of type `NodePort` and `LoadBalancer` externalTrafficPolicy: Cluster internalTrafficPolicy: Cluster - ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. - ## This can be set to `ingress-nginx`. - # controllerType: + + ## Ingress specific configuration + Ingress: {} + ## What Ingress Class Name that should be used for all Ingresses by default + # className: + + ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. + ## This can be set to `ingress-nginx`. + # controllerType: + + ## HTTPRoute specific configuration + HTTPRoute: {} + ## List of existing Gateway parent refs to connect the routes to. + ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference + # existingGateways: {} + + ## Configuration for the generated Gateway + gateway: + ## Should we generate a Gateway resource for the HTTPRoutes + create: false + + ## Gateway controller class name to use + # className: "" + + ## Additional annotations for the Gateway + annotations: {} ## Common image properties that are applied as defaults to all components. image: @@ -478,12 +503,14 @@ matrixRTC: ## What hostname should be used for this Ingress # host: + ## Should we generate this Ingress resource + enabled: true + ## What type of ingress resource should be used (Ingress, HTTPRoute) + type: Ingress + ## Annotations to be added to this Ingress annotations: {} - ## What Ingress Class Name that should be used for this Ingress - # className: - ## Disable TLS configuration by setting it to false tlsEnabled: true @@ -500,9 +527,21 @@ matrixRTC: # # External IPs addresses of this service. # externalIPs: [] service: {} - ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. - ## This can be set to `ingress-nginx`. - # controllerType: + + ## Ingress specific configuration + Ingress: {} + ## What Ingress Class Name that should be used for this Ingress + # className: + + ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. + ## This can be set to `ingress-nginx`. + # controllerType: + + ## HTTPRoute specific configuration + HTTPRoute: {} + ## List of existing Gateway parent refs to connect the routes to. + ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference + # existingGateways: {} # Details of the image to be used image: ## The host and (optional) port of the container image registry for this component. @@ -1145,12 +1184,14 @@ elementAdmin: ## What hostname should be used for this Ingress # host: + ## Should we generate this Ingress resource + enabled: true + ## What type of ingress resource should be used (Ingress, HTTPRoute) + type: Ingress + ## Annotations to be added to this Ingress annotations: {} - ## What Ingress Class Name that should be used for this Ingress - # className: - ## Disable TLS configuration by setting it to false tlsEnabled: true @@ -1167,9 +1208,21 @@ elementAdmin: # # External IPs addresses of this service. # externalIPs: [] service: {} - ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. - ## This can be set to `ingress-nginx`. - # controllerType: + + ## Ingress specific configuration + Ingress: {} + ## What Ingress Class Name that should be used for this Ingress + # className: + + ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. + ## This can be set to `ingress-nginx`. + # controllerType: + + ## HTTPRoute specific configuration + HTTPRoute: {} + ## List of existing Gateway parent refs to connect the routes to. + ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference + # existingGateways: {} ## Labels to add to all manifest for this component labels: {} ## Defines the annotations to add to the workload @@ -1407,12 +1460,14 @@ elementWeb: ## What hostname should be used for this Ingress # host: + ## Should we generate this Ingress resource + enabled: true + ## What type of ingress resource should be used (Ingress, HTTPRoute) + type: Ingress + ## Annotations to be added to this Ingress annotations: {} - ## What Ingress Class Name that should be used for this Ingress - # className: - ## Disable TLS configuration by setting it to false tlsEnabled: true @@ -1429,9 +1484,21 @@ elementWeb: # # External IPs addresses of this service. # externalIPs: [] service: {} - ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. - ## This can be set to `ingress-nginx`. - # controllerType: + + ## Ingress specific configuration + Ingress: {} + ## What Ingress Class Name that should be used for this Ingress + # className: + + ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. + ## This can be set to `ingress-nginx`. + # controllerType: + + ## HTTPRoute specific configuration + HTTPRoute: {} + ## List of existing Gateway parent refs to connect the routes to. + ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference + # existingGateways: {} ## Labels to add to all manifest for this component labels: {} ## Defines the annotations to add to the workload @@ -1952,12 +2019,14 @@ hookshot: ## What hostname should be used for this Ingress # host: + ## Should we generate this Ingress resource + enabled: true + ## What type of ingress resource should be used (Ingress, HTTPRoute) + type: Ingress + ## Annotations to be added to this Ingress annotations: {} - ## What Ingress Class Name that should be used for this Ingress - # className: - ## Disable TLS configuration by setting it to false tlsEnabled: true @@ -1974,9 +2043,21 @@ hookshot: # # External IPs addresses of this service. # externalIPs: [] service: {} - ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. - ## This can be set to `ingress-nginx`. - # controllerType: + + ## Ingress specific configuration + Ingress: {} + ## What Ingress Class Name that should be used for this Ingress + # className: + + ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. + ## This can be set to `ingress-nginx`. + # controllerType: + + ## HTTPRoute specific configuration + HTTPRoute: {} + ## List of existing Gateway parent refs to connect the routes to. + ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference + # existingGateways: {} ## Additional configuration to provide to Hookshot. ## You can, if you whish, override it in the additional config. @@ -2402,12 +2483,14 @@ matrixAuthenticationService: ## What hostname should be used for this Ingress # host: + ## Should we generate this Ingress resource + enabled: true + ## What type of ingress resource should be used (Ingress, HTTPRoute) + type: Ingress + ## Annotations to be added to this Ingress annotations: {} - ## What Ingress Class Name that should be used for this Ingress - # className: - ## Disable TLS configuration by setting it to false tlsEnabled: true @@ -2424,9 +2507,21 @@ matrixAuthenticationService: # # External IPs addresses of this service. # externalIPs: [] service: {} - ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. - ## This can be set to `ingress-nginx`. - # controllerType: + + ## Ingress specific configuration + Ingress: {} + ## What Ingress Class Name that should be used for this Ingress + # className: + + ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. + ## This can be set to `ingress-nginx`. + # controllerType: + + ## HTTPRoute specific configuration + HTTPRoute: {} + ## List of existing Gateway parent refs to connect the routes to. + ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference + # existingGateways: {} ## Kubernetes resources to allocate to each instance. resources: @@ -4947,12 +5042,14 @@ synapse: ## What hostname should be used for this Ingress # host: + ## Should we generate this Ingress resource + enabled: true + ## What type of ingress resource should be used (Ingress, HTTPRoute) + type: Ingress + ## Annotations to be added to this Ingress annotations: {} - ## What Ingress Class Name that should be used for this Ingress - # className: - ## Disable TLS configuration by setting it to false tlsEnabled: true @@ -4969,9 +5066,21 @@ synapse: # # External IPs addresses of this service. # externalIPs: [] service: {} - ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. - ## This can be set to `ingress-nginx`. - # controllerType: + + ## Ingress specific configuration + Ingress: {} + ## What Ingress Class Name that should be used for this Ingress + # className: + + ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. + ## This can be set to `ingress-nginx`. + # controllerType: + + ## HTTPRoute specific configuration + HTTPRoute: {} + ## List of existing Gateway parent refs to connect the routes to. + ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference + # existingGateways: {} ## Labels to add to all manifest for this component labels: {} ## Defines the annotations to add to the workload @@ -5186,12 +5295,14 @@ wellKnownDelegation: ## What hostname should be used for this Ingress # host: + ## Should we generate this Ingress resource + enabled: true + ## What type of ingress resource should be used (Ingress, HTTPRoute) + type: Ingress + ## Annotations to be added to this Ingress annotations: {} - ## What Ingress Class Name that should be used for this Ingress - # className: - ## Disable TLS configuration by setting it to false tlsEnabled: true @@ -5208,9 +5319,21 @@ wellKnownDelegation: # # External IPs addresses of this service. # externalIPs: [] service: {} - ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. - ## This can be set to `ingress-nginx`. - # controllerType: + + ## Ingress specific configuration + Ingress: {} + ## What Ingress Class Name that should be used for this Ingress + # className: + + ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. + ## This can be set to `ingress-nginx`. + # controllerType: + + ## HTTPRoute specific configuration + HTTPRoute: {} + ## List of existing Gateway parent refs to connect the routes to. + ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference + # existingGateways: {} ## If ElementWeb is deployed, the base domain will redirect to it's ingress host by default ## If ElementWeb is not deployed or this is disabled, no base domain URL redirect will be set. From de5860392024ff44dcc1fd84b61e3a8eb0322945 Mon Sep 17 00:00:00 2001 From: Joshua Hassler Date: Wed, 18 Feb 2026 17:16:56 -0500 Subject: [PATCH 2/5] update license headers --- charts/matrix-stack/templates/element-admin/httproute.yaml | 3 +++ charts/matrix-stack/templates/element-web/httproute.yaml | 3 +++ charts/matrix-stack/templates/gateway/_helpers.tpl | 3 +++ charts/matrix-stack/templates/gateway/gateway.yaml | 3 +++ charts/matrix-stack/templates/hookshot/hookshot_httproute.yaml | 3 +++ .../templates/matrix-authentication-service/httproute.yaml | 3 +++ charts/matrix-stack/templates/matrix-rtc/httproute.yaml | 3 +++ charts/matrix-stack/templates/synapse/synapse_httproute.yaml | 3 +++ charts/matrix-stack/templates/well-known/httproute.yaml | 3 +++ 9 files changed, 27 insertions(+) diff --git a/charts/matrix-stack/templates/element-admin/httproute.yaml b/charts/matrix-stack/templates/element-admin/httproute.yaml index d08e819b7..24db65e14 100644 --- a/charts/matrix-stack/templates/element-admin/httproute.yaml +++ b/charts/matrix-stack/templates/element-admin/httproute.yaml @@ -1,4 +1,7 @@ {{- /* +Copyright 2026 New Vector Ltd +Copyright 2026 Element Creations Ltd + SPDX-License-Identifier: AGPL-3.0-only */ -}} {{- with .Values.elementAdmin -}} diff --git a/charts/matrix-stack/templates/element-web/httproute.yaml b/charts/matrix-stack/templates/element-web/httproute.yaml index 0e99ca554..8f35035bb 100644 --- a/charts/matrix-stack/templates/element-web/httproute.yaml +++ b/charts/matrix-stack/templates/element-web/httproute.yaml @@ -1,4 +1,7 @@ {{- /* +Copyright 2026 New Vector Ltd +Copyright 2026 Element Creations Ltd + SPDX-License-Identifier: AGPL-3.0-only */ -}} {{- with .Values.elementWeb -}} diff --git a/charts/matrix-stack/templates/gateway/_helpers.tpl b/charts/matrix-stack/templates/gateway/_helpers.tpl index 4a0ccefdd..9947cc0d1 100644 --- a/charts/matrix-stack/templates/gateway/_helpers.tpl +++ b/charts/matrix-stack/templates/gateway/_helpers.tpl @@ -1,4 +1,7 @@ {{- /* +Copyright 2026 New Vector Ltd +Copyright 2026 Element Creations Ltd + SPDX-License-Identifier: AGPL-3.0-only */ -}} {{- define "element-io.gateway.tlsConfig" -}} diff --git a/charts/matrix-stack/templates/gateway/gateway.yaml b/charts/matrix-stack/templates/gateway/gateway.yaml index d6623b14e..27398fca0 100644 --- a/charts/matrix-stack/templates/gateway/gateway.yaml +++ b/charts/matrix-stack/templates/gateway/gateway.yaml @@ -1,4 +1,7 @@ {{- /* +Copyright 2026 New Vector Ltd +Copyright 2026 Element Creations Ltd + SPDX-License-Identifier: AGPL-3.0-only */ -}} {{- if and .Values.ingress.gateway .Values.ingress.gateway.create }} diff --git a/charts/matrix-stack/templates/hookshot/hookshot_httproute.yaml b/charts/matrix-stack/templates/hookshot/hookshot_httproute.yaml index 5c813f39e..db68b98ed 100644 --- a/charts/matrix-stack/templates/hookshot/hookshot_httproute.yaml +++ b/charts/matrix-stack/templates/hookshot/hookshot_httproute.yaml @@ -1,4 +1,7 @@ {{- /* +Copyright 2026 New Vector Ltd +Copyright 2026 Element Creations Ltd + SPDX-License-Identifier: AGPL-3.0-only */ -}} {{- with $.Values.hookshot -}} diff --git a/charts/matrix-stack/templates/matrix-authentication-service/httproute.yaml b/charts/matrix-stack/templates/matrix-authentication-service/httproute.yaml index 6b17fd446..5d741ed7d 100644 --- a/charts/matrix-stack/templates/matrix-authentication-service/httproute.yaml +++ b/charts/matrix-stack/templates/matrix-authentication-service/httproute.yaml @@ -1,4 +1,7 @@ {{- /* +Copyright 2026 New Vector Ltd +Copyright 2026 Element Creations Ltd + SPDX-License-Identifier: AGPL-3.0-only */ -}} {{- with .Values.matrixAuthenticationService -}} diff --git a/charts/matrix-stack/templates/matrix-rtc/httproute.yaml b/charts/matrix-stack/templates/matrix-rtc/httproute.yaml index dd2365988..e64548bb2 100644 --- a/charts/matrix-stack/templates/matrix-rtc/httproute.yaml +++ b/charts/matrix-stack/templates/matrix-rtc/httproute.yaml @@ -1,4 +1,7 @@ {{- /* +Copyright 2026 New Vector Ltd +Copyright 2026 Element Creations Ltd + SPDX-License-Identifier: AGPL-3.0-only */ -}} {{- with .Values.matrixRTC -}} diff --git a/charts/matrix-stack/templates/synapse/synapse_httproute.yaml b/charts/matrix-stack/templates/synapse/synapse_httproute.yaml index e4caaebd9..2eae845b2 100644 --- a/charts/matrix-stack/templates/synapse/synapse_httproute.yaml +++ b/charts/matrix-stack/templates/synapse/synapse_httproute.yaml @@ -1,4 +1,7 @@ {{- /* +Copyright 2026 New Vector Ltd +Copyright 2026 Element Creations Ltd + SPDX-License-Identifier: AGPL-3.0-only */ -}} {{- with $.Values.synapse -}} diff --git a/charts/matrix-stack/templates/well-known/httproute.yaml b/charts/matrix-stack/templates/well-known/httproute.yaml index 12944b7dc..e652bc59e 100644 --- a/charts/matrix-stack/templates/well-known/httproute.yaml +++ b/charts/matrix-stack/templates/well-known/httproute.yaml @@ -1,4 +1,7 @@ {{- /* +Copyright 2026 New Vector Ltd +Copyright 2026 Element Creations Ltd + SPDX-License-Identifier: AGPL-3.0-only */ -}} {{- with $.Values.wellKnownDelegation -}} From 300c821b9a8cc127fcd54f4f163938e48e463d61 Mon Sep 17 00:00:00 2001 From: Joshua Hassler Date: Wed, 18 Feb 2026 18:14:21 -0500 Subject: [PATCH 3/5] only default set ingress type on global --- .../source/common/sub_schema_values.yaml.j2 | 2 +- charts/matrix-stack/values.yaml | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/matrix-stack/source/common/sub_schema_values.yaml.j2 b/charts/matrix-stack/source/common/sub_schema_values.yaml.j2 index 28ad4c10c..6a72c80e4 100644 --- a/charts/matrix-stack/source/common/sub_schema_values.yaml.j2 +++ b/charts/matrix-stack/source/common/sub_schema_values.yaml.j2 @@ -170,7 +170,7 @@ networking: ## Should we generate {{ 'any' if global else 'this' }} Ingress {{ 'resources' if global else 'resource' }} enabled: true ## What type of ingress resource should be used (Ingress, HTTPRoute) - type: Ingress + {{ '# ' if not global }}type: Ingress ## Annotations to be added to {{ 'all Ingresses. Will be merged with component specific Ingress annotations' if global else 'this Ingress' }} annotations: {} diff --git a/charts/matrix-stack/values.yaml b/charts/matrix-stack/values.yaml index ff5c72bae..1f7dc447c 100644 --- a/charts/matrix-stack/values.yaml +++ b/charts/matrix-stack/values.yaml @@ -506,7 +506,7 @@ matrixRTC: ## Should we generate this Ingress resource enabled: true ## What type of ingress resource should be used (Ingress, HTTPRoute) - type: Ingress + # type: Ingress ## Annotations to be added to this Ingress annotations: {} @@ -1187,7 +1187,7 @@ elementAdmin: ## Should we generate this Ingress resource enabled: true ## What type of ingress resource should be used (Ingress, HTTPRoute) - type: Ingress + # type: Ingress ## Annotations to be added to this Ingress annotations: {} @@ -1463,7 +1463,7 @@ elementWeb: ## Should we generate this Ingress resource enabled: true ## What type of ingress resource should be used (Ingress, HTTPRoute) - type: Ingress + # type: Ingress ## Annotations to be added to this Ingress annotations: {} @@ -2022,7 +2022,7 @@ hookshot: ## Should we generate this Ingress resource enabled: true ## What type of ingress resource should be used (Ingress, HTTPRoute) - type: Ingress + # type: Ingress ## Annotations to be added to this Ingress annotations: {} @@ -2486,7 +2486,7 @@ matrixAuthenticationService: ## Should we generate this Ingress resource enabled: true ## What type of ingress resource should be used (Ingress, HTTPRoute) - type: Ingress + # type: Ingress ## Annotations to be added to this Ingress annotations: {} @@ -5045,7 +5045,7 @@ synapse: ## Should we generate this Ingress resource enabled: true ## What type of ingress resource should be used (Ingress, HTTPRoute) - type: Ingress + # type: Ingress ## Annotations to be added to this Ingress annotations: {} @@ -5298,7 +5298,7 @@ wellKnownDelegation: ## Should we generate this Ingress resource enabled: true ## What type of ingress resource should be used (Ingress, HTTPRoute) - type: Ingress + # type: Ingress ## Annotations to be added to this Ingress annotations: {} From 104e332ddfcb67e4528e336e69f53d6db067caf5 Mon Sep 17 00:00:00 2001 From: Joshua Hassler Date: Wed, 25 Feb 2026 23:03:19 -0500 Subject: [PATCH 4/5] move gateway to global config --- .../source/common/ingress_global.json | 18 -------- .../source/common/sub_schema_values.yaml.j2 | 28 ++++++------ charts/matrix-stack/source/values.schema.json | 25 +++++++++++ charts/matrix-stack/values.schema.json | 45 +++++++++++-------- charts/matrix-stack/values.yaml | 25 ++++++----- 5 files changed, 80 insertions(+), 61 deletions(-) diff --git a/charts/matrix-stack/source/common/ingress_global.json b/charts/matrix-stack/source/common/ingress_global.json index 1c4c10002..72df8e4fd 100644 --- a/charts/matrix-stack/source/common/ingress_global.json +++ b/charts/matrix-stack/source/common/ingress_global.json @@ -54,24 +54,6 @@ } } }, - "gateway": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "default": false - }, - "className": { - "type": "string" - }, - "annotations": { - "type": "object", - "additionalProperties": { - "type": "string" - } - } - } - }, "annotations": { "type": "object", "additionalProperties": { diff --git a/charts/matrix-stack/source/common/sub_schema_values.yaml.j2 b/charts/matrix-stack/source/common/sub_schema_values.yaml.j2 index 6a72c80e4..25dff6990 100644 --- a/charts/matrix-stack/source/common/sub_schema_values.yaml.j2 +++ b/charts/matrix-stack/source/common/sub_schema_values.yaml.j2 @@ -54,6 +54,21 @@ clusterDomain: "cluster.local." networking: ## Whether components should attempt to bind IPv4 (ipv4) /IPv6 (ipv6) / both (dual-stack) ipFamily: dual-stack + +## Gateway configuration options +gateway: + ## Create a default gateway for all routes + create: false + + ## Set the gateway class to use. If not set it will use the cluster default + # className: "" + + ## Additional annotations to add to the gateway resource + annotations: {} + +## Set the default inbound traffic handler type. Options are ingress | routes | none +inboundTrafficHandler: ingress + {%- endmacro %} {% macro containersSecurityContext(key='containersSecurityContext') %} @@ -217,19 +232,6 @@ networking: ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference # existingGateways: {} - {%- if global %} - - ## Configuration for the generated Gateway - gateway: - ## Should we generate a Gateway resource for the HTTPRoutes - create: false - - ## Gateway controller class name to use - # className: "" - - ## Additional annotations for the Gateway - annotations: {} - {%- endif %} {%- endmacro %} {% macro labels(global=false, key='labels') %} diff --git a/charts/matrix-stack/source/values.schema.json b/charts/matrix-stack/source/values.schema.json index f0a6f2799..c7a745945 100644 --- a/charts/matrix-stack/source/values.schema.json +++ b/charts/matrix-stack/source/values.schema.json @@ -101,6 +101,31 @@ } } }, + "gateway": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + }, + "className": { + "type": "string" + }, + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + } + }, + "inboundTrafficHandler": { + "type": "string", + "enum": [ + "ingress", + "routes", + "none" + ] + }, "deploymentMarkers": { "$ref": "file://deployment-markers.json" }, diff --git a/charts/matrix-stack/values.schema.json b/charts/matrix-stack/values.schema.json index cc691a076..9ddc33044 100644 --- a/charts/matrix-stack/values.schema.json +++ b/charts/matrix-stack/values.schema.json @@ -230,25 +230,6 @@ }, "additionalProperties": false }, - "gateway": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "default": false - }, - "className": { - "type": "string" - }, - "annotations": { - "type": "object", - "additionalProperties": { - "type": "string" - } - } - }, - "additionalProperties": false - }, "annotations": { "type": "object", "additionalProperties": { @@ -451,6 +432,32 @@ }, "additionalProperties": false }, + "gateway": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + }, + "className": { + "type": "string" + }, + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "inboundTrafficHandler": { + "type": "string", + "enum": [ + "ingress", + "routes", + "none" + ] + }, "deploymentMarkers": { "$id": "file://deployment-markers", "$schema": "https://json-schema.org/draft/2020-12/schema", diff --git a/charts/matrix-stack/values.yaml b/charts/matrix-stack/values.yaml index 1f7dc447c..3e756a2ef 100644 --- a/charts/matrix-stack/values.yaml +++ b/charts/matrix-stack/values.yaml @@ -91,17 +91,6 @@ ingress: ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference # existingGateways: {} - ## Configuration for the generated Gateway - gateway: - ## Should we generate a Gateway resource for the HTTPRoutes - create: false - - ## Gateway controller class name to use - # className: "" - - ## Additional annotations for the Gateway - annotations: {} - ## Common image properties that are applied as defaults to all components. image: ## The pullPolicy to use for all images. This overrides the pullPolicy used by the templates @@ -160,6 +149,20 @@ networking: ## Whether components should attempt to bind IPv4 (ipv4) /IPv6 (ipv6) / both (dual-stack) ipFamily: dual-stack +## Gateway configuration options +gateway: + ## Create a default gateway for all routes + create: false + + ## Set the gateway class to use. If not set it will use the cluster default + # className: "" + + ## Additional annotations to add to the gateway resource + annotations: {} + +## Set the default inbound traffic handler type. Options are ingress | routes | none +inboundTrafficHandler: ingress + ## Components initSecrets: enabled: true From 162464b66d8be7451e0561e569b13485858e05dc Mon Sep 17 00:00:00 2001 From: Joshua Hassler Date: Thu, 26 Feb 2026 00:05:08 -0500 Subject: [PATCH 5/5] move to sep routes --- .../matrix-stack/source/common/ingress.json | 55 +- .../source/common/ingress_global.json | 62 +- .../source/common/ingress_without_host.json | 55 +- charts/matrix-stack/source/common/routes.json | 41 + .../source/common/routes_global.json | 72 + .../source/common/routes_without_host.json | 38 + .../source/common/sub_schema_values.yaml.j2 | 70 +- charts/matrix-stack/source/element-admin.json | 11 + .../matrix-stack/source/element-admin.yaml.j2 | 1 + charts/matrix-stack/source/element-web.json | 11 + .../matrix-stack/source/element-web.yaml.j2 | 1 + charts/matrix-stack/source/hookshot.json | 11 + charts/matrix-stack/source/hookshot.yaml.j2 | 1 + charts/matrix-stack/source/matrix-rtc.json | 11 + charts/matrix-stack/source/matrix-rtc.yaml.j2 | 1 + .../source/matrixAuthenticationService.json | 11 + .../matrixAuthenticationService.yaml.j2 | 1 + charts/matrix-stack/source/synapse.json | 11 + charts/matrix-stack/source/synapse.yaml.j2 | 1 + .../ingress_with_additional_paths.json | 55 +- .../synapse/routes_with_additional_paths.json | 111 ++ charts/matrix-stack/source/values.schema.json | 3 + .../source/wellKnownDelegation.json | 11 + .../source/wellKnownDelegation.yaml.j2 | 1 + charts/matrix-stack/values.schema.json | 1243 +++++++++++------ charts/matrix-stack/values.yaml | 388 +++-- 26 files changed, 1539 insertions(+), 738 deletions(-) create mode 100644 charts/matrix-stack/source/common/routes.json create mode 100644 charts/matrix-stack/source/common/routes_global.json create mode 100644 charts/matrix-stack/source/common/routes_without_host.json create mode 100644 charts/matrix-stack/source/synapse/routes_with_additional_paths.json diff --git a/charts/matrix-stack/source/common/ingress.json b/charts/matrix-stack/source/common/ingress.json index 0fdb45a9f..2f055cb73 100644 --- a/charts/matrix-stack/source/common/ingress.json +++ b/charts/matrix-stack/source/common/ingress.json @@ -1,52 +1,6 @@ { "type": "object", "properties": { - "enabled": { - "type": "boolean" - }, - "type": { - "type": "string", - "enum": [ - "HTTPRoute", - "Ingress" - ] - }, - "HTTPRoute": { - "type": "object", - "properties": { - "existingGateways": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { "type": "string" }, - "namespace": { "type": "string" }, - "group": { "type": "string" }, - "kind": { "type": "string" }, - "sectionName": { "type": "string" }, - "port": { "type": "integer" } - } - } - } - } - }, - "Ingress": { - "type": "object", - "properties": { - "className": { - "type": "string" - }, - "controllerType": { - "type": "string", - "enum": [ - "ingress-nginx" - ] - } - } - }, "annotations": { "type": "object", "additionalProperties": { @@ -59,12 +13,21 @@ "host": { "type": "string" }, + "className": { + "type": "string" + }, "tlsEnabled": { "type": "boolean" }, "tlsSecret": { "type": "string" }, + "controllerType": { + "type": "string", + "enum": [ + "ingress-nginx" + ] + }, "service": { "$ref": "file://common/service.json" } diff --git a/charts/matrix-stack/source/common/ingress_global.json b/charts/matrix-stack/source/common/ingress_global.json index 72df8e4fd..edb1c228d 100644 --- a/charts/matrix-stack/source/common/ingress_global.json +++ b/charts/matrix-stack/source/common/ingress_global.json @@ -1,71 +1,27 @@ { "type": "object", - "required": [ - "enabled", - "type" - ], "properties": { - "enabled": { - "type": "boolean", - "default": true - }, - "type": { - "type": "string", - "enum": [ - "HTTPRoute", - "Ingress" - ], - "default": "Ingress" - }, - "HTTPRoute": { - "type": "object", - "properties": { - "existingGateways": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { "type": "string" }, - "namespace": { "type": "string" }, - "group": { "type": "string" }, - "kind": { "type": "string" }, - "sectionName": { "type": "string" }, - "port": { "type": "integer" } - } - }, - "minItems": 1 - } - } - }, - "Ingress": { - "type": "object", - "properties": { - "className": { - "type": "string" - }, - "controllerType": { - "type": "string", - "enum": [ - "ingress-nginx" - ] - } - } - }, "annotations": { "type": "object", "additionalProperties": { "type": "string" } }, + "className": { + "type": "string" + }, "tlsEnabled": { "type": "boolean" }, "tlsSecret": { "type": "string" }, + "controllerType": { + "type": "string", + "enum": [ + "ingress-nginx" + ] + }, "service": { "type": "object", "required": [ diff --git a/charts/matrix-stack/source/common/ingress_without_host.json b/charts/matrix-stack/source/common/ingress_without_host.json index 8a35e9a0d..8ea0aab31 100644 --- a/charts/matrix-stack/source/common/ingress_without_host.json +++ b/charts/matrix-stack/source/common/ingress_without_host.json @@ -1,52 +1,6 @@ { "type": "object", "properties": { - "enabled": { - "type": "boolean" - }, - "type": { - "type": "string", - "enum": [ - "HTTPRoute", - "Ingress" - ] - }, - "HTTPRoute": { - "type": "object", - "properties": { - "existingGateways": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { "type": "string" }, - "namespace": { "type": "string" }, - "group": { "type": "string" }, - "kind": { "type": "string" }, - "sectionName": { "type": "string" }, - "port": { "type": "integer" } - } - } - } - } - }, - "Ingress": { - "type": "object", - "properties": { - "className": { - "type": "string" - }, - "controllerType": { - "type": "string", - "enum": [ - "ingress-nginx" - ] - } - } - }, "annotations": { "type": "object", "additionalProperties": { @@ -56,12 +10,21 @@ ] } }, + "className": { + "type": "string" + }, "tlsEnabled": { "type": "boolean" }, "tlsSecret": { "type": "string" }, + "controllerType": { + "type": "string", + "enum": [ + "ingress-nginx" + ] + }, "service": { "$ref": "file://common/service.json" } diff --git a/charts/matrix-stack/source/common/routes.json b/charts/matrix-stack/source/common/routes.json new file mode 100644 index 000000000..86a5cde97 --- /dev/null +++ b/charts/matrix-stack/source/common/routes.json @@ -0,0 +1,41 @@ +{ + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { "type": "string" }, + "namespace": { "type": "string" }, + "group": { "type": "string" }, + "kind": { "type": "string" }, + "sectionName": { "type": "string" }, + "port": { "type": "integer" } + } + }, + "minItems": 1 + }, + "host": { + "type": "string" + }, + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tlsEnabled": { + "type": "boolean" + }, + "tlsSecret": { + "type": "string" + }, + "service": { + "$ref": "file://common/service.json" + } + } +} diff --git a/charts/matrix-stack/source/common/routes_global.json b/charts/matrix-stack/source/common/routes_global.json new file mode 100644 index 000000000..320cea980 --- /dev/null +++ b/charts/matrix-stack/source/common/routes_global.json @@ -0,0 +1,72 @@ +{ + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { "type": "string" }, + "namespace": { "type": "string" }, + "group": { "type": "string" }, + "kind": { "type": "string" }, + "sectionName": { "type": "string" }, + "port": { "type": "integer" } + } + }, + "minItems": 1 + }, + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tlsEnabled": { + "type": "boolean" + }, + "tlsSecret": { + "type": "string" + }, + "service": { + "type": "object", + "required": [ + "type", + "internalTrafficPolicy" + ], + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "type": { + "type": "string", + "enum": [ + "ClusterIP", + "NodePort", + "LoadBalancer" + ] + }, + "internalTrafficPolicy": { + "type": "string", + "enum": [ + "Cluster", + "Local" + ] + }, + "externalTrafficPolicy": { + "type": "string", + "enum": [ + "Cluster", + "Local" + ] + } + } + } + } +} diff --git a/charts/matrix-stack/source/common/routes_without_host.json b/charts/matrix-stack/source/common/routes_without_host.json new file mode 100644 index 000000000..cf70532c3 --- /dev/null +++ b/charts/matrix-stack/source/common/routes_without_host.json @@ -0,0 +1,38 @@ +{ + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { "type": "string" }, + "namespace": { "type": "string" }, + "group": { "type": "string" }, + "kind": { "type": "string" }, + "sectionName": { "type": "string" }, + "port": { "type": "integer" } + } + }, + "minItems": 1 + }, + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tlsEnabled": { + "type": "boolean" + }, + "tlsSecret": { + "type": "string" + }, + "service": { + "$ref": "file://common/service.json" + } + } +} diff --git a/charts/matrix-stack/source/common/sub_schema_values.yaml.j2 b/charts/matrix-stack/source/common/sub_schema_values.yaml.j2 index 25dff6990..ba529ce20 100644 --- a/charts/matrix-stack/source/common/sub_schema_values.yaml.j2 +++ b/charts/matrix-stack/source/common/sub_schema_values.yaml.j2 @@ -28,6 +28,7 @@ certManager: {} # serverName: ess.localhost {{ labels(global=true) }} {{ ingress(global=true) }} +{{ routes(global=true, withHost=false) }} ## Common image properties that are applied as defaults to all components. image: @@ -182,11 +183,6 @@ inboundTrafficHandler: ingress ## What hostname should be used for this Ingress # host: {% endif %} - ## Should we generate {{ 'any' if global else 'this' }} Ingress {{ 'resources' if global else 'resource' }} - enabled: true - ## What type of ingress resource should be used (Ingress, HTTPRoute) - {{ '# ' if not global }}type: Ingress - ## Annotations to be added to {{ 'all Ingresses. Will be merged with component specific Ingress annotations' if global else 'this Ingress' }} annotations: {} @@ -217,23 +213,63 @@ inboundTrafficHandler: ingress service: {} {%- endif %} - ## Ingress specific configuration - Ingress: {} - ## What Ingress Class Name that should be used for {{ 'all Ingresses by default' if global else 'this Ingress' }} - # className: + ## What Ingress Class Name that should be used for {{ 'all Ingresses by default' if global else 'this Ingress' }} + # className: - ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. - ## This can be set to `ingress-nginx`. - # controllerType: + ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. + ## This can be set to `ingress-nginx`. + # controllerType: - ## HTTPRoute specific configuration - HTTPRoute: {} - ## List of existing Gateway parent refs to connect the routes to. - ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference - # existingGateways: {} {%- endmacro %} +{% macro routes(global=false, withHost=true, key='routes') %} +{%- if global %} +## How all routes should be constructed by default, unless overridden +{%- else %} +## How this component's routes should be constructed +{%- endif %} +{{ key }}: +{%- if withHost %} + ## What hostname should be used for this component + # host: +{% endif %} + ## Annotations to be added to {{ 'all routes. Will be merged with component specific route annotations' if global else 'this route' }} + annotations: {} + + ## Disable TLS configuration by setting it to false + tlsEnabled: true + + ## The name of the Secret containing the TLS certificate and the key that should be used for {{ 'all routes by default' if global else 'this route' }} + # tlsSecret: + + ## How the {{ 'Services' if global else 'Service' }} behind {{ 'all routes' if global else 'this route' }} is constructed{{ ' by default' if global else '' }} +{%- if global %} + service: + type: ClusterIP + ## Annotations to be added to {{ 'all routes services. Will be merged with component specific route services annotations' if global else 'this route' }} + annotations: {} + # External traffic policy will be configured on services of type `NodePort` and `LoadBalancer` + externalTrafficPolicy: Cluster + internalTrafficPolicy: Cluster +{%- else %} + # service: + # type: ClusterIP + # annotations: {} + # # External traffic policy will be configured on services of type `NodePort` and `LoadBalancer` + # externalTrafficPolicy: Cluster + # internalTrafficPolicy: Cluster + # # External IPs addresses of this service. + # externalIPs: [] + service: {} +{%- endif %} + + ## List of existing Gateway parent refs to connect the routes to. + ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference + # existingGateways: {} + +{%- endmacro %} + {% macro labels(global=false, key='labels') %} ## Labels to add to all manifest {{ 'for all components in this chart' if global else 'for this component' }} {{ key }}: {} diff --git a/charts/matrix-stack/source/element-admin.json b/charts/matrix-stack/source/element-admin.json index 9d4f3dee3..087722fa5 100644 --- a/charts/matrix-stack/source/element-admin.json +++ b/charts/matrix-stack/source/element-admin.json @@ -10,12 +10,23 @@ "minimum": 1, "type": "integer" }, + "inboundTrafficHandler": { + "type": "string", + "enum": [ + "ingress", + "routes", + "none" + ] + }, "image": { "$ref": "file://common/image.json" }, "ingress": { "$ref": "file://common/ingress.json" }, + "routes": { + "$ref": "file://common/routes.json" + }, "labels": { "$ref": "file://common/labels.json" }, diff --git a/charts/matrix-stack/source/element-admin.yaml.j2 b/charts/matrix-stack/source/element-admin.yaml.j2 index b782adaa2..bc69a8fb4 100644 --- a/charts/matrix-stack/source/element-admin.yaml.j2 +++ b/charts/matrix-stack/source/element-admin.yaml.j2 @@ -14,6 +14,7 @@ enabled: true replicas: 1 {{- sub_schema_values.image(registry='oci.element.io', repository='element-admin', tag='0.1.10') -}} {{- sub_schema_values.ingress() -}} +{{- sub_schema_values.routes() -}} {{- sub_schema_values.labels() -}} {{- sub_schema_values.workloadAnnotations() -}} {{- sub_schema_values.extraEnv() -}} diff --git a/charts/matrix-stack/source/element-web.json b/charts/matrix-stack/source/element-web.json index 3a1844ada..5c9f7e294 100644 --- a/charts/matrix-stack/source/element-web.json +++ b/charts/matrix-stack/source/element-web.json @@ -16,6 +16,14 @@ "minimum": 1, "type": "integer" }, + "inboundTrafficHandler": { + "type": "string", + "enum": [ + "ingress", + "routes", + "none" + ] + }, "extraVolumes": { "$ref": "file://common/extraVolumes.json" }, @@ -31,6 +39,9 @@ "ingress": { "$ref": "file://common/ingress.json" }, + "routes": { + "$ref": "file://common/routes.json" + }, "labels": { "$ref": "file://common/labels.json" }, diff --git a/charts/matrix-stack/source/element-web.yaml.j2 b/charts/matrix-stack/source/element-web.yaml.j2 index 1a1659562..a40467113 100644 --- a/charts/matrix-stack/source/element-web.yaml.j2 +++ b/charts/matrix-stack/source/element-web.yaml.j2 @@ -22,6 +22,7 @@ additional: {} replicas: 1 {{- sub_schema_values.image(registry='oci.element.io', repository='element-web', tag='v1.12.12') -}} {{- sub_schema_values.ingress() -}} +{{- sub_schema_values.routes() -}} {{- sub_schema_values.labels() -}} {{- sub_schema_values.workloadAnnotations() -}} {{- sub_schema_values.extraEnv() -}} diff --git a/charts/matrix-stack/source/hookshot.json b/charts/matrix-stack/source/hookshot.json index e217bfad2..f2eaf1746 100644 --- a/charts/matrix-stack/source/hookshot.json +++ b/charts/matrix-stack/source/hookshot.json @@ -45,12 +45,23 @@ } } }, + "inboundTrafficHandler": { + "type": "string", + "enum": [ + "ingress", + "routes", + "none" + ] + }, "additional": { "$ref": "file://common/additional.json" }, "ingress": { "$ref": "file://common/ingress.json" }, + "routes": { + "$ref": "file://common/routes.json" + }, "image": { "$ref": "file://common/image.json" }, diff --git a/charts/matrix-stack/source/hookshot.yaml.j2 b/charts/matrix-stack/source/hookshot.yaml.j2 index 1cd7e6c50..491485d16 100644 --- a/charts/matrix-stack/source/hookshot.yaml.j2 +++ b/charts/matrix-stack/source/hookshot.yaml.j2 @@ -24,6 +24,7 @@ logging: {{ sub_schema_values.credential("Hookshot passkey used to encrypt stored tokens.", "passkey", initIfAbsent=True) }} {{ sub_schema_values.redis() }} {{ sub_schema_values.ingress() }} +{{ sub_schema_values.routes() }} ## Additional configuration to provide to Hookshot. ## You can, if you whish, override it in the additional config. diff --git a/charts/matrix-stack/source/matrix-rtc.json b/charts/matrix-stack/source/matrix-rtc.json index 95459794a..56cfd2572 100644 --- a/charts/matrix-stack/source/matrix-rtc.json +++ b/charts/matrix-stack/source/matrix-rtc.json @@ -47,6 +47,14 @@ } } }, + "inboundTrafficHandler": { + "type": "string", + "enum": [ + "ingress", + "routes", + "none" + ] + }, "replicas": { "type": "integer" }, @@ -68,6 +76,9 @@ "ingress": { "$ref": "file://common/ingress.json" }, + "routes": { + "$ref": "file://common/routes.json" + }, "labels": { "$ref": "file://common/labels.json" }, diff --git a/charts/matrix-stack/source/matrix-rtc.yaml.j2 b/charts/matrix-stack/source/matrix-rtc.yaml.j2 index 424c85355..f49c059c6 100644 --- a/charts/matrix-stack/source/matrix-rtc.yaml.j2 +++ b/charts/matrix-stack/source/matrix-rtc.yaml.j2 @@ -24,6 +24,7 @@ restrictRoomCreationToLocalUsers: true replicas: 1 {{- sub_schema_values.ingress() }} +{{- sub_schema_values.routes() }} {{- sub_schema_values.image(registry='ghcr.io', repository='element-hq/lk-jwt-service', tag='0.4.1') }} {{- sub_schema_values.labels() }} {{- sub_schema_values.workloadAnnotations() }} diff --git a/charts/matrix-stack/source/matrixAuthenticationService.json b/charts/matrix-stack/source/matrixAuthenticationService.json index 340577cb5..cc822da58 100644 --- a/charts/matrix-stack/source/matrixAuthenticationService.json +++ b/charts/matrix-stack/source/matrixAuthenticationService.json @@ -96,9 +96,20 @@ } } }, + "inboundTrafficHandler": { + "type": "string", + "enum": [ + "ingress", + "routes", + "none" + ] + }, "ingress": { "$ref": "file://common/ingress.json" }, + "routes": { + "$ref": "file://common/routes.json" + }, "image": { "$ref": "file://common/image.json" }, diff --git a/charts/matrix-stack/source/matrixAuthenticationService.yaml.j2 b/charts/matrix-stack/source/matrixAuthenticationService.yaml.j2 index eeae697de..c9f96fe4f 100644 --- a/charts/matrix-stack/source/matrixAuthenticationService.yaml.j2 +++ b/charts/matrix-stack/source/matrixAuthenticationService.yaml.j2 @@ -27,6 +27,7 @@ privateKeys: {{ sub_schema_values.credential("ECDSA Secp384r1 Private Key", "ecdsaSecp384r1") | indent(2) }} {{ sub_schema_values.ingress() }} +{{ sub_schema_values.routes() }} {{ sub_schema_values.resources(requests_memory='50Mi', requests_cpu='50m', limits_memory='350Mi') }} {{ sub_schema_values.labels() }} {{ sub_schema_values.serviceAccount() }} diff --git a/charts/matrix-stack/source/synapse.json b/charts/matrix-stack/source/synapse.json index ef538b47c..e8741e8a3 100644 --- a/charts/matrix-stack/source/synapse.json +++ b/charts/matrix-stack/source/synapse.json @@ -133,9 +133,20 @@ "type": "string" } }, + "inboundTrafficHandler": { + "type": "string", + "enum": [ + "ingress", + "routes", + "none" + ] + }, "ingress": { "$ref": "file://synapse/ingress_with_additional_paths.json" }, + "routes": { + "$ref": "file://synapse/routes_with_additional_paths.json" + }, "image": { "$ref": "file://common/image.json" }, diff --git a/charts/matrix-stack/source/synapse.yaml.j2 b/charts/matrix-stack/source/synapse.yaml.j2 index 59cf6f730..5164b5d84 100644 --- a/charts/matrix-stack/source/synapse.yaml.j2 +++ b/charts/matrix-stack/source/synapse.yaml.j2 @@ -91,6 +91,7 @@ logging: {{- sub_schema_values.extraVolumeMounts("Synapse", with_context=true) }} {{- sub_schema_values.extraInitContainers("Synapse") }} {{- sub_schema_values.ingress() }} +{{- sub_schema_values.routes() }} {{- sub_schema_values.labels() }} {{- sub_schema_values.workloadAnnotations() }} {{- sub_schema_values.containersSecurityContext() }} diff --git a/charts/matrix-stack/source/synapse/ingress_with_additional_paths.json b/charts/matrix-stack/source/synapse/ingress_with_additional_paths.json index 2e14df852..ed7da656a 100644 --- a/charts/matrix-stack/source/synapse/ingress_with_additional_paths.json +++ b/charts/matrix-stack/source/synapse/ingress_with_additional_paths.json @@ -1,52 +1,6 @@ { "type": "object", "properties": { - "enabled": { - "type": "boolean" - }, - "type": { - "type": "string", - "enum": [ - "HTTPRoute", - "Ingress" - ] - }, - "HTTPRoute": { - "type": "object", - "properties": { - "existingGateways": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { "type": "string" }, - "namespace": { "type": "string" }, - "group": { "type": "string" }, - "kind": { "type": "string" }, - "sectionName": { "type": "string" }, - "port": { "type": "integer" } - } - } - } - } - }, - "Ingress": { - "type": "object", - "properties": { - "className": { - "type": "string" - }, - "controllerType": { - "type": "string", - "enum": [ - "ingress-nginx" - ] - } - } - }, "annotations": { "type": "object", "additionalProperties": { @@ -59,12 +13,21 @@ "host": { "type": "string" }, + "className": { + "type": "string" + }, "tlsEnabled": { "type": "boolean" }, "tlsSecret": { "type": "string" }, + "controllerType": { + "type": "string", + "enum": [ + "ingress-nginx" + ] + }, "service": { "$ref": "file://common/service.json" }, diff --git a/charts/matrix-stack/source/synapse/routes_with_additional_paths.json b/charts/matrix-stack/source/synapse/routes_with_additional_paths.json new file mode 100644 index 000000000..6b68a1208 --- /dev/null +++ b/charts/matrix-stack/source/synapse/routes_with_additional_paths.json @@ -0,0 +1,111 @@ +{ + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { "type": "string" }, + "namespace": { "type": "string" }, + "group": { "type": "string" }, + "kind": { "type": "string" }, + "sectionName": { "type": "string" }, + "port": { "type": "integer" } + } + } + }, + "annotations": { + "type": "object", + "additionalProperties": { + "type": [ + "string", + "null" + ] + } + }, + "host": { + "type": "string" + }, + "tlsEnabled": { + "type": "boolean" + }, + "tlsSecret": { + "type": "string" + }, + "service": { + "$ref": "file://common/service.json" + }, + "additionalPaths": { + "type": "array", + "items": { + "type": "object", + "required": [ + "path", + "availability" + ], + "properties": { + "path": { + "type": "string" + }, + "availability": { + "type": "string", + "enum": [ + "internally_and_externally", + "only_externally", + "blocked" + ] + }, + "service": { + "type": "object", + "required": [ + "name", + "port" + ], + "properties": { + "name": { + "type": "string" + }, + "port": { + "type": "object", + "oneOf": [ + { + "required": [ + "name" + ], + "not": { + "required": [ + "number" + ] + } + }, + { + "required": [ + "number" + ], + "not": { + "required": [ + "name" + ] + } + } + ], + "properties": { + "name": { + "type": "string" + }, + "number": { + "type": "integer" + } + } + } + } + } + } + } + } + } +} diff --git a/charts/matrix-stack/source/values.schema.json b/charts/matrix-stack/source/values.schema.json index c7a745945..f34aaad7e 100644 --- a/charts/matrix-stack/source/values.schema.json +++ b/charts/matrix-stack/source/values.schema.json @@ -79,6 +79,9 @@ "ingress": { "$ref": "file://common/ingress_global.json" }, + "routes": { + "$ref": "file://common/routes_global.json" + }, "tolerations": { "$ref": "file://common/tolerations.json" }, diff --git a/charts/matrix-stack/source/wellKnownDelegation.json b/charts/matrix-stack/source/wellKnownDelegation.json index 97f9070e9..dbb20ed62 100644 --- a/charts/matrix-stack/source/wellKnownDelegation.json +++ b/charts/matrix-stack/source/wellKnownDelegation.json @@ -6,9 +6,20 @@ "enabled": { "type": "boolean" }, + "inboundTrafficHandler": { + "type": "string", + "enum": [ + "ingress", + "routes", + "none" + ] + }, "ingress": { "$ref": "file://common/ingress_without_host.json" }, + "routes": { + "$ref": "file://common/routes_without_host.json" + }, "labels": { "$ref": "file://common/labels.json" }, diff --git a/charts/matrix-stack/source/wellKnownDelegation.yaml.j2 b/charts/matrix-stack/source/wellKnownDelegation.yaml.j2 index 86f7be980..62c57c08b 100644 --- a/charts/matrix-stack/source/wellKnownDelegation.yaml.j2 +++ b/charts/matrix-stack/source/wellKnownDelegation.yaml.j2 @@ -10,6 +10,7 @@ enabled: true {{ sub_schema_values.labels() }} {{ sub_schema_values.ingress() }} +{{ sub_schema_values.routes(withHost=false) }} ## If ElementWeb is deployed, the base domain will redirect to it's ingress host by default ## If ElementWeb is not deployed or this is disabled, no base domain URL redirect will be set. diff --git a/charts/matrix-stack/values.schema.json b/charts/matrix-stack/values.schema.json index 9ddc33044..79a3a2f6a 100644 --- a/charts/matrix-stack/values.schema.json +++ b/charts/matrix-stack/values.schema.json @@ -161,74 +161,102 @@ }, "ingress": { "type": "object", - "required": [ - "enabled", - "type" - ], "properties": { - "enabled": { - "type": "boolean", - "default": true + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "className": { + "type": "string" + }, + "tlsEnabled": { + "type": "boolean" + }, + "tlsSecret": { + "type": "string" }, - "type": { + "controllerType": { "type": "string", "enum": [ - "HTTPRoute", - "Ingress" - ], - "default": "Ingress" - }, - "HTTPRoute": { - "type": "object", - "properties": { - "existingGateways": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "group": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "sectionName": { - "type": "string" - }, - "port": { - "type": "integer" - } - }, - "additionalProperties": false - }, - "minItems": 1 - } - }, - "additionalProperties": false + "ingress-nginx" + ] }, - "Ingress": { + "service": { "type": "object", + "required": [ + "type", + "internalTrafficPolicy" + ], "properties": { - "className": { - "type": "string" + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } }, - "controllerType": { + "type": { "type": "string", "enum": [ - "ingress-nginx" + "ClusterIP", + "NodePort", + "LoadBalancer" + ] + }, + "internalTrafficPolicy": { + "type": "string", + "enum": [ + "Cluster", + "Local" + ] + }, + "externalTrafficPolicy": { + "type": "string", + "enum": [ + "Cluster", + "Local" ] } }, "additionalProperties": false + } + }, + "additionalProperties": false + }, + "routes": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "sectionName": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "minItems": 1 }, "annotations": { "type": "object", @@ -1392,6 +1420,14 @@ }, "additionalProperties": false }, + "inboundTrafficHandler": { + "type": "string", + "enum": [ + "ingress", + "routes", + "none" + ] + }, "replicas": { "type": "integer" }, @@ -1565,79 +1601,122 @@ "ingress": { "type": "object", "properties": { - "enabled": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": [ + "string", + "null" + ] + } + }, + "host": { + "type": "string" + }, + "className": { + "type": "string" + }, + "tlsEnabled": { "type": "boolean" }, - "type": { + "tlsSecret": { + "type": "string" + }, + "controllerType": { "type": "string", "enum": [ - "HTTPRoute", - "Ingress" + "ingress-nginx" ] }, - "HTTPRoute": { + "service": { "type": "object", "properties": { - "existingGateways": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "group": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "sectionName": { - "type": "string" - }, - "port": { - "type": "integer" - } - }, - "additionalProperties": false + "type": { + "type": "string", + "enum": [ + "ClusterIP", + "NodePort", + "LoadBalancer" + ] + }, + "annotations": { + "type": "object", + "additionalProperties": { + "type": [ + "string", + "null" + ] } - } - }, - "additionalProperties": false - }, - "Ingress": { - "type": "object", - "properties": { - "className": { - "type": "string" }, - "controllerType": { + "internalTrafficPolicy": { + "type": "string", + "enum": [ + "Cluster", + "Local" + ] + }, + "externalTrafficPolicy": { "type": "string", "enum": [ - "ingress-nginx" + "Cluster", + "Local" ] + }, + "externalIPs": { + "type": "array", + "items": { + "type": "string" + } } }, "additionalProperties": false + } + }, + "additionalProperties": false + }, + "routes": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "sectionName": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "minItems": 1 + }, + "host": { + "type": "string" }, "annotations": { "type": "object", "additionalProperties": { - "type": [ - "string", - "null" - ] + "type": "string" } }, - "host": { - "type": "string" - }, "tlsEnabled": { "type": "boolean" }, @@ -3176,6 +3255,14 @@ "minimum": 1, "type": "integer" }, + "inboundTrafficHandler": { + "type": "string", + "enum": [ + "ingress", + "routes", + "none" + ] + }, "image": { "type": "object", "required": [ @@ -3254,79 +3341,122 @@ "ingress": { "type": "object", "properties": { - "enabled": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": [ + "string", + "null" + ] + } + }, + "host": { + "type": "string" + }, + "className": { + "type": "string" + }, + "tlsEnabled": { "type": "boolean" }, - "type": { + "tlsSecret": { + "type": "string" + }, + "controllerType": { "type": "string", "enum": [ - "HTTPRoute", - "Ingress" + "ingress-nginx" ] }, - "HTTPRoute": { + "service": { "type": "object", "properties": { - "existingGateways": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "group": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "sectionName": { - "type": "string" - }, - "port": { - "type": "integer" - } - }, - "additionalProperties": false + "type": { + "type": "string", + "enum": [ + "ClusterIP", + "NodePort", + "LoadBalancer" + ] + }, + "annotations": { + "type": "object", + "additionalProperties": { + "type": [ + "string", + "null" + ] } - } - }, - "additionalProperties": false - }, - "Ingress": { - "type": "object", - "properties": { - "className": { - "type": "string" }, - "controllerType": { + "internalTrafficPolicy": { + "type": "string", + "enum": [ + "Cluster", + "Local" + ] + }, + "externalTrafficPolicy": { "type": "string", "enum": [ - "ingress-nginx" + "Cluster", + "Local" ] + }, + "externalIPs": { + "type": "array", + "items": { + "type": "string" + } } }, "additionalProperties": false + } + }, + "additionalProperties": false + }, + "routes": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "sectionName": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "minItems": 1 + }, + "host": { + "type": "string" }, "annotations": { "type": "object", "additionalProperties": { - "type": [ - "string", - "null" - ] + "type": "string" } }, - "host": { - "type": "string" - }, "tlsEnabled": { "type": "boolean" }, @@ -3933,6 +4063,14 @@ "minimum": 1, "type": "integer" }, + "inboundTrafficHandler": { + "type": "string", + "enum": [ + "ingress", + "routes", + "none" + ] + }, "extraVolumes": { "type": "array", "items": { @@ -4084,79 +4222,122 @@ "ingress": { "type": "object", "properties": { - "enabled": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": [ + "string", + "null" + ] + } + }, + "host": { + "type": "string" + }, + "className": { + "type": "string" + }, + "tlsEnabled": { "type": "boolean" }, - "type": { + "tlsSecret": { + "type": "string" + }, + "controllerType": { "type": "string", "enum": [ - "HTTPRoute", - "Ingress" + "ingress-nginx" ] }, - "HTTPRoute": { + "service": { "type": "object", "properties": { - "existingGateways": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "group": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "sectionName": { - "type": "string" - }, - "port": { - "type": "integer" - } - }, - "additionalProperties": false + "type": { + "type": "string", + "enum": [ + "ClusterIP", + "NodePort", + "LoadBalancer" + ] + }, + "annotations": { + "type": "object", + "additionalProperties": { + "type": [ + "string", + "null" + ] } - } - }, - "additionalProperties": false - }, - "Ingress": { - "type": "object", - "properties": { - "className": { - "type": "string" }, - "controllerType": { + "internalTrafficPolicy": { + "type": "string", + "enum": [ + "Cluster", + "Local" + ] + }, + "externalTrafficPolicy": { "type": "string", "enum": [ - "ingress-nginx" + "Cluster", + "Local" ] + }, + "externalIPs": { + "type": "array", + "items": { + "type": "string" + } } }, "additionalProperties": false + } + }, + "additionalProperties": false + }, + "routes": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "sectionName": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "minItems": 1 + }, + "host": { + "type": "string" }, "annotations": { "type": "object", "additionalProperties": { - "type": [ - "string", - "null" - ] + "type": "string" } }, - "host": { - "type": "string" - }, "tlsEnabled": { "type": "boolean" }, @@ -5415,6 +5596,14 @@ }, "additionalProperties": false }, + "inboundTrafficHandler": { + "type": "string", + "enum": [ + "ingress", + "routes", + "none" + ] + }, "additional": { "type": "object", "additionalProperties": { @@ -5461,79 +5650,122 @@ "ingress": { "type": "object", "properties": { - "enabled": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": [ + "string", + "null" + ] + } + }, + "host": { + "type": "string" + }, + "className": { + "type": "string" + }, + "tlsEnabled": { "type": "boolean" }, - "type": { + "tlsSecret": { + "type": "string" + }, + "controllerType": { "type": "string", "enum": [ - "HTTPRoute", - "Ingress" + "ingress-nginx" ] }, - "HTTPRoute": { + "service": { "type": "object", "properties": { - "existingGateways": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "group": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "sectionName": { - "type": "string" - }, - "port": { - "type": "integer" - } - }, - "additionalProperties": false + "type": { + "type": "string", + "enum": [ + "ClusterIP", + "NodePort", + "LoadBalancer" + ] + }, + "annotations": { + "type": "object", + "additionalProperties": { + "type": [ + "string", + "null" + ] } - } - }, - "additionalProperties": false - }, - "Ingress": { - "type": "object", - "properties": { - "className": { - "type": "string" }, - "controllerType": { + "internalTrafficPolicy": { + "type": "string", + "enum": [ + "Cluster", + "Local" + ] + }, + "externalTrafficPolicy": { "type": "string", "enum": [ - "ingress-nginx" + "Cluster", + "Local" ] + }, + "externalIPs": { + "type": "array", + "items": { + "type": "string" + } } }, "additionalProperties": false + } + }, + "additionalProperties": false + }, + "routes": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "sectionName": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "minItems": 1 + }, + "host": { + "type": "string" }, "annotations": { "type": "object", "additionalProperties": { - "type": [ - "string", - "null" - ] + "type": "string" } }, - "host": { - "type": "string" - }, "tlsEnabled": { "type": "boolean" }, @@ -6949,82 +7181,133 @@ }, "additionalProperties": false }, + "inboundTrafficHandler": { + "type": "string", + "enum": [ + "ingress", + "routes", + "none" + ] + }, "ingress": { "type": "object", "properties": { - "enabled": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": [ + "string", + "null" + ] + } + }, + "host": { + "type": "string" + }, + "className": { + "type": "string" + }, + "tlsEnabled": { "type": "boolean" }, - "type": { + "tlsSecret": { + "type": "string" + }, + "controllerType": { "type": "string", "enum": [ - "HTTPRoute", - "Ingress" + "ingress-nginx" ] }, - "HTTPRoute": { + "service": { "type": "object", "properties": { - "existingGateways": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "group": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "sectionName": { - "type": "string" - }, - "port": { - "type": "integer" - } - }, - "additionalProperties": false + "type": { + "type": "string", + "enum": [ + "ClusterIP", + "NodePort", + "LoadBalancer" + ] + }, + "annotations": { + "type": "object", + "additionalProperties": { + "type": [ + "string", + "null" + ] } - } - }, - "additionalProperties": false - }, - "Ingress": { - "type": "object", - "properties": { - "className": { - "type": "string" }, - "controllerType": { + "internalTrafficPolicy": { + "type": "string", + "enum": [ + "Cluster", + "Local" + ] + }, + "externalTrafficPolicy": { "type": "string", "enum": [ - "ingress-nginx" + "Cluster", + "Local" ] + }, + "externalIPs": { + "type": "array", + "items": { + "type": "string" + } } }, "additionalProperties": false + } + }, + "additionalProperties": false + }, + "routes": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "sectionName": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "minItems": 1 + }, + "host": { + "type": "string" }, "annotations": { "type": "object", "additionalProperties": { - "type": [ - "string", - "null" - ] + "type": "string" } }, - "host": { - "type": "string" - }, "tlsEnabled": { "type": "boolean" }, @@ -9753,69 +10036,193 @@ "type": "string" } }, + "inboundTrafficHandler": { + "type": "string", + "enum": [ + "ingress", + "routes", + "none" + ] + }, "ingress": { "type": "object", "properties": { - "enabled": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": [ + "string", + "null" + ] + } + }, + "host": { + "type": "string" + }, + "className": { + "type": "string" + }, + "tlsEnabled": { "type": "boolean" }, - "type": { + "tlsSecret": { + "type": "string" + }, + "controllerType": { "type": "string", "enum": [ - "HTTPRoute", - "Ingress" + "ingress-nginx" ] }, - "HTTPRoute": { + "service": { "type": "object", "properties": { - "existingGateways": { + "type": { + "type": "string", + "enum": [ + "ClusterIP", + "NodePort", + "LoadBalancer" + ] + }, + "annotations": { + "type": "object", + "additionalProperties": { + "type": [ + "string", + "null" + ] + } + }, + "internalTrafficPolicy": { + "type": "string", + "enum": [ + "Cluster", + "Local" + ] + }, + "externalTrafficPolicy": { + "type": "string", + "enum": [ + "Cluster", + "Local" + ] + }, + "externalIPs": { "type": "array", "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "additionalPaths": { + "type": "array", + "items": { + "type": "object", + "required": [ + "path", + "availability" + ], + "properties": { + "path": { + "type": "string" + }, + "availability": { + "type": "string", + "enum": [ + "internally_and_externally", + "only_externally", + "blocked" + ] + }, + "service": { "type": "object", "required": [ - "name" + "name", + "port" ], "properties": { "name": { "type": "string" }, - "namespace": { - "type": "string" - }, - "group": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "sectionName": { - "type": "string" - }, "port": { - "type": "integer" + "type": "object", + "oneOf": [ + { + "required": [ + "name" + ], + "not": { + "required": [ + "number" + ] + } + }, + { + "required": [ + "number" + ], + "not": { + "required": [ + "name" + ] + } + } + ], + "properties": { + "name": { + "type": "string" + }, + "number": { + "type": "integer" + } + }, + "additionalProperties": false } }, "additionalProperties": false } - } - }, - "additionalProperties": false - }, - "Ingress": { - "type": "object", - "properties": { - "className": { - "type": "string" }, - "controllerType": { - "type": "string", - "enum": [ - "ingress-nginx" - ] - } - }, - "additionalProperties": false + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "routes": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "sectionName": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "additionalProperties": false + } }, "annotations": { "type": "object", @@ -15596,77 +16003,125 @@ "enabled": { "type": "boolean" }, + "inboundTrafficHandler": { + "type": "string", + "enum": [ + "ingress", + "routes", + "none" + ] + }, "ingress": { "type": "object", "properties": { - "enabled": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": [ + "string", + "null" + ] + } + }, + "className": { + "type": "string" + }, + "tlsEnabled": { "type": "boolean" }, - "type": { + "tlsSecret": { + "type": "string" + }, + "controllerType": { "type": "string", "enum": [ - "HTTPRoute", - "Ingress" + "ingress-nginx" ] }, - "HTTPRoute": { + "service": { "type": "object", "properties": { - "existingGateways": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "group": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "sectionName": { - "type": "string" - }, - "port": { - "type": "integer" - } - }, - "additionalProperties": false + "type": { + "type": "string", + "enum": [ + "ClusterIP", + "NodePort", + "LoadBalancer" + ] + }, + "annotations": { + "type": "object", + "additionalProperties": { + "type": [ + "string", + "null" + ] } - } - }, - "additionalProperties": false - }, - "Ingress": { - "type": "object", - "properties": { - "className": { - "type": "string" }, - "controllerType": { + "internalTrafficPolicy": { + "type": "string", + "enum": [ + "Cluster", + "Local" + ] + }, + "externalTrafficPolicy": { "type": "string", "enum": [ - "ingress-nginx" + "Cluster", + "Local" ] + }, + "externalIPs": { + "type": "array", + "items": { + "type": "string" + } } }, "additionalProperties": false + } + }, + "additionalProperties": false + }, + "routes": { + "type": "object", + "properties": { + "existingGateways": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "sectionName": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "minItems": 1 }, "annotations": { "type": "object", "additionalProperties": { - "type": [ - "string", - "null" - ] + "type": "string" } }, "tlsEnabled": { diff --git a/charts/matrix-stack/values.yaml b/charts/matrix-stack/values.yaml index 3e756a2ef..9dbd0d928 100644 --- a/charts/matrix-stack/values.yaml +++ b/charts/matrix-stack/values.yaml @@ -53,11 +53,6 @@ labels: {} ## How all ingresses should be constructed by default, unless overridden ingress: - ## Should we generate any Ingress resources - enabled: true - ## What type of ingress resource should be used (Ingress, HTTPRoute) - type: Ingress - ## Annotations to be added to all Ingresses. Will be merged with component specific Ingress annotations annotations: {} @@ -76,20 +71,36 @@ ingress: externalTrafficPolicy: Cluster internalTrafficPolicy: Cluster - ## Ingress specific configuration - Ingress: {} - ## What Ingress Class Name that should be used for all Ingresses by default - # className: + ## What Ingress Class Name that should be used for all Ingresses by default + # className: - ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. - ## This can be set to `ingress-nginx`. - # controllerType: + ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. + ## This can be set to `ingress-nginx`. + # controllerType: - ## HTTPRoute specific configuration - HTTPRoute: {} - ## List of existing Gateway parent refs to connect the routes to. - ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference - # existingGateways: {} +## How all routes should be constructed by default, unless overridden +routes: + ## Annotations to be added to all routes. Will be merged with component specific route annotations + annotations: {} + + ## Disable TLS configuration by setting it to false + tlsEnabled: true + + ## The name of the Secret containing the TLS certificate and the key that should be used for all routes by default + # tlsSecret: + + ## How the Services behind all routes is constructed by default + service: + type: ClusterIP + ## Annotations to be added to all routes services. Will be merged with component specific route services annotations + annotations: {} + # External traffic policy will be configured on services of type `NodePort` and `LoadBalancer` + externalTrafficPolicy: Cluster + internalTrafficPolicy: Cluster + + ## List of existing Gateway parent refs to connect the routes to. + ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference + # existingGateways: {} ## Common image properties that are applied as defaults to all components. image: @@ -506,11 +517,6 @@ matrixRTC: ## What hostname should be used for this Ingress # host: - ## Should we generate this Ingress resource - enabled: true - ## What type of ingress resource should be used (Ingress, HTTPRoute) - # type: Ingress - ## Annotations to be added to this Ingress annotations: {} @@ -531,20 +537,40 @@ matrixRTC: # externalIPs: [] service: {} - ## Ingress specific configuration - Ingress: {} - ## What Ingress Class Name that should be used for this Ingress - # className: + ## What Ingress Class Name that should be used for this Ingress + # className: + + ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. + ## This can be set to `ingress-nginx`. + # controllerType: + ## How this component's routes should be constructed + routes: + ## What hostname should be used for this component + # host: + + ## Annotations to be added to this route + annotations: {} + + ## Disable TLS configuration by setting it to false + tlsEnabled: true - ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. - ## This can be set to `ingress-nginx`. - # controllerType: + ## The name of the Secret containing the TLS certificate and the key that should be used for this route + # tlsSecret: - ## HTTPRoute specific configuration - HTTPRoute: {} - ## List of existing Gateway parent refs to connect the routes to. - ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference - # existingGateways: {} + ## How the Service behind this route is constructed + # service: + # type: ClusterIP + # annotations: {} + # # External traffic policy will be configured on services of type `NodePort` and `LoadBalancer` + # externalTrafficPolicy: Cluster + # internalTrafficPolicy: Cluster + # # External IPs addresses of this service. + # externalIPs: [] + service: {} + + ## List of existing Gateway parent refs to connect the routes to. + ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference + # existingGateways: {} # Details of the image to be used image: ## The host and (optional) port of the container image registry for this component. @@ -1187,11 +1213,6 @@ elementAdmin: ## What hostname should be used for this Ingress # host: - ## Should we generate this Ingress resource - enabled: true - ## What type of ingress resource should be used (Ingress, HTTPRoute) - # type: Ingress - ## Annotations to be added to this Ingress annotations: {} @@ -1212,20 +1233,40 @@ elementAdmin: # externalIPs: [] service: {} - ## Ingress specific configuration - Ingress: {} - ## What Ingress Class Name that should be used for this Ingress - # className: + ## What Ingress Class Name that should be used for this Ingress + # className: - ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. - ## This can be set to `ingress-nginx`. - # controllerType: + ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. + ## This can be set to `ingress-nginx`. + # controllerType: + ## How this component's routes should be constructed + routes: + ## What hostname should be used for this component + # host: + + ## Annotations to be added to this route + annotations: {} + + ## Disable TLS configuration by setting it to false + tlsEnabled: true + + ## The name of the Secret containing the TLS certificate and the key that should be used for this route + # tlsSecret: - ## HTTPRoute specific configuration - HTTPRoute: {} - ## List of existing Gateway parent refs to connect the routes to. - ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference - # existingGateways: {} + ## How the Service behind this route is constructed + # service: + # type: ClusterIP + # annotations: {} + # # External traffic policy will be configured on services of type `NodePort` and `LoadBalancer` + # externalTrafficPolicy: Cluster + # internalTrafficPolicy: Cluster + # # External IPs addresses of this service. + # externalIPs: [] + service: {} + + ## List of existing Gateway parent refs to connect the routes to. + ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference + # existingGateways: {} ## Labels to add to all manifest for this component labels: {} ## Defines the annotations to add to the workload @@ -1463,11 +1504,6 @@ elementWeb: ## What hostname should be used for this Ingress # host: - ## Should we generate this Ingress resource - enabled: true - ## What type of ingress resource should be used (Ingress, HTTPRoute) - # type: Ingress - ## Annotations to be added to this Ingress annotations: {} @@ -1488,20 +1524,40 @@ elementWeb: # externalIPs: [] service: {} - ## Ingress specific configuration - Ingress: {} - ## What Ingress Class Name that should be used for this Ingress - # className: + ## What Ingress Class Name that should be used for this Ingress + # className: - ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. - ## This can be set to `ingress-nginx`. - # controllerType: + ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. + ## This can be set to `ingress-nginx`. + # controllerType: + ## How this component's routes should be constructed + routes: + ## What hostname should be used for this component + # host: + + ## Annotations to be added to this route + annotations: {} + + ## Disable TLS configuration by setting it to false + tlsEnabled: true + + ## The name of the Secret containing the TLS certificate and the key that should be used for this route + # tlsSecret: + + ## How the Service behind this route is constructed + # service: + # type: ClusterIP + # annotations: {} + # # External traffic policy will be configured on services of type `NodePort` and `LoadBalancer` + # externalTrafficPolicy: Cluster + # internalTrafficPolicy: Cluster + # # External IPs addresses of this service. + # externalIPs: [] + service: {} - ## HTTPRoute specific configuration - HTTPRoute: {} - ## List of existing Gateway parent refs to connect the routes to. - ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference - # existingGateways: {} + ## List of existing Gateway parent refs to connect the routes to. + ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference + # existingGateways: {} ## Labels to add to all manifest for this component labels: {} ## Defines the annotations to add to the workload @@ -2022,11 +2078,6 @@ hookshot: ## What hostname should be used for this Ingress # host: - ## Should we generate this Ingress resource - enabled: true - ## What type of ingress resource should be used (Ingress, HTTPRoute) - # type: Ingress - ## Annotations to be added to this Ingress annotations: {} @@ -2047,20 +2098,41 @@ hookshot: # externalIPs: [] service: {} - ## Ingress specific configuration - Ingress: {} - ## What Ingress Class Name that should be used for this Ingress - # className: + ## What Ingress Class Name that should be used for this Ingress + # className: - ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. - ## This can be set to `ingress-nginx`. - # controllerType: + ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. + ## This can be set to `ingress-nginx`. + # controllerType: + + ## How this component's routes should be constructed + routes: + ## What hostname should be used for this component + # host: + + ## Annotations to be added to this route + annotations: {} - ## HTTPRoute specific configuration - HTTPRoute: {} - ## List of existing Gateway parent refs to connect the routes to. - ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference - # existingGateways: {} + ## Disable TLS configuration by setting it to false + tlsEnabled: true + + ## The name of the Secret containing the TLS certificate and the key that should be used for this route + # tlsSecret: + + ## How the Service behind this route is constructed + # service: + # type: ClusterIP + # annotations: {} + # # External traffic policy will be configured on services of type `NodePort` and `LoadBalancer` + # externalTrafficPolicy: Cluster + # internalTrafficPolicy: Cluster + # # External IPs addresses of this service. + # externalIPs: [] + service: {} + + ## List of existing Gateway parent refs to connect the routes to. + ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference + # existingGateways: {} ## Additional configuration to provide to Hookshot. ## You can, if you whish, override it in the additional config. @@ -2486,11 +2558,6 @@ matrixAuthenticationService: ## What hostname should be used for this Ingress # host: - ## Should we generate this Ingress resource - enabled: true - ## What type of ingress resource should be used (Ingress, HTTPRoute) - # type: Ingress - ## Annotations to be added to this Ingress annotations: {} @@ -2511,20 +2578,41 @@ matrixAuthenticationService: # externalIPs: [] service: {} - ## Ingress specific configuration - Ingress: {} - ## What Ingress Class Name that should be used for this Ingress - # className: + ## What Ingress Class Name that should be used for this Ingress + # className: + + ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. + ## This can be set to `ingress-nginx`. + # controllerType: + + ## How this component's routes should be constructed + routes: + ## What hostname should be used for this component + # host: + + ## Annotations to be added to this route + annotations: {} + + ## Disable TLS configuration by setting it to false + tlsEnabled: true + + ## The name of the Secret containing the TLS certificate and the key that should be used for this route + # tlsSecret: - ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. - ## This can be set to `ingress-nginx`. - # controllerType: + ## How the Service behind this route is constructed + # service: + # type: ClusterIP + # annotations: {} + # # External traffic policy will be configured on services of type `NodePort` and `LoadBalancer` + # externalTrafficPolicy: Cluster + # internalTrafficPolicy: Cluster + # # External IPs addresses of this service. + # externalIPs: [] + service: {} - ## HTTPRoute specific configuration - HTTPRoute: {} - ## List of existing Gateway parent refs to connect the routes to. - ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference - # existingGateways: {} + ## List of existing Gateway parent refs to connect the routes to. + ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference + # existingGateways: {} ## Kubernetes resources to allocate to each instance. resources: @@ -5045,11 +5133,6 @@ synapse: ## What hostname should be used for this Ingress # host: - ## Should we generate this Ingress resource - enabled: true - ## What type of ingress resource should be used (Ingress, HTTPRoute) - # type: Ingress - ## Annotations to be added to this Ingress annotations: {} @@ -5070,20 +5153,40 @@ synapse: # externalIPs: [] service: {} - ## Ingress specific configuration - Ingress: {} - ## What Ingress Class Name that should be used for this Ingress - # className: + ## What Ingress Class Name that should be used for this Ingress + # className: + + ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. + ## This can be set to `ingress-nginx`. + # controllerType: + ## How this component's routes should be constructed + routes: + ## What hostname should be used for this component + # host: + + ## Annotations to be added to this route + annotations: {} - ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. - ## This can be set to `ingress-nginx`. - # controllerType: + ## Disable TLS configuration by setting it to false + tlsEnabled: true + + ## The name of the Secret containing the TLS certificate and the key that should be used for this route + # tlsSecret: - ## HTTPRoute specific configuration - HTTPRoute: {} - ## List of existing Gateway parent refs to connect the routes to. - ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference - # existingGateways: {} + ## How the Service behind this route is constructed + # service: + # type: ClusterIP + # annotations: {} + # # External traffic policy will be configured on services of type `NodePort` and `LoadBalancer` + # externalTrafficPolicy: Cluster + # internalTrafficPolicy: Cluster + # # External IPs addresses of this service. + # externalIPs: [] + service: {} + + ## List of existing Gateway parent refs to connect the routes to. + ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference + # existingGateways: {} ## Labels to add to all manifest for this component labels: {} ## Defines the annotations to add to the workload @@ -5298,11 +5401,6 @@ wellKnownDelegation: ## What hostname should be used for this Ingress # host: - ## Should we generate this Ingress resource - enabled: true - ## What type of ingress resource should be used (Ingress, HTTPRoute) - # type: Ingress - ## Annotations to be added to this Ingress annotations: {} @@ -5323,20 +5421,38 @@ wellKnownDelegation: # externalIPs: [] service: {} - ## Ingress specific configuration - Ingress: {} - ## What Ingress Class Name that should be used for this Ingress - # className: + ## What Ingress Class Name that should be used for this Ingress + # className: + + ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. + ## This can be set to `ingress-nginx`. + # controllerType: + + ## How this component's routes should be constructed + routes: + ## Annotations to be added to this route + annotations: {} + + ## Disable TLS configuration by setting it to false + tlsEnabled: true + + ## The name of the Secret containing the TLS certificate and the key that should be used for this route + # tlsSecret: - ## If set, some tweaks will be applied automatically to ingresses based on the controller type here. - ## This can be set to `ingress-nginx`. - # controllerType: + ## How the Service behind this route is constructed + # service: + # type: ClusterIP + # annotations: {} + # # External traffic policy will be configured on services of type `NodePort` and `LoadBalancer` + # externalTrafficPolicy: Cluster + # internalTrafficPolicy: Cluster + # # External IPs addresses of this service. + # externalIPs: [] + service: {} - ## HTTPRoute specific configuration - HTTPRoute: {} - ## List of existing Gateway parent refs to connect the routes to. - ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference - # existingGateways: {} + ## List of existing Gateway parent refs to connect the routes to. + ## More info: https://gateway-api.sigs.k8s.io/reference/spec/#parentreference + # existingGateways: {} ## If ElementWeb is deployed, the base domain will redirect to it's ingress host by default ## If ElementWeb is not deployed or this is disabled, no base domain URL redirect will be set.