Skip to content

feat(helm): add namespaceOverride support to gateway-helm chart #8281

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
honarkhah wants to merge 2 commits into
base: main
Choose a base branch
from
+48 −35
Open

feat(helm): add namespaceOverride support to gateway-helm chart #8281

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fb4fffa
feat: add namespaceOverride to support umbrella charts
honarkhah Feb 16, 2026
e316a56
release note
honarkhah Feb 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/gateway-helm/templates/NOTES.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Thank you for installing Envoy Gateway! 🎉

Your release is named: {{ .Release.Name }}. 🎉

Your release is in namespace: {{ .Release.Namespace }}. 🎉
Your release is in namespace: {{ include "eg.namespace" . }}. 🎉

To learn more about the release, try:

Expand Down
7 changes: 7 additions & 0 deletions charts/gateway-helm/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
{{/*
Allow the release namespace to be overridden.
*/}}
{{- define "eg.namespace" -}}
{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
{{- end }}

{{/*
Expand the name of the chart.
*/}}
Expand Down
18 changes: 9 additions & 9 deletions charts/gateway-helm/templates/certgen-rbac.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "eg.fullname" . }}-certgen
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
labels:
{{- include "eg.labels" . | nindent 4 }}
{{- if .Values.certgen.rbac.labels }}
Expand All @@ -19,7 +19,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "eg.fullname" . }}-certgen
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
labels:
{{- include "eg.labels" . | nindent 4 }}
{{- if .Values.certgen.rbac.labels }}
Expand All @@ -45,7 +45,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "eg.fullname" . }}-certgen
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
labels:
{{- include "eg.labels" . | nindent 4 }}
{{- if .Values.certgen.rbac.labels }}
Expand All @@ -64,13 +64,13 @@ roleRef:
subjects:
- kind: ServiceAccount
name: '{{ include "eg.fullname" . }}-certgen'
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
---
{{- if .Values.topologyInjector.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: '{{ include "eg.fullname" . }}-certgen:{{ .Release.Namespace }}'
name: '{{ include "eg.fullname" . }}-certgen:{{ include "eg.namespace" . }}'
labels:
{{- include "eg.labels" . | nindent 4 }}
{{- if .Values.certgen.rbac.labels }}
Expand All @@ -96,15 +96,15 @@ rules:
resources:
- mutatingwebhookconfigurations
resourceNames:
- 'envoy-gateway-topology-injector.{{ .Release.Namespace }}'
- 'envoy-gateway-topology-injector.{{ include "eg.namespace" . }}'
verbs:
- update
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: '{{ include "eg.fullname" . }}-certgen:{{ .Release.Namespace }}'
name: '{{ include "eg.fullname" . }}-certgen:{{ include "eg.namespace" . }}'
labels:
{{- include "eg.labels" . | nindent 4 }}
{{- if .Values.certgen.rbac.labels }}
Expand All @@ -119,9 +119,9 @@ metadata:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: '{{ include "eg.fullname" . }}-certgen:{{ .Release.Namespace }}'
name: '{{ include "eg.fullname" . }}-certgen:{{ include "eg.namespace" . }}'
subjects:
- kind: ServiceAccount
name: '{{ include "eg.fullname" . }}-certgen'
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
{{- end }}
2 changes: 1 addition & 1 deletion charts/gateway-helm/templates/certgen.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "eg.fullname" . }}-certgen
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
labels:
{{- include "eg.labels" . | nindent 4 }}
annotations:
Expand Down
2 changes: 1 addition & 1 deletion charts/gateway-helm/templates/envoy-gateway-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: envoy-gateway-config
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
labels:
{{- include "eg.labels" . | nindent 4 }}
data:
Expand Down
2 changes: 1 addition & 1 deletion charts/gateway-helm/templates/envoy-gateway-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: envoy-gateway
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
{{- with .Values.deployment.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
Expand Down
2 changes: 1 addition & 1 deletion charts/gateway-helm/templates/envoy-gateway-hpa.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: envoy-gateway
namespace: '{{ $.Release.Namespace }}'
namespace: '{{ include "eg.namespace" $ }}'
spec:
scaleTargetRef:
apiVersion: apps/v1
Expand Down
4 changes: 2 additions & 2 deletions charts/gateway-helm/templates/envoy-gateway-poddisruptionbudget.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: envoy-gateway
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
spec:
{{- if and .Values.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
Expand All @@ -15,4 +15,4 @@ spec:
matchLabels:
control-plane: envoy-gateway
{{- include "eg.selectorLabels" . | nindent 6 }}
{{- end }}
{{- end }}
6 changes: 3 additions & 3 deletions charts/gateway-helm/templates/envoy-gateway-rbac.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: 'envoy-gateway'
namespace: '{{ $.Release.Namespace }}'
namespace: '{{ include "eg.namespace" $ }}'
{{ end }}
---
apiVersion: rbac.authorization.k8s.io/v1
Expand All @@ -55,7 +55,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: 'envoy-gateway'
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
{{ else }}
---
apiVersion: rbac.authorization.k8s.io/v1
Expand All @@ -78,5 +78,5 @@ roleRef:
subjects:
- kind: ServiceAccount
name: 'envoy-gateway'
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
{{ end }}
2 changes: 1 addition & 1 deletion charts/gateway-helm/templates/envoy-gateway-service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v1
kind: Service
metadata:
name: envoy-gateway
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
Expand Down
2 changes: 1 addition & 1 deletion charts/gateway-helm/templates/envoy-gateway-serviceaccount.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,6 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: envoy-gateway
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
labels:
{{- include "eg.labels" . | nindent 4 }}
8 changes: 4 additions & 4 deletions charts/gateway-helm/templates/envoy-proxy-topology-injector-webhook.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: 'envoy-gateway-topology-injector.{{ .Release.Namespace }}'
name: 'envoy-gateway-topology-injector.{{ include "eg.namespace" . }}'
annotations:
"helm.sh/hook": pre-install, pre-upgrade
"helm.sh/hook-weight": "-1"
Expand All @@ -34,7 +34,7 @@ webhooks:
clientConfig:
service:
name: envoy-gateway
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
path: "/inject-pod-topology"
port: 9443
failurePolicy: Ignore
Expand All @@ -49,7 +49,7 @@ webhooks:
- key: kubernetes.io/metadata.name
operator: In
values:
- {{ .Release.Namespace }}
- {{ include "eg.namespace" . }}
{{- else if gt (len $watchedNamespaces) 0 }}
namespaceSelector:
matchExpressions:
Expand All @@ -60,4 +60,4 @@ webhooks:
- {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
8 changes: 4 additions & 4 deletions charts/gateway-helm/templates/infra-manager-rbac.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,15 +29,15 @@ roleRef:
subjects:
- kind: ServiceAccount
name: 'envoy-gateway'
namespace: '{{ $.Release.Namespace }}'
namespace: '{{ include "eg.namespace" $ }}'
---
{{ end }}
{{ end }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "eg.fullname" . }}-infra-manager
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
labels:
{{- include "eg.labels" . | nindent 4 }}
rules:
Expand All @@ -47,7 +47,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "eg.fullname" . }}-infra-manager
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
labels:
{{- include "eg.labels" . | nindent 4 }}
roleRef:
Expand All @@ -57,4 +57,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: 'envoy-gateway'
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
6 changes: 3 additions & 3 deletions charts/gateway-helm/templates/leader-election-rbac.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "eg.fullname" . }}-leader-election-role
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
labels:
{{- include "eg.labels" . | nindent 4 }}
rules:
Expand Down Expand Up @@ -42,7 +42,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "eg.fullname" . }}-leader-election-rolebinding
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
labels:
{{- include "eg.labels" . | nindent 4 }}
roleRef:
Expand All @@ -52,4 +52,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: 'envoy-gateway'
namespace: '{{ .Release.Namespace }}'
namespace: '{{ include "eg.namespace" . }}'
2 changes: 1 addition & 1 deletion charts/gateway-helm/templates/namespace.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@
apiVersion: v1
kind: Namespace
metadata:
name: '{{ .Release.Namespace }}'
name: '{{ include "eg.namespace" . }}'
{{ end }}
4 changes: 2 additions & 2 deletions charts/gateway-helm/templates/namespaced-infra-manager-rbac.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: 'envoy-gateway'
namespace: '{{ $.Release.Namespace }}'
namespace: '{{ include "eg.namespace" $ }}'
{{ if $kube.watch.namespaces }}
{{ if gt (len $kube.watch.namespaces) 0 }}
{{ $watchedNamespaces = $kube.watch.namespaces }}
Expand Down Expand Up @@ -60,7 +60,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: 'envoy-gateway'
namespace: '{{ $.Release.Namespace }}'
namespace: '{{ include "eg.namespace" $ }}'
---
{{- end }}
{{- end }}
4 changes: 4 additions & 0 deletions charts/gateway-helm/values.tmpl.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,10 @@ config:

createNamespace: false

# -- Override the namespace for resources deployed by the chart.
# Defaults to the release namespace.
namespaceOverride: ""

kubernetesClusterDomain: cluster.local

# -- Certgen is used to generate the certificates required by EnvoyGateway. If you want to construct a custom certificate, you can generate a custom certificate through Cert-Manager before installing EnvoyGateway. Certgen will not overwrite the custom certificate. Please do not manually modify `values.yaml` to disable certgen, it may cause EnvoyGateway OIDC,OAuth2,etc. to not work as expected.
Expand Down
2 changes: 2 additions & 0 deletions release-notes/current.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ new features: |
Added support for shadow mode in local rate limiting.
Added `egctl config envoy-gateway` commands to retrieve Envoy Gateway admin config dumps.
The DirectResponse body in HTTPFilter now supports Envoy command operators for dynamic content. See https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators for more details.
Added `namespaceOverride` support to gateway-helm chart
bug fixes: |
Rejected ClientTrafficPolicy if invalid TLS cipher suites are configured.
Expand Down
Loading