diff --git a/charts/gateway-helm/Chart.lock b/charts/gateway-helm/Chart.lock new file mode 100644 index 0000000000..88ba8998a4 --- /dev/null +++ b/charts/gateway-helm/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: crds + repository: "" + version: 0.0.0 +digest: sha256:aeada3fbffa2565a325406ad014001fd2685f7c0c9cfc1167da4f10c75a1bd65 +generated: "2026-02-17T14:34:30.962808-07:00" diff --git a/charts/gateway-helm/Chart.yaml b/charts/gateway-helm/Chart.yaml index f29f1384f0..8a516e5f58 100644 --- a/charts/gateway-helm/Chart.yaml +++ b/charts/gateway-helm/Chart.yaml @@ -23,3 +23,7 @@ home: https://gateway.envoyproxy.io/ sources: - https://github.com/envoyproxy/gateway + +dependencies: + - name: crds + version: "0.0.0" diff --git a/charts/gateway-helm/README.md b/charts/gateway-helm/README.md index 19dc527bb8..a3d1c17dd9 100644 --- a/charts/gateway-helm/README.md +++ b/charts/gateway-helm/README.md @@ -17,6 +17,12 @@ The Helm chart for Envoy Gateway * +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| | crds | 0.0.0 | + ## Usage [Helm](https://helm.sh) must be installed to use the charts. diff --git a/charts/gateway-helm/charts/crds/Chart.yaml b/charts/gateway-helm/charts/crds/Chart.yaml new file mode 100644 index 0000000000..d5f2790e52 --- /dev/null +++ b/charts/gateway-helm/charts/crds/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: crds +description: Envoy Gateway and Gateway API CRDs +type: application +version: 0.0.0 +appVersion: "0.0.0" diff --git a/charts/gateway-helm/crds/gatewayapi-crds.yaml b/charts/gateway-helm/charts/crds/crds/gatewayapi-crds.yaml similarity index 100% rename from charts/gateway-helm/crds/gatewayapi-crds.yaml rename to charts/gateway-helm/charts/crds/crds/gatewayapi-crds.yaml diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backends.yaml b/charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_backends.yaml similarity index 100% rename from charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backends.yaml rename to charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_backends.yaml diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml b/charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml similarity index 100% rename from charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml rename to charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml similarity index 100% rename from charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml rename to charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml b/charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml similarity index 100% rename from charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml rename to charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoypatchpolicies.yaml b/charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_envoypatchpolicies.yaml similarity index 100% rename from charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoypatchpolicies.yaml rename to charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_envoypatchpolicies.yaml diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml b/charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml similarity index 100% rename from charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml rename to charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_httproutefilters.yaml b/charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_httproutefilters.yaml similarity index 100% rename from charts/gateway-helm/crds/generated/gateway.envoyproxy.io_httproutefilters.yaml rename to charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_httproutefilters.yaml diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml similarity index 100% rename from charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml rename to charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml diff --git a/embed.go b/embed.go index 97f2e3bf54..f27ceda620 100644 --- a/embed.go +++ b/embed.go @@ -11,31 +11,31 @@ import ( ) var ( - //go:embed charts/gateway-helm/crds/gatewayapi-crds.yaml + //go:embed charts/gateway-helm/charts/crds/crds/gatewayapi-crds.yaml gatewayAPICRDs []byte - //go:embed charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backends.yaml + //go:embed charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_backends.yaml backendCRD []byte - //go:embed charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml + //go:embed charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml backendTrafficPolicyCRD []byte - //go:embed charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml + //go:embed charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml clientTrafficPolicyCRD []byte - //go:embed charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml + //go:embed charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml envoyExtensionPolicyCRD []byte - //go:embed charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoypatchpolicies.yaml + //go:embed charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_envoypatchpolicies.yaml envoyPatchPolicyCRD []byte - //go:embed charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml + //go:embed charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml envoyProxyCRD []byte - //go:embed charts/gateway-helm/crds/generated/gateway.envoyproxy.io_httproutefilters.yaml + //go:embed charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_httproutefilters.yaml httpRouteFilterCRD []byte - //go:embed charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml + //go:embed charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml securityPolicyCRD []byte ) diff --git a/internal/provider/kubernetes/kubernetes_test.go b/internal/provider/kubernetes/kubernetes_test.go index e5913fd806..c8ccb9bb50 100644 --- a/internal/provider/kubernetes/kubernetes_test.go +++ b/internal/provider/kubernetes/kubernetes_test.go @@ -110,8 +110,8 @@ func TestProvider(t *testing.T) { func startEnv() (*envtest.Environment, *rest.Config, error) { log.SetLogger(zap.New(zap.WriteTo(os.Stderr), zap.UseDevMode(true))) - gwAPIs := filepath.Join("..", "..", "..", "charts", "gateway-helm", "crds", "gatewayapi-crds.yaml") - egAPIs := filepath.Join("..", "..", "..", "charts", "gateway-helm", "crds", "generated") + gwAPIs := filepath.Join("..", "..", "..", "charts", "gateway-helm", "charts", "crds", "crds", "gatewayapi-crds.yaml") + egAPIs := filepath.Join("..", "..", "..", "charts", "gateway-helm", "charts", "crds", "crds", "generated") mcsAPIs := filepath.Join(".", "testdata", "crds", "multicluster-svc.yaml") env := &envtest.Environment{ diff --git a/internal/utils/helm/package.go b/internal/utils/helm/package.go index 11a2af4dae..88ab4b7487 100644 --- a/internal/utils/helm/package.go +++ b/internal/utils/helm/package.go @@ -180,11 +180,16 @@ func (pt *PackageTool) loadChart(opts *PackageOptions) (*chart.Chart, error) { return egChart, nil } -// extractCRDs Extract the CRDs part of the chart +// extractCRDs Extract the CRDs part of the chart and its sub-charts func (pt *PackageTool) extractCRDs(ch *chart.Chart) ([]*resource.Info, error) { - crdResInfo := make([]*resource.Info, 0, len(ch.CRDObjects())) + allCRDs := ch.CRDObjects() + for _, dep := range ch.Dependencies() { + allCRDs = append(allCRDs, dep.CRDObjects()...) + } + + crdResInfo := make([]*resource.Info, 0, len(allCRDs)) - for _, crd := range ch.CRDObjects() { + for _, crd := range allCRDs { resInfo, err := pt.actionConfig.KubeClient.Build(bytes.NewBufferString(string(crd.File.Data)), false) if err != nil { return nil, err diff --git a/release-notes/current.yaml b/release-notes/current.yaml index b4d0c5a0ad..c88e8bf3a2 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -30,3 +30,4 @@ deprecations: | # Other notable changes not covered by the above sections. Other changes: | + Moved Envoy Gateway CRDs into a sub-chart to avoid the Helm release secret exceeding the 1MB size limit when adding new API fields. Upgrade/Install behavior is unchanged for users. diff --git a/site/content/en/latest/install/gateway-helm-api.md b/site/content/en/latest/install/gateway-helm-api.md index bd9526e9d2..961eda38e8 100644 --- a/site/content/en/latest/install/gateway-helm-api.md +++ b/site/content/en/latest/install/gateway-helm-api.md @@ -19,6 +19,12 @@ The Helm chart for Envoy Gateway * +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| | crds | 0.0.0 | + ## Values | Key | Type | Default | Description | diff --git a/site/content/en/latest/install/install-yaml.md b/site/content/en/latest/install/install-yaml.md index 4e8b7921d9..71bbab53fd 100644 --- a/site/content/en/latest/install/install-yaml.md +++ b/site/content/en/latest/install/install-yaml.md @@ -36,9 +36,11 @@ Some manual migration steps are required to upgrade Envoy Gateway. 1. Update Gateway-API and Envoy Gateway CRDs: ```shell -helm pull oci://docker.io/envoyproxy/gateway-helm --version {{< yaml-version >}} --untar -kubectl apply --force-conflicts --server-side -f ./gateway-helm/crds/gatewayapi-crds.yaml -kubectl apply --force-conflicts --server-side -f ./gateway-helm/crds/generated +helm template eg-crds oci://docker.io/envoyproxy/gateway-crds-helm \ + --version {{< yaml-version >}} \ + --set crds.gatewayAPI.enabled=true \ + --set crds.envoyGateway.enabled=true \ + | kubectl apply --force-conflicts --server-side -f - ``` 2. Install Envoy Gateway {{< yaml-version >}}: diff --git a/test/cel-validation/main_test.go b/test/cel-validation/main_test.go index dd6f4d39fa..ac8cee31e3 100644 --- a/test/cel-validation/main_test.go +++ b/test/cel-validation/main_test.go @@ -55,7 +55,7 @@ func runTest(m *testing.M) int { func startEnv() (*envtest.Environment, *rest.Config, error) { log.SetLogger(zap.New(zap.WriteTo(os.Stderr), zap.UseDevMode(true))) - egAPIs := filepath.Join("..", "..", "charts", "gateway-helm", "crds", "generated") + egAPIs := filepath.Join("..", "..", "charts", "gateway-helm", "charts", "crds", "crds", "generated") env := &envtest.Environment{ CRDDirectoryPaths: []string{egAPIs}, diff --git a/tools/make/kube.mk b/tools/make/kube.mk index dc54dfd726..ad1394a78f 100644 --- a/tools/make/kube.mk +++ b/tools/make/kube.mk @@ -86,8 +86,9 @@ endif .PHONY: manifests manifests: generate-gwapi-manifests ## Generate WebhookConfiguration and CustomResourceDefinition objects. @$(LOG_TARGET) - $(GO_TOOL) controller-gen crd:allowDangerousTypes=true paths="./api/..." output:crd:artifacts:config=charts/gateway-helm/crds/generated @mkdir -p charts/gateway-helm/templates/generated + @mkdir -p charts/gateway-helm/charts/crds/crds/generated + $(GO_TOOL) controller-gen crd:allowDangerousTypes=true paths="./api/..." output:crd:artifacts:config=charts/gateway-helm/charts/crds/crds/generated $(GO_TOOL) controller-gen crd:allowDangerousTypes=true paths="./api/..." output:crd:artifacts:config=charts/gateway-crds-helm/templates/generated @for file in charts/gateway-crds-helm/templates/generated/*.yaml; do \ sed -i.bak '1s/^/{{- if .Values.crds.envoyGateway.enabled }}\n/' $$file && \ @@ -102,7 +103,8 @@ generate-gwapi-manifests: ## Generate Gateway API manifests and make it consiste @mkdir -p $(OUTPUT_DIR)/ @curl -sLo $(OUTPUT_DIR)/experimental-gatewayapi-crds.yaml ${EXPERIMENTAL_GATEWAY_API_RELEASE_URL} @curl -sLo $(OUTPUT_DIR)/standard-gatewayapi-crds.yaml ${STANDARD_GATEWAY_API_RELEASE_URL} - cp $(OUTPUT_DIR)/experimental-gatewayapi-crds.yaml charts/gateway-helm/crds/gatewayapi-crds.yaml + @mkdir -p charts/gateway-helm/charts/crds/crds + cp $(OUTPUT_DIR)/experimental-gatewayapi-crds.yaml charts/gateway-helm/charts/crds/crds/gatewayapi-crds.yaml @sed -i.bak '1s/^/{{- if and .Values.crds.gatewayAPI.enabled (eq .Values.crds.gatewayAPI.channel "standard") }}\n/' $(OUTPUT_DIR)/standard-gatewayapi-crds.yaml && \ echo '{{- end }}' >> $(OUTPUT_DIR)/standard-gatewayapi-crds.yaml && \ sed -i.bak '1s/^/{{- if and .Values.crds.gatewayAPI.enabled (or (eq .Values.crds.gatewayAPI.channel "experimental") (eq .Values.crds.gatewayAPI.channel "")) }}\n/' $(OUTPUT_DIR)/experimental-gatewayapi-crds.yaml && \ @@ -172,35 +174,21 @@ endif .PHONY: kube-deploy kube-deploy: manifests helm-generate ## Install Envoy Gateway into the Kubernetes cluster specified in ~/.kube/config. @$(LOG_TARGET) - # Install CRDs using helm template to avoid 1MB secret size limit - $(GO_TOOL) helm template eg-crds charts/gateway-crds-helm \ - --set crds.gatewayAPI.enabled=true \ - --set crds.envoyGateway.enabled=true \ - | kubectl apply --server-side -f - - # Install Envoy Gateway without CRDs $(GO_TOOL) helm install eg charts/gateway-helm \ --set deployment.envoyGateway.imagePullPolicy=$(IMAGE_PULL_POLICY) \ -n envoy-gateway-system --create-namespace \ --debug --timeout='$(WAIT_TIMEOUT)' \ --wait --wait-for-jobs \ - --skip-crds \ -f $(KUBE_DEPLOY_HELM_VALUES_FILE) .PHONY: kube-deploy-for-benchmark-test kube-deploy-for-benchmark-test: manifests helm-generate ## Install Envoy Gateway and prometheus-server for benchmark test purpose only. @$(LOG_TARGET) - # Install CRDs using helm template to avoid 1MB secret size limit - $(GO_TOOL) helm template eg-crds charts/gateway-crds-helm \ - --set crds.gatewayAPI.enabled=true \ - --set crds.envoyGateway.enabled=true \ - | kubectl apply --server-side -f - - # Install Envoy Gateway $(GO_TOOL) helm install eg charts/gateway-helm --set deployment.envoyGateway.imagePullPolicy=$(IMAGE_PULL_POLICY) \ --set deployment.envoyGateway.resources.limits.cpu=$(BENCHMARK_CPU_LIMITS) \ --set deployment.envoyGateway.resources.limits.memory=$(BENCHMARK_MEMORY_LIMITS) \ --set config.envoyGateway.admin.enablePprof=true \ - -n envoy-gateway-system --create-namespace --debug --timeout='$(WAIT_TIMEOUT)' --wait --wait-for-jobs \ - --skip-crds + -n envoy-gateway-system --create-namespace --debug --timeout='$(WAIT_TIMEOUT)' --wait --wait-for-jobs # Install Prometheus-server only $(GO_TOOL) helm install eg-addons charts/gateway-addons-helm --set loki.enabled=false \ --set tempo.enabled=false \ @@ -406,11 +394,17 @@ generate-manifests: helm-generate.gateway-helm ## Generate Kubernetes release ma @$(LOG_TARGET) @$(call log, "Generating kubernetes manifests") mkdir -p $(OUTPUT_DIR)/ - $(GO_TOOL) helm template --set createNamespace=true eg charts/gateway-helm --include-crds --namespace envoy-gateway-system > $(OUTPUT_DIR)/install.yaml + $(GO_TOOL) helm template eg-crds charts/gateway-crds-helm \ + --set crds.gatewayAPI.enabled=true \ + --set crds.envoyGateway.enabled=true \ + > $(OUTPUT_DIR)/install.yaml + $(GO_TOOL) helm template --set createNamespace=true eg charts/gateway-helm --namespace envoy-gateway-system >> $(OUTPUT_DIR)/install.yaml @$(call log, "Added: $(OUTPUT_DIR)/install.yaml") cp examples/kubernetes/quickstart.yaml $(OUTPUT_DIR)/quickstart.yaml @$(call log, "Added: $(OUTPUT_DIR)/quickstart.yaml") - cat charts/gateway-helm/crds/generated/* >> $(OUTPUT_DIR)/envoy-gateway-crds.yaml + $(GO_TOOL) helm template eg-crds charts/gateway-crds-helm \ + --set crds.envoyGateway.enabled=true \ + > $(OUTPUT_DIR)/envoy-gateway-crds.yaml @$(call log, "Added: $(OUTPUT_DIR)/envoy-gateway-crds.yaml") .PHONY: generate-artifacts