Add support for Gateway-Api HTTPRoutes and TCPRoutes

sftpgo/README.md

@@ -93,6 +93,86 @@ services:
 Additional services accept the same options as the `service` option in the values file and
 require at least one port.
 
+### Gateway API (HTTPRoute and TCPRoute)
+
+The chart supports [Kubernetes Gateway API](https://gateway-api.sigs.k8s.io/) for exposing SFTPGo services using `HTTPRoute` and `TCPRoute` resources. This is very useful when using SFTPgo in a cluster with Gateway API compatible ingress controllers like `istio` `Kong` or `Cilium`.
+
+**Prerequisites:** You must have a `Gateway` resource already configured and working in your cluster before enabling Gateway API routes in this chart to make it work.
+
+**Note on TCPRoute:** The `TCPRoute` resources in this chart currently use the `gateway.networking.k8s.io/v1alpha2` API version. Make sure the experimental Gateway API CRDs/APIs are installed and enabled in your cluster if you plan to use TCP routes.
+
+#### HTTPRoute for UI, API and WebDAV
+
+The chart can create `HTTPRoute` resources for the web UI, REST API endpoints and the WebDAV service:
+
+**Example: Exposing the UI via HTTPRoute**
+
+```yaml
+gatewayApi:
+  httpRoutes:
+    ui:
+      enabled: true
+      hostnames:
+        - sftpgo.example.com
+      parentRefs:
+        - name: my-gateway
+          namespace: istio-system
+          sectionName: http
+```
+
+**Example: Exposing the API via HTTPRoute**
+
+```yaml
+gatewayApi:
+  httpRoutes:
+    api:
+      enabled: true
+      hostnames:
+        - sftpgo-api.example.com
+      parentRefs:
+        - name: my-gateway
+          namespace: istio-system
+          sectionName: http
+      pathPrefix: /api
+```
+
+**Example: Exposing the WebDAV service via HTTPRoute**
+
+```yaml
+gatewayApi:
+  httpRoutes:
+    webdav:
+      enabled: true
+      hostnames:
+        - sftpgo-webdav.example.com
+      parentRefs:
+        - name: my-gateway
+          namespace: istio-system
+          sectionName: http
+```
+
+You can optionally customize the backend for each `HTTPRoute` (for example to change the `kind` or `weight`) via the `gatewayApi.httpRoutes.<route>.backend` object.
+
+#### TCPRoute for SFTP and FTP
+
+For TCP-based protocols like SFTP and FTP, you need to use `TCPRoute` instead of `HTTPRoute`:
+
+```yaml
+gatewayApi:
+  tcpRoutes:
+    sftp:
+      enabled: true
+      parentRefs:
+        - name: my-gateway
+          namespace: istio-system
+          sectionName: sftp
+    ftp:
+      enabled: true
+      parentRefs:
+        - name: my-gateway
+          namespace: istio-system
+          sectionName: ftp
+```
 ## Values
 
 | Key | Type | Default | Description |
@@ -116,6 +196,30 @@ require at least one port.
 | ftpd.enabled | bool | `false` | Enable FTP service. |
 | ftpd.port | int | `2021` | Container FTP port. Set to 0 to disable the service. The 'enabled' flag may be removed in the future in favor of this setting. |
 | fullnameOverride | string | `""` | A name to substitute for the full names of resources. |
+| gatewayApi.httpRoutes.api.annotations | object | `{}` | Annotations to be added to the API HTTPRoute. |
+| gatewayApi.httpRoutes.api.enabled | bool | `false` | Enable [HTTPRoute](https://gateway-api.sigs.k8s.io/api-types/httproute/) for the API. |
+| gatewayApi.httpRoutes.api.hostnames | list | `["chart-example.local"]` | Hostnames for the API HTTPRoute. |
+| gatewayApi.httpRoutes.api.labels | object | `{}` | Labels to be added to the API HTTPRoute. |
+| gatewayApi.httpRoutes.api.parentRefs | list | `[]` | ParentRefs for the API HTTPRoute. |
+| gatewayApi.httpRoutes.api.pathPrefix | string | `"/api"` | Path prefix for the API route. |
+| gatewayApi.httpRoutes.ui.annotations | object | `{}` | Annotations to be added to the UI HTTPRoute. |
+| gatewayApi.httpRoutes.ui.enabled | bool | `false` | Enable [HTTPRoute](https://gateway-api.sigs.k8s.io/api-types/httproute/) for the UI. |
+| gatewayApi.httpRoutes.ui.hostnames | list | `["chart-example.local"]` | Hostnames for the UI HTTPRoute. |
+| gatewayApi.httpRoutes.ui.labels | object | `{}` | Labels to be added to the UI HTTPRoute. |
+| gatewayApi.httpRoutes.ui.parentRefs | list | `[]` | ParentRefs for the UI HTTPRoute. |
+| gatewayApi.httpRoutes.webdav.annotations | object | `{}` | Annotations to be added to the WebDAV HTTPRoute. |
+| gatewayApi.httpRoutes.webdav.enabled | bool | `false` | Enable [HTTPRoute](https://gateway-api.sigs.k8s.io/api-types/httproute/) for the WebDAV service. |
+| gatewayApi.httpRoutes.webdav.hostnames | list | `["chart-example.local"]` | Hostnames for the WebDAV HTTPRoute. |
+| gatewayApi.httpRoutes.webdav.labels | object | `{}` | Labels to be added to the WebDAV HTTPRoute. |
+| gatewayApi.httpRoutes.webdav.parentRefs | list | `[]` | ParentRefs for the WebDAV HTTPRoute. |
+| gatewayApi.tcpRoutes.ftp.annotations | object | `{}` | Annotations to be added to the FTP TCPRoute. |
+| gatewayApi.tcpRoutes.ftp.enabled | bool | `false` | Enable TCPRoute for FTP. |
+| gatewayApi.tcpRoutes.ftp.labels | object | `{}` | Labels to be added to the FTP TCPRoute. |
+| gatewayApi.tcpRoutes.ftp.parentRefs | list | `[]` | ParentRefs for the FTP TCPRoute. |
+| gatewayApi.tcpRoutes.sftp.annotations | object | `{}` | Annotations to be added to the SFTP TCPRoute. |
+| gatewayApi.tcpRoutes.sftp.enabled | bool | `false` | Enable TCPRoute for SFTP. |
+| gatewayApi.tcpRoutes.sftp.labels | object | `{}` | Labels to be added to the SFTP TCPRoute. |
+| gatewayApi.tcpRoutes.sftp.parentRefs | list | `[]` | ParentRefs for the SFTP TCPRoute. |
 | hostNetwork | bool | `false` | Run pods in the host network of nodes. Warning: The use of host network is [discouraged](https://kubernetes.io/docs/concepts/configuration/overview/#services). Make sure to use it only when absolutely necessary. |
 | httpd.enabled | bool | `true` | Enable HTTP service. |
 | httpd.port | int | `8080` | Container HTTP port. Set to 0 to disable the service. The 'enabled' flag may be removed in the future in favor of this setting. |

sftpgo/README.md.gotmpl

@@ -94,6 +94,86 @@ services:
 Additional services accept the same options as the `service` option in the values file and
 require at least one port.
 
+### Gateway API (HTTPRoute and TCPRoute)
+
+The chart supports [Kubernetes Gateway API](https://gateway-api.sigs.k8s.io/) for exposing SFTPGo services using `HTTPRoute` and `TCPRoute` resources. This is very useful when using SFTPgo in a cluster with Gateway API compatible ingress controllers like `istio` `Kong` or `Cilium`.
+
+**Prerequisites:** You must have a `Gateway` resource already configured and working in your cluster before enabling Gateway API routes in this chart to make it work.
+
+**Note on TCPRoute:** The `TCPRoute` resources in this chart currently use the `gateway.networking.k8s.io/v1alpha2` API version. Make sure the experimental Gateway API CRDs/APIs are installed and enabled in your cluster if you plan to use TCP routes.
+
+#### HTTPRoute for UI, API and WebDAV
+
+The chart can create `HTTPRoute` resources for the web UI, REST API endpoints and the WebDAV service:
+
+**Example: Exposing the UI via HTTPRoute**
+
+```yaml
+gatewayApi:
+  httpRoutes:
+    ui:
+      enabled: true
+      hostnames:
+        - sftpgo.example.com
+      parentRefs:
+        - name: my-gateway
+          namespace: istio-system
+          sectionName: http
+```
+
+**Example: Exposing the API via HTTPRoute**
+
+```yaml
+gatewayApi:
+  httpRoutes:
+    api:
+      enabled: true
+      hostnames:
+        - sftpgo-api.example.com
+      parentRefs:
+        - name: my-gateway
+          namespace: istio-system
+          sectionName: http
+      pathPrefix: /api
+```
+
+**Example: Exposing the WebDAV service via HTTPRoute**
+
+```yaml
+gatewayApi:
+  httpRoutes:
+    webdav:
+      enabled: true
+      hostnames:
+        - sftpgo-webdav.example.com
+      parentRefs:
+        - name: my-gateway
+          namespace: istio-system
+          sectionName: http
+```
+
+You can optionally customize the backend for each `HTTPRoute` (for example to change the `kind` or `weight`) via the `gatewayApi.httpRoutes.<route>.backend` object.
+
+#### TCPRoute for SFTP and FTP
+
+For TCP-based protocols like SFTP and FTP, you need to use `TCPRoute` instead of `HTTPRoute`:
+
+```yaml
+gatewayApi:
+  tcpRoutes:
+    sftp:
+      enabled: true
+      parentRefs:
+        - name: my-gateway
+          namespace: istio-system
+          sectionName: sftp
+    ftp:
+      enabled: true
+      parentRefs:
+        - name: my-gateway
+          namespace: istio-system
+          sectionName: ftp
+```
 {{ template "chart.valuesSection" . }}
 
 ## Attributions

sftpgo/templates/httproute-api.yaml

@@ -0,0 +1,40 @@
+{{- if and $.Values.httpd.enabled .Values.gatewayApi.httpRoutes.api.enabled -}}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ include "sftpgo.componentname" (list . "api") }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "sftpgo.labels" . | nindent 4 }}
+    {{- with .Values.gatewayApi.httpRoutes.api.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.gatewayApi.httpRoutes.api.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.gatewayApi.httpRoutes.api.parentRefs }}
+  parentRefs:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.gatewayApi.httpRoutes.api.hostnames }}
+  hostnames:
+    {{- range . }}
+    - {{ . | quote }}
+    {{- end }}
+  {{- end }}
+  {{- $pathPrefix := .Values.gatewayApi.httpRoutes.api.pathPrefix | default "/api" -}}
+  rules:
+  {{- $backend := .Values.gatewayApi.httpRoutes.api.backend | default dict }}
+    - backendRefs:
+        - kind: {{ $backend.kind | default "Service" }}
+          name: {{ include "sftpgo.fullname" $ }}
+          port: {{ $.Values.service.ports.http.port }}
+          weight: {{ $backend.weight | default 1 }}
+      matches:
+        - path:
+            type: PathPrefix
+            value: {{ $pathPrefix }}
+{{- end }}
+

sftpgo/templates/httproute-ui.yaml

@@ -0,0 +1,39 @@
+{{- if and $.Values.httpd.enabled .Values.gatewayApi.httpRoutes.ui.enabled -}}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ include "sftpgo.componentname" (list . "ui") }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "sftpgo.labels" . | nindent 4 }}
+    {{- with .Values.gatewayApi.httpRoutes.ui.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.gatewayApi.httpRoutes.ui.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.gatewayApi.httpRoutes.ui.parentRefs }}
+  parentRefs:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.gatewayApi.httpRoutes.ui.hostnames }}
+  hostnames:
+    {{- range . }}
+    - {{ . | quote }}
+    {{- end }}
+  {{- end }}
+  rules:
+  {{- $backend := .Values.gatewayApi.httpRoutes.ui.backend | default dict }}
+    - backendRefs:
+        - kind: {{ $backend.kind | default "Service" }}
+          name: {{ include "sftpgo.fullname" $ }}
+          port: {{ $.Values.service.ports.http.port }}
+          weight: {{ $backend.weight | default 1 }}
+      matches:
+        - path:
+            type: PathPrefix
+            value: /
+{{- end }}
+

sftpgo/templates/httproute-webdav.yaml

@@ -0,0 +1,39 @@
+{{- if and $.Values.webdavd.enabled .Values.gatewayApi.httpRoutes.webdav.enabled -}}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ include "sftpgo.componentname" (list . "webdav") }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "sftpgo.labels" . | nindent 4 }}
+    {{- with .Values.gatewayApi.httpRoutes.webdav.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.gatewayApi.httpRoutes.webdav.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.gatewayApi.httpRoutes.webdav.parentRefs }}
+  parentRefs:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.gatewayApi.httpRoutes.webdav.hostnames }}
+  hostnames:
+    {{- range . }}
+    - {{ . | quote }}
+    {{- end }}
+  {{- end }}
+  rules:
+  {{- $backend := .Values.gatewayApi.httpRoutes.webdav.backend | default dict }}
+    - backendRefs:
+        - kind: {{ $backend.kind | default "Service" }}
+          name: {{ include "sftpgo.fullname" $ }}
+          port: {{ $.Values.service.ports.webdav.port }}
+          weight: {{ $backend.weight | default 1 }}
+      matches:
+        - path:
+            type: PathPrefix
+            value: /
+{{- end }}
+

sftpgo/templates/tcproutes.yaml

@@ -0,0 +1,52 @@
+{{- if and .Values.sftpd.enabled .Values.gatewayApi.tcpRoutes.sftp.enabled -}}
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: TCPRoute
+metadata:
+  name: {{ include "sftpgo.componentname" (list . "sftp") }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "sftpgo.labels" . | nindent 4 }}
+    {{- with .Values.gatewayApi.tcpRoutes.sftp.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.gatewayApi.tcpRoutes.sftp.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.gatewayApi.tcpRoutes.sftp.parentRefs }}
+  parentRefs:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  rules:
+    - backendRefs:
+        - name: {{ include "sftpgo.fullname" . }}
+          port: {{ $.Values.service.ports.sftp.port }}
+{{- end }}
+
+{{- if and .Values.ftpd.enabled .Values.gatewayApi.tcpRoutes.ftp.enabled -}}
+---
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: TCPRoute
+metadata:
+  name: {{ include "sftpgo.componentname" (list . "ftp") }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "sftpgo.labels" . | nindent 4 }}
+    {{- with .Values.gatewayApi.tcpRoutes.ftp.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.gatewayApi.tcpRoutes.ftp.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.gatewayApi.tcpRoutes.ftp.parentRefs }}
+  parentRefs:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  rules:
+    - backendRefs:
+        - name: {{ include "sftpgo.fullname" . }}
+          port: {{ $.Values.service.ports.ftp.port }}
+{{- end }}