diff --git a/charts/acaas/templates/blog/ingress.yaml b/charts/acaas/templates/blog/ingress.yaml
index 82ca449c5..e9999312e 100644
--- a/charts/acaas/templates/blog/ingress.yaml
+++ b/charts/acaas/templates/blog/ingress.yaml
@@ -1,3 +1,4 @@
+{{ if .Values "ingress" "enabled" }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -25,3 +26,4 @@ spec:
- '{{ .Values.global.platform.host }}'
secretName: {{ default (printf "%s-cert" (include "acaas.fullname" .)) .Values.ingress.tls.secret.name }}
{{- end }}
+{{- end }}
diff --git a/charts/acaas/templates/blog/route.yaml b/charts/acaas/templates/blog/route.yaml
new file mode 100644
index 000000000..9901965ee
--- /dev/null
+++ b/charts/acaas/templates/blog/route.yaml
@@ -0,0 +1,32 @@
+{{ if .Values "httpRoute" "enabled" }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+ {{- with .Values.httpRoute.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: blog
+ namespace: {{ .Release.Namespace }}
+spec:
+ parentRefs:
+ - group: gateway.networking.k8s.io
+ kind: Gateway
+ name: ace
+ namespace: {{ .Release.Namespace }}
+ sectionName: https
+ hostnames:
+ - {{ .Values.global.platform.host }}
+ rules:
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /blog
+ backendRefs:
+ - group: ""
+ kind: Service
+ name: blog
+ namespace: {{ .Release.Namespace }}
+ port: 443
+ weight: 1
+{{- end }}
diff --git a/charts/acaas/templates/docs/ingress.yaml b/charts/acaas/templates/docs/ingress.yaml
index 38196e436..819c4f67a 100644
--- a/charts/acaas/templates/docs/ingress.yaml
+++ b/charts/acaas/templates/docs/ingress.yaml
@@ -1,3 +1,4 @@
+{{ if .Values "ingress" "enabled" }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -25,3 +26,4 @@ spec:
- '{{ .Values.global.platform.host }}'
secretName: {{ default (printf "%s-cert" (include "acaas.fullname" .)) .Values.ingress.tls.secret.name }}
{{- end }}
+{{- end }}
diff --git a/charts/acaas/templates/docs/route.yaml b/charts/acaas/templates/docs/route.yaml
new file mode 100644
index 000000000..d61f20548
--- /dev/null
+++ b/charts/acaas/templates/docs/route.yaml
@@ -0,0 +1,30 @@
+{{ if .Values "httpRoute" "enabled" }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+ {{- with .Values.httpRoute.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: docs
+ namespace: {{ .Release.Namespace }}
+spec:
+ parentRefs:
+ - group: gateway.networking.k8s.io
+ kind: Gateway
+ name: ace
+ namespace: {{ .Release.Namespace }}
+ sectionName: https
+ hostnames:
+ - {{ .Values.global.platform.host }}
+ rules:
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /docs
+ backendRefs:
+ - kind: Service
+ name: docs
+ namespace: {{ .Release.Namespace }}
+ port: 443
+{{- end }}
diff --git a/charts/acaas/templates/gateway.yaml b/charts/acaas/templates/gateway.yaml
new file mode 100644
index 000000000..1c1d7a090
--- /dev/null
+++ b/charts/acaas/templates/gateway.yaml
@@ -0,0 +1,25 @@
+{{ if .Values "httpRoute" "enabled" }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+ name: ace
+ namespace: {{ .Release.Namespace }}
+spec:
+ gatewayClassName: {{ .Values.httpRoute.gatewayClassName }}
+ listeners:
+ - name: https
+ protocol: HTTPS
+ port: 443
+ {{ if .Values.httpRoute.tls.enable }}
+ tls:
+ mode: Terminate
+ certificateRefs:
+ - group: ""
+ kind: Secret
+ name: {{ default (printf "%s-cert" (include "acaas.fullname" .)) .Values.httpRoute.tls.secret.name }}
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ allowedRoutes:
+ namespaces:
+ from: Same
+{{- end }}
diff --git a/charts/acaas/templates/ingress/ingress-hosted.yaml b/charts/acaas/templates/ingress/ingress-hosted.yaml
index 422e156db..c846d9644 100644
--- a/charts/acaas/templates/ingress/ingress-hosted.yaml
+++ b/charts/acaas/templates/ingress/ingress-hosted.yaml
@@ -1,3 +1,4 @@
+{{ if .Values "ingress" "enabled" }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -69,3 +70,4 @@ spec:
- secretName: {{ default (printf "%s-cert" (include "acaas.fullname" .)) .Values.ingress.tls.secret.name }}
hosts:
- '{{ .Values.global.platform.host }}'
+{{- end }}
diff --git a/charts/acaas/templates/ingress/route-hosted.yaml b/charts/acaas/templates/ingress/route-hosted.yaml
new file mode 100644
index 000000000..3a7e9ff9a
--- /dev/null
+++ b/charts/acaas/templates/ingress/route-hosted.yaml
@@ -0,0 +1,88 @@
+{{ if .Values "httpRoute" "enabled" }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+ {{- with .Values.httpRoute.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: ace-hosted
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "acaas.labels" . | nindent 4 }}
+spec:
+ parentRefs:
+ - group: gateway.networking.k8s.io
+ kind: Gateway
+ name: ace
+ namespace: {{ .Release.Namespace }}
+ sectionName: https
+ hostnames:
+ - {{ .Values.global.platform.host }}
+ rules:
+ {{- if (index .Values "billing-ui" "enabled") }}
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /billing
+ backendRefs:
+ - kind: Service
+ name: {{ .Release.Name }}-billing-ui
+ port: 80
+ {{- end }}
+
+ {{- if (index .Values "deploy-ui" "enabled") }}
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /deploy
+ backendRefs:
+ - kind: Service
+ name: {{ .Release.Name }}-deploy-ui
+ port: 80
+ {{- end }}
+
+ {{- if (index .Values "marketplace-api" "enabled") }}
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /marketplace/api
+ backendRefs:
+ - kind: Service
+ name: {{ .Release.Name }}-marketplace-api
+ port: 80
+ {{- end }}
+
+ {{- if (index .Values "marketplace-ui" "enabled") }}
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /marketplace
+ backendRefs:
+ - kind: Service
+ name: {{ .Release.Name }}-marketplace-ui
+ port: 80
+ {{- end }}
+
+ {{- if (index .Values "platform-links" "enabled") }}
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /links
+ backendRefs:
+ - kind: Service
+ name: {{ .Release.Name }}-platform-links
+ port: 80
+ {{- end }}
+
+ {{- if (index .Values "website" "enabled") }}
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /
+ backendRefs:
+ - kind: Service
+ name: {{ .Release.Name }}-website
+ port: 80
+ {{- end }}
+{{- end }}
diff --git a/charts/acaas/templates/learn/ingress.yaml b/charts/acaas/templates/learn/ingress.yaml
index a24fc8553..67b38b4b5 100644
--- a/charts/acaas/templates/learn/ingress.yaml
+++ b/charts/acaas/templates/learn/ingress.yaml
@@ -1,3 +1,4 @@
+{{ if .Values "ingress" "enabled" }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -25,3 +26,4 @@ spec:
- '{{ .Values.global.platform.host }}'
secretName: {{ default (printf "%s-cert" (include "acaas.fullname" .)) .Values.ingress.tls.secret.name }}
{{- end }}
+{{- end }}
diff --git a/charts/acaas/templates/learn/route.yaml b/charts/acaas/templates/learn/route.yaml
new file mode 100644
index 000000000..20fbce6ac
--- /dev/null
+++ b/charts/acaas/templates/learn/route.yaml
@@ -0,0 +1,30 @@
+{{ if .Values "httpRoute" "enabled" }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+ {{- with .Values.httpRoute.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: learn
+ namespace: {{ .Release.Namespace }}
+spec:
+ parentRefs:
+ - group: gateway.networking.k8s.io
+ kind: Gateway
+ name: ace
+ namespace: {{ .Release.Namespace }}
+ sectionName: https
+ hostnames:
+ - {{ .Values.global.platform.host }}
+ rules:
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /learn
+ backendRefs:
+ - kind: Service
+ name: learn
+ namespace: {{ .Release.Namespace }}
+ port: 443
+{{- end }}
diff --git a/charts/acaas/templates/license/ingress.yaml b/charts/acaas/templates/license/ingress.yaml
index 6e0f867eb..3da3eb644 100644
--- a/charts/acaas/templates/license/ingress.yaml
+++ b/charts/acaas/templates/license/ingress.yaml
@@ -1,3 +1,4 @@
+{{ if .Values "ingress" "enabled" }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -29,3 +30,4 @@ spec:
- '{{ .Values.global.platform.host }}'
secretName: {{ default (printf "%s-cert" (include "acaas.fullname" .)) .Values.ingress.tls.secret.name }}
{{- end }}
+{{- end }}
diff --git a/charts/acaas/templates/license/route.yaml b/charts/acaas/templates/license/route.yaml
new file mode 100644
index 000000000..2ea608467
--- /dev/null
+++ b/charts/acaas/templates/license/route.yaml
@@ -0,0 +1,30 @@
+{{ if .Values "httpRoute" "enabled" }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+ {{- with .Values.httpRoute.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: license
+ namespace: {{ .Release.Namespace }}
+spec:
+ parentRefs:
+ - group: gateway.networking.k8s.io
+ kind: Gateway
+ name: ace
+ namespace: {{ .Release.Namespace }}
+ sectionName: https
+ hostnames:
+ - {{ .Values.global.platform.host }}
+ rules:
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /issue-license
+ backendRefs:
+ - kind: Service
+ name: license
+ namespace: {{ .Release.Namespace }}
+ port: 443
+{{- end }}
diff --git a/charts/acaas/templates/selfhost/ingress.yaml b/charts/acaas/templates/selfhost/ingress.yaml
index 184d16067..ca380c685 100644
--- a/charts/acaas/templates/selfhost/ingress.yaml
+++ b/charts/acaas/templates/selfhost/ingress.yaml
@@ -1,3 +1,4 @@
+{{ if .Values "ingress" "enabled" }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -25,3 +26,4 @@ spec:
- '{{ .Values.global.platform.host }}'
secretName: {{ default (printf "%s-cert" (include "acaas.fullname" .)) .Values.ingress.tls.secret.name }}
{{- end }}
+{{- end }}
diff --git a/charts/acaas/templates/selfhost/route.yaml b/charts/acaas/templates/selfhost/route.yaml
new file mode 100644
index 000000000..127609055
--- /dev/null
+++ b/charts/acaas/templates/selfhost/route.yaml
@@ -0,0 +1,30 @@
+{{ if .Values "httpRoute" "enabled" }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+ {{- with .Values.httpRoute.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: selfhost
+ namespace: {{ .Release.Namespace }}
+spec:
+ parentRefs:
+ - group: gateway.networking.k8s.io
+ kind: Gateway
+ name: ace
+ namespace: {{ .Release.Namespace }}
+ sectionName: https
+ hostnames:
+ - {{ .Values.global.platform.host }}
+ rules:
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /selfhost
+ backendRefs:
+ - kind: Service
+ name: selfhost
+ namespace: {{ .Release.Namespace }}
+ port: 443
+{{- end }}
diff --git a/charts/acaas/values.yaml b/charts/acaas/values.yaml
index 444b700bc..de939521c 100644
--- a/charts/acaas/values.yaml
+++ b/charts/acaas/values.yaml
@@ -55,7 +55,17 @@ global:
openshift: false
ubi: ""
+httpRoute:
+ annotations: {}
+ enabled: false
+ gatewayClassName: ace
+ tls:
+ enable: true
+ secret:
+ name: "ace-cert"
+
ingress:
+ enabled: true
className: "nginx-ace"
tls:
enable: true
diff --git a/charts/ace-installer/README.md b/charts/ace-installer/README.md
index 3c1ca8a22..2a868f768 100644
--- a/charts/ace-installer/README.md
+++ b/charts/ace-installer/README.md
@@ -73,6 +73,8 @@ The following table lists the configurable parameters of the `ace-installer` cha
| helm.releases.aceshifter.version | | "v2026.1.15" |
| helm.releases.capi-catalog.enabled | | false |
| helm.releases.capi-catalog.version | | "v2024.10.24" |
+| helm.releases.catalog-manager.enabled | | false |
+| helm.releases.catalog-manager.version | | "v2026.1.15" |
| helm.releases.cert-manager.enabled | | true |
| helm.releases.cert-manager.version | | "v1.19.2" |
| helm.releases.cert-manager-csi-driver-cacerts.enabled | | true |
@@ -99,6 +101,8 @@ The following table lists the configurable parameters of the `ace-installer` cha
| helm.releases.panopticon.values | | {"monitoring":{"agent":"prometheus.io/operator","enabled":true,"serviceMonitor":{"labels":{"release":"kube-prometheus-stack"}}}} |
| helm.releases.reloader.enabled | | true |
| helm.releases.reloader.version | | "1.0.79" |
+| helm.releases.service-gateway-presets.enabled | | false |
+| helm.releases.service-gateway-presets.version | | "v2026.1.15" |
| helm.releases.stash-presets.enabled | | false |
| helm.releases.stash-presets.version | | "v2026.1.15" |
| helm.releases.cluster-manager-spoke.enabled | | false |
diff --git a/charts/ace-installer/templates/featuresets/saas-core/catalog-manager.yaml b/charts/ace-installer/templates/featuresets/saas-core/catalog-manager.yaml
new file mode 100644
index 000000000..370728e71
--- /dev/null
+++ b/charts/ace-installer/templates/featuresets/saas-core/catalog-manager.yaml
@@ -0,0 +1,53 @@
+{{- with (index .Values "helm" "releases" "catalog-manager") }}
+{{- if .enabled }}
+
+{{ $defaults := dict "registryFQDN" (include "registry.ghcr" $) }}
+
+{{ $vals := dig "values" dict . }}
+{{ $vals = mergeOverwrite $defaults $vals }}
+
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ name: catalog-manager
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ app.kubernetes.io/component: catalog-manager
+ app.kubernetes.io/part-of: saas-core
+spec:
+ interval: 5m
+ timeout: 30m
+ releaseName: catalog-manager
+ targetNamespace: envoy-gateway-system
+ storageNamespace: envoy-gateway-system
+ install:
+ createNamespace: {{ $.Values.helm.createNamespace }}
+ remediation:
+ retries: -1
+ upgrade:
+ crds: CreateReplace
+ remediation:
+ retries: -1
+ dependsOn:
+ - name: kubedb
+ namespace: {{ $.Release.Namespace }}
+ {{- if (dig "cert-manager" "enabled" false $.Values.helm.releases) }}
+ - name: cert-manager
+ namespace: {{ $.Release.Namespace }}
+ {{- end }}
+ chart:
+ spec:
+ chart: catalog-manager
+ version: {{ .version | quote }}
+ interval: 60m
+ sourceRef:
+ kind: HelmRepository
+ name: appscode-charts-oci
+ namespace: {{ $.Release.Namespace }}
+
+{{- with $vals }}
+ {{- dict "values" . | toYaml | nindent 2 }}
+{{- end }}
+
+{{- end }}
+{{- end }}
diff --git a/charts/ace-installer/templates/featuresets/saas-core/service-gateway-presets.yaml b/charts/ace-installer/templates/featuresets/saas-core/service-gateway-presets.yaml
new file mode 100644
index 000000000..39d13345d
--- /dev/null
+++ b/charts/ace-installer/templates/featuresets/saas-core/service-gateway-presets.yaml
@@ -0,0 +1,53 @@
+{{- with (index .Values "helm" "releases" "service-gateway-presets") }}
+{{- if .enabled }}
+
+{{ $defaults := dict "registryFQDN" (include "registry.ghcr" $) }}
+
+{{ $vals := dig "values" dict . }}
+{{ $vals = mergeOverwrite $defaults $vals }}
+
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ name: service-gateway-presets
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ app.kubernetes.io/component: service-gateway-presets
+ app.kubernetes.io/part-of: saas-core
+spec:
+ interval: 5m
+ timeout: 30m
+ releaseName: service-gateway-presets
+ targetNamespace: ace-gw
+ storageNamespace: ace-gw
+ install:
+ createNamespace: {{ $.Values.helm.createNamespace }}
+ remediation:
+ retries: -1
+ upgrade:
+ crds: CreateReplace
+ remediation:
+ retries: -1
+ dependsOn:
+ - name: catalog-manager
+ namespace: {{ $.Release.Namespace }}
+ {{- if (dig "cert-manager" "enabled" false $.Values.helm.releases) }}
+ - name: cert-manager
+ namespace: {{ $.Release.Namespace }}
+ {{- end }}
+ chart:
+ spec:
+ chart: service-gateway-presets
+ version: {{ .version | quote }}
+ interval: 60m
+ sourceRef:
+ kind: HelmRepository
+ name: appscode-charts-oci
+ namespace: {{ $.Release.Namespace }}
+
+{{- with $vals }}
+ {{- dict "values" . | toYaml | nindent 2 }}
+{{- end }}
+
+{{- end }}
+{{- end }}
diff --git a/charts/ace-installer/values.yaml b/charts/ace-installer/values.yaml
index 8429e33ae..e1ae28358 100644
--- a/charts/ace-installer/values.yaml
+++ b/charts/ace-installer/values.yaml
@@ -59,6 +59,9 @@ helm:
capi-catalog:
enabled: false
version: "v2024.10.24"
+ catalog-manager:
+ enabled: false
+ version: "v2026.1.15"
cert-manager:
enabled: true
version: "v1.19.2"
@@ -119,6 +122,9 @@ helm:
reloader:
enabled: true
version: "1.0.79"
+ service-gateway-presets:
+ enabled: false
+ version: "v2026.1.15"
stash-presets:
enabled: false
version: "v2026.1.15"
@@ -143,6 +149,7 @@ selfManagement:
enableFeatures: []
disableFeatures: []
useGateway: false
+
precheck:
enabled: true
# Docker registry containing app image
diff --git a/charts/ace/templates/gateway/gateway.yaml b/charts/ace/templates/gateway/gateway.yaml
new file mode 100644
index 000000000..07e765815
--- /dev/null
+++ b/charts/ace/templates/gateway/gateway.yaml
@@ -0,0 +1,25 @@
+{{ if .Values "httpRoute" "enabled" }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+ name: {{ include "ace.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "ace.labels" . | nindent 4 }}
+spec:
+ gatewayClassName: {{ .Values.httpRoute.gatewayClassName }}
+ listeners:
+ - name: https
+ protocol: HTTPS
+ port: 443
+ tls:
+ mode: Terminate
+ certificateRefs:
+ - group: ""
+ kind: Secret
+ name: {{ include "ace.fullname" . }}-cert
+ namespace: {{ .Release.Namespace }}
+ allowedRoutes:
+ namespaces:
+ from: Same
+{{- end }}
diff --git a/charts/ace/templates/gateway/route-home.yaml b/charts/ace/templates/gateway/route-home.yaml
new file mode 100644
index 000000000..5fc545070
--- /dev/null
+++ b/charts/ace/templates/gateway/route-home.yaml
@@ -0,0 +1,42 @@
+{{ if and (index .Values "httpRoute" "enabled") (index .Values "platform-ui" "enabled") (not (eq .Values.global.platform.deploymentType "Hosted")) }}
+
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+ name: {{ include "ace.fullname" . }}-home
+ namespace: {{ .Release.Namespace }}
+ {{- with .Values.httpRoute.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ parentRefs:
+ - group: gateway.networking.k8s.io
+ kind: Gateway
+ name: {{ include "ace.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ sectionName: https
+ {{- if eq .Values.global.platform.hostType "domain" }}
+ hostnames:
+ - {{ .Values.global.platform.host }}
+ {{- end }}
+ rules:
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /
+ filters:
+ - type: URLRewrite
+ urlRewrite:
+ path:
+ type: ReplaceFullPath
+ replaceFullPath: /accounts/selfhost-home
+ backendRefs:
+ - group: ""
+ kind: Service
+ name: {{ include "ace.fullname" . }}-platform-api
+ namespace: {{ .Release.Namespace }}
+ port: 80
+ weight: 1
+
+{{- end }}
diff --git a/charts/ace/templates/gateway/route-main.yaml b/charts/ace/templates/gateway/route-main.yaml
new file mode 100644
index 000000000..af0cda245
--- /dev/null
+++ b/charts/ace/templates/gateway/route-main.yaml
@@ -0,0 +1,101 @@
+{{ if (index .Values "httpRoute" "enabled") }}
+
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+ name: {{ include "ace.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ {{- with .Values.httpRoute.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ parentRefs:
+ - group: gateway.networking.k8s.io
+ kind: Gateway
+ name: {{ include "ace.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ sectionName: https
+ {{- if eq .Values.global.platform.hostType "domain" }}
+ hostnames:
+ - {{ .Values.global.platform.host }}
+ {{- end }}
+ rules:
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /api
+ backendRefs:
+ - group: ""
+ kind: Service
+ name: {{ include "ace.fullname" . }}-platform-api
+ namespace: {{ .Release.Namespace }}
+ port: 80
+ weight: 1
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /accounts
+ backendRefs:
+ - group: ""
+ kind: Service
+ name: {{ include "ace.fullname" . }}-platform-api
+ namespace: {{ .Release.Namespace }}
+ port: 80
+ weight: 1
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /console
+ backendRefs:
+ - group: ""
+ kind: Service
+ name: {{ include "ace.fullname" . }}-cluster-ui
+ namespace: {{ .Release.Namespace }}
+ port: 80
+ weight: 1
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /db
+ backendRefs:
+ - group: ""
+ kind: Service
+ name: {{ include "ace.fullname" . }}-kubedb-ui
+ namespace: {{ .Release.Namespace }}
+ port: 80
+ weight: 1
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /id
+ backendRefs:
+ - group: ""
+ kind: Service
+ name: {{ include "ace.fullname" . }}-platform-ui
+ namespace: {{ .Release.Namespace }}
+ port: 80
+ weight: 1
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /grafana
+ backendRefs:
+ - group: ""
+ kind: Service
+ name: {{ include "ace.fullname" . }}-grafana
+ namespace: {{ .Release.Namespace }}
+ port: 80
+ weight: 1
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /prometheus
+ backendRefs:
+ - group: ""
+ kind: Service
+ name: {{ include "ace.fullname" . }}-trickster
+ namespace: {{ .Release.Namespace }}
+ port: 4000
+ weight: 1
+{{- end }}
diff --git a/charts/ace/templates/gateway/route-nats.yaml b/charts/ace/templates/gateway/route-nats.yaml
new file mode 100644
index 000000000..81d78c0b0
--- /dev/null
+++ b/charts/ace/templates/gateway/route-nats.yaml
@@ -0,0 +1,42 @@
+{{ if (and (index .Values "httpRoute" "enabled") (and .Values.nats.enabled (not .Values.nats.nats.externalAccess))) }}
+
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+ name: {{ include "ace.fullname" . }}-nats
+ namespace: {{ .Release.Namespace }}
+ {{- with .Values.httpRoute.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ parentRefs:
+ - group: gateway.networking.k8s.io
+ kind: Gateway
+ name: {{ include "ace.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ sectionName: https
+ {{- if eq .Values.global.platform.hostType "domain" }}
+ hostnames:
+ - {{ .Values.global.platform.host }}
+ {{- end }}
+ rules:
+ - matches:
+ - path:
+ type: PathPrefix
+ value: /nats # /nats(/|$)(.*)
+ filters:
+ - type: URLRewrite
+ urlRewrite:
+ path:
+ type: ReplacePrefixMatch
+ replacePrefixMatch: /
+ backendRefs:
+ - group: ""
+ kind: Service
+ name: {{ include "ace.fullname" . }}-nats
+ namespace: {{ .Release.Namespace }}
+ port: 443
+ weight: 1
+
+{{- end }}
diff --git a/charts/ace/templates/ingress/issuer.yaml b/charts/ace/templates/ingress/issuer.yaml
index c032ed6a6..1c96ba12e 100644
--- a/charts/ace/templates/ingress/issuer.yaml
+++ b/charts/ace/templates/ingress/issuer.yaml
@@ -70,9 +70,19 @@ spec:
{{- else }}
# Use ACEM http challenge for everything else
http01:
+ {{ if (index .Values "httpRoute" "enabled") }}
+ gatewayHTTPRoute:
+ parentRefs:
+ - group: gateway.networking.k8s.io
+ kind: Gateway
+ name: {{ include "ace.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ sectionName: api
+ {{- else }}
ingress:
ingressClassName: {{ index .Values "ingress-nginx" "controller" "ingressClassResource" "name" }}
serviceType: ClusterIP
+ {{- end }}
{{- end }}
{{- end }}
{{- end }}
diff --git a/charts/ace/values.yaml b/charts/ace/values.yaml
index 8f5b92f93..ad925b473 100644
--- a/charts/ace/values.yaml
+++ b/charts/ace/values.yaml
@@ -17,6 +17,15 @@ kubedb-ui:
platform-api:
enabled: false
+httpRoute:
+ annotations: {}
+ enabled: false
+ gatewayClassName: ace
+ tls:
+ enable: true
+ secret:
+ name: "ace-cert"
+
ingress-nginx:
enabled: false
# controller: