Convert ingress to gateway

ArnobKumarSaha · tamalsaha · commit cd6c2c32a3a5 · 2026-01-27T23:22:16.000+06:00
Signed-off-by: Arnob kumar saha &lt;arnob@appscode.com&gt;
diff --git a/charts/ace-installer/README.md b/charts/ace-installer/README.md
@@ -73,6 +73,8 @@ The following table lists the configurable parameters of the `ace-installer` cha
 | helm.releases.aceshifter.version                      |                                                                | <code>"v2026.1.15"</code>                                                                                                                                                                                                                                                                                               |
 | helm.releases.capi-catalog.enabled                    |                                                                | <code>false</code>                                                                                                                                                                                                                                                                                                      |
 | helm.releases.capi-catalog.version                    |                                                                | <code>"v2024.10.24"</code>                                                                                                                                                                                                                                                                                              |
+| helm.releases.catalog-manager.enabled                 |                                                                | <code>false</code>                                                                                                                                                                                                                                                                                                      |
+| helm.releases.catalog-manager.version                 |                                                                | <code>"v2025.12.15"</code>                                                                                                                                                                                                                                                                                              |
 | helm.releases.cert-manager.enabled                    |                                                                | <code>true</code>                                                                                                                                                                                                                                                                                                       |
 | helm.releases.cert-manager.version                    |                                                                | <code>"v1.19.2"</code>                                                                                                                                                                                                                                                                                                  |
 | helm.releases.cert-manager-csi-driver-cacerts.enabled |                                                                | <code>true</code>                                                                                                                                                                                                                                                                                                       |
@@ -99,6 +101,8 @@ The following table lists the configurable parameters of the `ace-installer` cha
 | helm.releases.panopticon.values                       |                                                                | <code>{"monitoring":{"agent":"prometheus.io/operator","enabled":true,"serviceMonitor":{"labels":{"release":"kube-prometheus-stack"}}}}</code>                                                                                                                                                                           |
 | helm.releases.reloader.enabled                        |                                                                | <code>true</code>                                                                                                                                                                                                                                                                                                       |
 | helm.releases.reloader.version                        |                                                                | <code>"1.0.79"</code>                                                                                                                                                                                                                                                                                                   |
+| helm.releases.service-gateway-presets.enabled         |                                                                | <code>false</code>                                                                                                                                                                                                                                                                                                      |
+| helm.releases.service-gateway-presets.version         |                                                                | <code>"v2025.12.15"</code>                                                                                                                                                                                                                                                                                              |
 | helm.releases.stash-presets.enabled                   |                                                                | <code>false</code>                                                                                                                                                                                                                                                                                                      |
 | helm.releases.stash-presets.version                   |                                                                | <code>"v2026.1.15"</code>                                                                                                                                                                                                                                                                                               |
 | helm.releases.cluster-manager-spoke.enabled           |                                                                | <code>false</code>                                                                                                                                                                                                                                                                                                      |
diff --git a/charts/ace-installer/templates/featuresets/saas-core/catalog-manager.yaml b/charts/ace-installer/templates/featuresets/saas-core/catalog-manager.yaml
@@ -0,0 +1,53 @@
+{{- with (index .Values "helm" "releases" "catalog-manager") }}
+{{- if .enabled }}
+
+{{ $defaults := dict "registryFQDN" (include "registry.ghcr" $) }}
+
+{{ $vals := dig "values" dict . }}
+{{ $vals = mergeOverwrite $defaults $vals }}
+
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: catalog-manager
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    app.kubernetes.io/component: catalog-manager
+    app.kubernetes.io/part-of: saas-core
+spec:
+  interval: 5m
+  timeout: 30m
+  releaseName: catalog-manager
+  targetNamespace: envoy-gateway-system
+  storageNamespace: envoy-gateway-system
+  install:
+    createNamespace: {{ $.Values.helm.createNamespace }}
+    remediation:
+      retries: -1
+  upgrade:
+    crds: CreateReplace
+    remediation:
+      retries: -1
+  dependsOn:
+  - name: kubedb
+    namespace: {{ $.Release.Namespace }}
+  {{- if (dig "cert-manager" "enabled" false $.Values.helm.releases) }}
+  - name: cert-manager
+    namespace: {{ $.Release.Namespace }}
+  {{- end }}
+  chart:
+    spec:
+      chart: catalog-manager
+      version: {{ .version | quote }}
+      interval: 60m
+      sourceRef:
+        kind: HelmRepository
+        name: appscode-charts-oci
+        namespace: {{ $.Release.Namespace }}
+
+{{- with $vals }}
+  {{- dict "values" . | toYaml | nindent 2 }}
+{{- end }}
+
+{{- end }}
+{{- end }}
diff --git a/charts/ace-installer/templates/featuresets/saas-core/service-gateway-presets.yaml b/charts/ace-installer/templates/featuresets/saas-core/service-gateway-presets.yaml
@@ -0,0 +1,53 @@
+{{- with (index .Values "helm" "releases" "service-gateway-presets") }}
+{{- if .enabled }}
+
+{{ $defaults := dict "registryFQDN" (include "registry.ghcr" $) }}
+
+{{ $vals := dig "values" dict . }}
+{{ $vals = mergeOverwrite $defaults $vals }}
+
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: service-gateway-presets
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    app.kubernetes.io/component: service-gateway-presets
+    app.kubernetes.io/part-of: saas-core
+spec:
+  interval: 5m
+  timeout: 30m
+  releaseName: service-gateway-presets
+  targetNamespace: ace-gw
+  storageNamespace: ace-gw
+  install:
+    createNamespace: {{ $.Values.helm.createNamespace }}
+    remediation:
+      retries: -1
+  upgrade:
+    crds: CreateReplace
+    remediation:
+      retries: -1
+  dependsOn:
+  - name: catalog-manager
+    namespace: {{ $.Release.Namespace }}
+  {{- if (dig "cert-manager" "enabled" false $.Values.helm.releases) }}
+  - name: cert-manager
+    namespace: {{ $.Release.Namespace }}
+  {{- end }}
+  chart:
+    spec:
+      chart: service-gateway-presets
+      version: {{ .version | quote }}
+      interval: 60m
+      sourceRef:
+        kind: HelmRepository
+        name: appscode-charts-oci
+        namespace: {{ $.Release.Namespace }}
+
+{{- with $vals }}
+  {{- dict "values" . | toYaml | nindent 2 }}
+{{- end }}
+
+{{- end }}
+{{- end }}
diff --git a/charts/ace-installer/values.yaml b/charts/ace-installer/values.yaml
@@ -59,6 +59,9 @@ helm:
     capi-catalog:
       enabled: false
       version: "v2024.10.24"
+    catalog-manager:
+      enabled: false
+      version: "v2025.12.15"
     cert-manager:
       enabled: true
       version: "v1.19.2"
@@ -119,6 +122,9 @@ helm:
     reloader:
       enabled: true
       version: "1.0.79"
+    service-gateway-presets:
+      enabled: false
+      version: "v2025.12.15"
     stash-presets:
       enabled: false
       version: "v2026.1.15"
@@ -143,6 +149,7 @@ selfManagement:
   enableFeatures: []
   disableFeatures: []
   useGateway: false
+
 precheck:
   enabled: true
   # Docker registry containing app image
diff --git a/charts/ace/templates/gateway/gateway.yaml b/charts/ace/templates/gateway/gateway.yaml
@@ -0,0 +1,23 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: {{ include "ace.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "ace.labels" . | nindent 4 }}
+spec:
+  gatewayClassName: ace
+  listeners:
+  - name: https
+    protocol: HTTPS
+    port: 443
+    tls:
+      mode: Terminate
+      certificateRefs:
+      - group: ""
+        kind: Secret
+        name: {{ include "ace.fullname" . }}-cert
+        namespace: {{ .Release.Namespace }}
+    allowedRoutes:
+      namespaces:
+        from: Same
diff --git a/charts/ace/templates/gateway/route-home.yaml b/charts/ace/templates/gateway/route-home.yaml
@@ -0,0 +1,34 @@
+{{ if and (index .Values "setupJob" "config" "selfManagement" "useGateway") (index .Values "platform-ui" "enabled") (not (eq .Values.global.platform.deploymentType "Hosted")) }}
+
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ include "ace.fullname" . }}-home
+  namespace: {{ .Release.Namespace }}
+spec:
+  parentRefs:
+  - group: gateway.networking.k8s.io
+    kind: Gateway
+    name: {{ include "ace.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+    sectionName: https
+  rules:
+  - matches:
+      - path:
+          type: PathPrefix
+          value: /
+    filters:
+    - type: URLRewrite
+      urlRewrite:
+        path:
+          type: ReplaceFullPath
+          replaceFullPath: /accounts/selfhost-home
+    backendRefs:
+    - group: ""
+      kind: Service
+      name: {{ include "ace.fullname" . }}-platform-api
+      namespace: {{ .Release.Namespace }}
+      port: 80
+      weight: 1
+
+{{- end }}
diff --git a/charts/ace/templates/gateway/route-main.yaml b/charts/ace/templates/gateway/route-main.yaml
@@ -0,0 +1,93 @@
+{{ if (index .Values "setupJob" "config" "selfManagement" "useGateway") }}
+
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ include "ace.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  parentRefs:
+  - group: gateway.networking.k8s.io
+    kind: Gateway
+    name: {{ include "ace.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+    sectionName: https
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /api
+    backendRefs:
+    - group: ""
+      kind: Service
+      name: {{ include "ace.fullname" . }}-platform-api
+      namespace: {{ .Release.Namespace }}
+      port: 80
+      weight: 1
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /accounts
+    backendRefs:
+    - group: ""
+      kind: Service
+      name: {{ include "ace.fullname" . }}-platform-api
+      namespace: {{ .Release.Namespace }}
+      port: 80
+      weight: 1
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /console
+    backendRefs:
+    - group: ""
+      kind: Service
+      name: {{ include "ace.fullname" . }}-cluster-ui
+      namespace: {{ .Release.Namespace }}
+      port: 80
+      weight: 1
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /db
+    backendRefs:
+    - group: ""
+      kind: Service
+      name: {{ include "ace.fullname" . }}-kubedb-ui
+      namespace: {{ .Release.Namespace }}
+      port: 80
+      weight: 1
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /id
+    backendRefs:
+    - group: ""
+      kind: Service
+      name: {{ include "ace.fullname" . }}-platform-ui
+      namespace: {{ .Release.Namespace }}
+      port: 80
+      weight: 1
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /grafana
+    backendRefs:
+    - group: ""
+      kind: Service
+      name: {{ include "ace.fullname" . }}-grafana
+      namespace: {{ .Release.Namespace }}
+      port: 80
+      weight: 1
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /prometheus
+    backendRefs:
+    - group: ""
+      kind: Service
+      name: {{ include "ace.fullname" . }}-trickster
+      namespace: {{ .Release.Namespace }}
+      port: 4000
+      weight: 1
+{{- end }}
diff --git a/charts/ace/templates/gateway/route-nats.yaml b/charts/ace/templates/gateway/route-nats.yaml
@@ -0,0 +1,34 @@
+{{ if (and (index .Values "setupJob" "config" "selfManagement" "useGateway") (and .Values.nats.enabled (not .Values.nats.nats.externalAccess))) }}
+
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ include "ace.fullname" . }}-nats
+  namespace: {{ .Release.Namespace }}
+spec:
+  parentRefs:
+  - group: gateway.networking.k8s.io
+    kind: Gateway
+    name: {{ include "ace.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+    sectionName: https
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /nats # /nats(/|$)(.*)
+    filters:
+    - type: URLRewrite
+      urlRewrite:
+        path:
+          type: ReplacePrefixMatch
+          replacePrefixMatch: /
+    backendRefs:
+    - group: ""
+      kind: Service
+      name: {{ include "ace.fullname" . }}-nats
+      namespace: {{ .Release.Namespace }}
+      port: 443
+      weight: 1
+
+{{- end }}
diff --git a/charts/ace/templates/ingress/issuer.yaml b/charts/ace/templates/ingress/issuer.yaml
@@ -70,6 +70,13 @@ spec:
       {{- else }}
       # Use ACEM http challenge for everything else
       http01:
+        gatewayHTTPRoute:
+          parentRefs:
+          - group: gateway.networking.k8s.io
+            kind: Gateway
+            name: {{ include "ace.fullname" . }}
+            namespace: {{ .Release.Namespace }}
+            sectionName: api
         ingress:
           ingressClassName: {{ index .Values "ingress-nginx" "controller" "ingressClassResource" "name" }}
           serviceType: ClusterIP
