feat: Add Gateway API support to Helm chart (HTTPRoute)

[dtherhtun]

Relevant issues

Fixes #24973

Pre-Submission checklist

Please complete all items before asking a LiteLLM maintainer to review your PR

• I have Added testing in the deploy/charts/litellm-helm/tests/http_route_tests.yaml directory, Adding at least 1 test is a hard requirement - see details
• My PR passes all unit tests on helm unittest -f 'tests/*.yaml' deploy/charts/litellm-helm
• My PR's scope is as isolated as possible, it only solves 1 specific problem
• I have requested a Greptile review by commenting @greptileai and received a Confidence Score of at least 4/5 before requesting a maintainer review

Type

🆕 New Feature
🚄 Infrastructure

Changes

Added optional support for Kubernetes Gateway API in the Helm chart
Introduced templates for:

• HTTPRoute

Added new httpRoute configuration block in values.yaml:
httpRoute.enabled flag to toggle the feature
Configurable fields for HTTPRoute resources
Ensured Gateway API resources are only created when explicitly enabled
Maintained backward compatibility by keeping Ingress as the default behavior

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
litellm	Ready	Preview, Comment	Apr 10, 2026 9:02am

[CLAassistant]

All committers have signed the CLA.

[codspeed-hq]

Merging this PR will not alter performance

✅ 16 untouched benchmarks

---

_{Comparing dtherhtun:main (ec44821) with main (9e6d2d2)}

[greptile-apps]

Greptile Summary

This PR adds optional Kubernetes Gateway API support (HTTPRoute) to the LiteLLM Helm chart, gated behind httpRoute.enabled: false so existing Ingress users are unaffected. All previous review concerns have been addressed: gatewayName now defaults to "" so the required guard fires at render time, and gatewayNamespace (and all other optional parentRef fields) are conditionally rendered with {{- with }} blocks.

Confidence Score: 5/5

Safe to merge — all previous review concerns are resolved, the feature is fully opt-in, and tests cover the key scenarios.

All four prior review issues (missing required guard, non-empty default for gatewayName, unconditional namespace rendering, misleading comment indentation) have been addressed. No new P0/P1 issues found; remaining observations are at most P2 style points already captured in previous threads.

No files require special attention.

Important Files Changed

Filename	Overview
deploy/charts/litellm-helm/templates/httproute.yaml	New HTTPRoute template with required guard on gatewayName, conditional rendering for all optional parentRef fields, and correct use of $ scope in range loop.
deploy/charts/litellm-helm/tests/http_route_tests.yaml	Comprehensive helm unit tests covering disabled-by-default, parentRefs, hostnames, annotations, custom matches/backendRefs; all are mock-only (no network calls).
deploy/charts/litellm-helm/values.yaml	New httpRoute block added with gatewayName: "" default ensuring the required guard fires, all optional fields empty by default, and enabled: false preserving backward compatibility.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[helm install / upgrade] --> B{httpRoute.enabled?}
    B -- false --> C[No HTTPRoute rendered\nIngress used as before]
    B -- true --> D{gatewayName set?}
    D -- no / empty --> E[Helm required helper\nfails with clear error]
    D -- yes --> F[Render HTTPRoute v1]
    F --> G[parentRefs: name + optional namespace/group/kind/sectionName]
    F --> H{httpRoute.hostnames set?}
    H -- yes --> I[spec.hostnames rendered]
    H -- no --> J[no hostnames field]
    F --> K{httpRoute.rules set?}
    K -- yes --> L[Iterate rules\ndefault matches/backendRefs if omitted]
    K -- no --> M[Default rule:\nPathPrefix / → litellm service:port]

Loading

_{Reviews (5): Last reviewed commit: "fix: update comment as AI said" | Re-trigger Greptile}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[ShashankFC]

Agentic Code Review

✅ LGTM — No significant issues found in PR #24979.

[ShashankFC]

Agentic Code Review

🚨 Needs Changes — ⚠️ 1 major

---

deploy/charts/litellm-helm/values.yaml

• ⚠️ [MAJOR] Lines 149–161: The diff adds rules: [] twice within the same httpRoute mapping block, with separate comment blocks between them. YAML does not allow duplicate keys in a mapping — most parsers silently take the last value, discarding the first and making its accompanying example comments (# - matches: # - path: # type: PathPrefix) orphaned and invisible. The final committed file confirms only one rules: [] survives at line 149, with only the tail comments (# backendRefs: ...) remaining. The first example comment block showing the matches/path structure is entirely lost. The duplicate key should be removed and the two example comment blocks should be merged under a single rules: [] definition.

  confidence=7 Diff patch explicitly shows two + rules: [] lines with separate comment blocks between them. file_read of the committed file (line 149) confirms only one rules: [] is present, and the example comments at lines 150-152 are only the backendRefs portion — the path/matches example from the first block is missing.

---

Generated by Agentic Reviewer · model: us.anthropic.claude-sonnet-4-6

[greptile-apps]

Tip:

Greploop — Automatically fix all review issues by running /greploops in Claude Code. It iterates: fix, push, re-review, repeat until 5/5 confidence.

Use the Greptile plugin for Claude Code to query reviews, search comments, and manage custom context directly from your terminal.

[ShashankFC]

Agentic Code Review

🚨 Needs Changes — ⚠️ 3 major

---

deploy/charts/litellm-helm/templates/httproute.yaml

• ⚠️ [MAJOR] Line 14: Missing required validation on gatewayName: when httpRoute.enabled=true but gatewayName is left at its default empty string, the template silently renders name: "" in parentRefs, producing an invalid HTTPRoute that Kubernetes will reject. Add {{ required "httpRoute.gatewayName is required when httpRoute.enabled is true" .Values.httpRoute.gatewayName }} to catch this at helm template/helm install time instead of at apply time.

  confidence=7 file_read line 14 shows name: {{ .Values.httpRoute.gatewayName }} with no guard; values.yaml line 142 confirms default is gatewayName: ""; grep of tests/http_route_tests.yaml shows all 7 tests supply gatewayName explicitly and none test the empty case.

• ⚠️ [MAJOR] Line 15: The namespace field in parentRefs is always emitted, falling back to .Release.Namespace when gatewayNamespace is unset. Per the Gateway API spec, omitting namespace means "same namespace as the HTTPRoute," but explicitly setting it to the release namespace breaks cross-namespace setups where the Gateway lives in a different namespace (e.g., infra-system): the route will silently reference a non-existent Gateway in the wrong namespace. The field should be conditional — only rendered when gatewayNamespace is explicitly provided.

  confidence=7 file_read line 15: namespace: {{ default .Release.Namespace .Values.httpRoute.gatewayNamespace }}; values.yaml line 143: gatewayNamespace: ""; the unconditional fallback changes spec-defined default behavior (omit = local namespace) to always emitting a namespace value.

deploy/charts/litellm-helm/values.yaml

• ⚠️ [MAJOR] Line 142: gatewayName defaults to "" but the template renders it unconditionally as name: {{ .Values.httpRoute.gatewayName }} (httproute.yaml line 14) — no {{- required }} guard exists anywhere in the template. A user who sets httpRoute.enabled: true without supplying gatewayName will silently produce an HTTPRoute with name: "", which is rejected by the Kubernetes API server. Add a {{- required "httpRoute.gatewayName is required when httpRoute.enabled is true" .Values.httpRoute.gatewayName }} guard in the template, or at minimum add a prominent comment here marking this field as required.

  confidence=7 file_read of deploy/charts/litellm-helm/templates/httproute.yaml line 14 shows name: {{ .Values.httpRoute.gatewayName }} with no conditional/required guard. bash grep for 'required|fail' across all templates returned 0 results. values.yaml line 142 sets gatewayName: "" as default.

---

Generated by Agentic Reviewer · model: us.anthropic.claude-sonnet-4-6

[ShashankFC]

Agentic Code Review

🚨 Needs Changes — 🚨 1 critical ⚠️ 2 major

---

deploy/charts/litellm-helm/templates/httproute.yaml

• 🚨 [CRITICAL] Line 14: Missing required guard on gatewayName: if a user sets httpRoute.enabled: true without overriding gatewayName (which defaults to "" in values.yaml), the template renders name: — an empty string — producing an invalid HTTPRoute that Kubernetes will reject. Use {{ required "httpRoute.gatewayName is required when httpRoute.enabled is true" .Values.httpRoute.gatewayName }} to fail fast at render time with a clear error message.

  confidence=7 file_read line 14 shows - name: {{ .Values.httpRoute.gatewayName }} with no validation. values.yaml (file_read line 142) shows the default is gatewayName: "". The test suite (http_route_tests.yaml) always sets gatewayName explicitly and has no test covering the empty-default path.

• ⚠️ [MAJOR] Line 15: namespace is unconditionally emitted on every parentRef, defaulting to .Release.Namespace when gatewayNamespace is not set. The Gateway API spec treats an omitted namespace as "same namespace as the HTTPRoute", so the default behavior is semantically equivalent for same-namespace gateways — but emitting an explicit namespace value for a cross-namespace Gateway (where the user intentionally omits gatewayNamespace) will inject the release namespace rather than leaving it absent, potentially causing the HTTPRoute to target the wrong parent. The PR diff's original code used {{- with (default "" .Values.httpRoute.gatewayNamespace) }} to only emit namespace: when explicitly provided; the committed version changed this to always emit it.

  confidence=7 file_read line 15 shows namespace: {{ default .Release.Namespace .Values.httpRoute.gatewayNamespace }} — unconditional. values.yaml line 143 shows default gatewayNamespace: "". The diff patch shows the original template used a conditional {{- with (default "" .Values.httpRoute.gatewayNamespace) }} block, meaning the committed file diverged from the diff. No test in http_route_tests.yaml covers the case where gatewayNamespace is unset and verifies what namespace value is (or isn't) rendered.

deploy/charts/litellm-helm/values.yaml

• ⚠️ [MAJOR] Line 142: gatewayName defaults to "" but the template renders it unconditionally as name: {{ .Values.httpRoute.gatewayName }} with no required or fail guard. If a user sets httpRoute.enabled: true without providing gatewayName, Helm will silently render an HTTPRoute with name: "", producing an invalid Kubernetes resource that will be rejected by the API server at apply time. Add a {{ required "httpRoute.gatewayName is required when httpRoute.enabled is true" .Values.httpRoute.gatewayName }} guard in the template, or document this as a required field.

  confidence=7 file_read of deploy/charts/litellm-helm/templates/httproute.yaml line 14 shows - name: {{ .Values.httpRoute.gatewayName }} with no required/fail guard. grep confirmed no required or fail calls anywhere in httproute.yaml. values.yaml line 142 defaults gatewayName to empty string.

---

Generated by Agentic Reviewer · model: us.anthropic.claude-sonnet-4-6