Skip to content

feat: add Gateway API HTTPRoute support & existing secret for DB credentials #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
aagarwal-apexanalytix wants to merge 3 commits into
base: master
Choose a base branch
from
Open

feat: add Gateway API HTTPRoute support & existing secret for DB credentials #70

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
190e875
feat: add Gateway API HTTPRoute support
aagarwal-apexanalytix Feb 19, 2026
07ab675
fix: default db.sslmode to require for secure PostgreSQL connections
aagarwal-apexanalytix Feb 19, 2026
65eb173
feat: support existing Kubernetes secret for DB credentials
aagarwal-apexanalytix Feb 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions templates/configmap.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,13 @@ data:
MQ_USERNAME: "{{ .Values.mq.username }}"
LICENSE_KEY: "{{ .Values.server.ee.licensekey }}" # needed if EE
NETMAKER_TENANT_ID: "{{ .Values.server.ee.tenantId }}" # needed if EE
{{- if not .Values.db.existingSecret.enabled }}
SQL_HOST: "{{ $dbHost }}"
SQL_PORT: "{{ .Values.db.port }}"
SQL_DB: "{{ .Values.db.database }}"
SQL_USER: "{{ .Values.db.username }}"
SQL_PASS: "{{ .Values.db.password }}"
{{- end }}
SQL_SSL_MODE: "{{ .Values.db.sslmode }}"
JWT_VALIDITY_DURATION: "{{ .Values.server.jwtDuration }}"
RAC_AUTO_DISABLE: "{{ .Values.server.racAutoDisable }}"
Expand Down
81 changes: 81 additions & 0 deletions templates/httproute.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
{{- if .Values.gateway.enabled -}}
{{- $fullName := include "netmaker.fullname" . -}}
{{- $fullUIName := printf "%s-%s" $fullName "ui" -}}
{{- $fullRESTName := printf "%s-%s" $fullName "rest" -}}
{{- $fullMQName := printf "%s-%s" $fullName "mqtt" -}}
{{- $uiSvcPort := .Values.service.uiPort -}}
{{- $restSvcPort := .Values.service.restPort -}}
{{- $mqSvcPort := 8883 -}}
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: {{ $fullName }}-broker
labels:
{{- include "netmaker.labels" . | nindent 4 }}
{{- with .Values.gateway.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
parentRefs:
{{- toYaml .Values.gateway.parentRefs | nindent 4 }}
hostnames:
- "{{ .Values.ingress.hostPrefix.broker }}.{{ .Values.baseDomain }}"
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: {{ $fullMQName }}
port: {{ $mqSvcPort }}
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: {{ $fullName }}-api
labels:
{{- include "netmaker.labels" . | nindent 4 }}
{{- with .Values.gateway.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
parentRefs:
{{- toYaml .Values.gateway.parentRefs | nindent 4 }}
hostnames:
- "{{ .Values.ingress.hostPrefix.rest }}.{{ .Values.baseDomain }}"
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: {{ $fullRESTName }}
port: {{ $restSvcPort }}
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: {{ $fullName }}-dashboard
labels:
{{- include "netmaker.labels" . | nindent 4 }}
{{- with .Values.gateway.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
parentRefs:
{{- toYaml .Values.gateway.parentRefs | nindent 4 }}
hostnames:
- "{{ .Values.ingress.hostPrefix.ui }}.{{ .Values.baseDomain }}"
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: {{ $fullUIName }}
port: {{ $uiSvcPort }}
{{- end }}
28 changes: 28 additions & 0 deletions templates/mq.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,34 @@ spec:
envFrom:
- configMapRef:
name: {{ include "netmaker.fullname" . }}-env
{{- if .Values.db.existingSecret.enabled }}
env:
- name: SQL_HOST
valueFrom:
secretKeyRef:
name: {{ .Values.db.existingSecret.name }}
key: {{ .Values.db.existingSecret.keys.host }}
- name: SQL_PORT
valueFrom:
secretKeyRef:
name: {{ .Values.db.existingSecret.name }}
key: {{ .Values.db.existingSecret.keys.port }}
- name: SQL_USER
valueFrom:
secretKeyRef:
name: {{ .Values.db.existingSecret.name }}
key: {{ .Values.db.existingSecret.keys.username }}
- name: SQL_PASS
valueFrom:
secretKeyRef:
name: {{ .Values.db.existingSecret.name }}
key: {{ .Values.db.existingSecret.keys.password }}
- name: SQL_DB
valueFrom:
secretKeyRef:
name: {{ .Values.db.existingSecret.name }}
key: {{ .Values.db.existingSecret.keys.database }}
{{- end }}
image: eclipse-mosquitto:2.0.11-openssl
command: ["/mosquitto/config/wait.sh"]
imagePullPolicy: Always
Expand Down
28 changes: 28 additions & 0 deletions templates/netmaker-statefulset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,34 @@ spec:
envFrom:
- configMapRef:
name: {{ include "netmaker.fullname" . }}-env
{{- if .Values.db.existingSecret.enabled }}
env:
- name: SQL_HOST
valueFrom:
secretKeyRef:
name: {{ .Values.db.existingSecret.name }}
key: {{ .Values.db.existingSecret.keys.host }}
- name: SQL_PORT
valueFrom:
secretKeyRef:
name: {{ .Values.db.existingSecret.name }}
key: {{ .Values.db.existingSecret.keys.port }}
- name: SQL_USER
valueFrom:
secretKeyRef:
name: {{ .Values.db.existingSecret.name }}
key: {{ .Values.db.existingSecret.keys.username }}
- name: SQL_PASS
valueFrom:
secretKeyRef:
name: {{ .Values.db.existingSecret.name }}
key: {{ .Values.db.existingSecret.keys.password }}
- name: SQL_DB
valueFrom:
secretKeyRef:
name: {{ .Values.db.existingSecret.name }}
key: {{ .Values.db.existingSecret.keys.database }}
{{- end }}
image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}"
imagePullPolicy: {{ .Values.server.image.pullPolicy }}
ports:
Expand Down
24 changes: 24 additions & 0 deletions values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,18 @@ ingress:
ui: "dashboard"
broker: "broker"
rest: "api"

gateway:
# -- create Gateway API HTTPRoutes instead of (or in addition to) Ingress
enabled: false
# -- annotations to add to HTTPRoute resources
annotations: {}
# -- parent Gateway references (list)
parentRefs:
- name: ""
namespace: ""
sectionName: https

db:
type: "postgres"
host: ""
Expand All @@ -133,6 +145,18 @@ db:
database: netmaker
# -- postgres sslmode (disable, require, verify-ca, verify-full)
sslmode: disable
# -- use an existing Kubernetes secret for DB credentials instead of values above
existingSecret:
enabled: false
# -- name of the existing secret
name: ""
# -- key mappings: maps each DB parameter to a key in the secret
keys:
host: "pgbouncer-host"
port: "pgbouncer-port"
username: "user"
password: "password"
database: "dbname"

postgresql-ha:
# -- whether to install PostgreSQL HA as a dependency
Expand Down