diff --git a/charts/trino/README.md b/charts/trino/README.md index f9bc0bde..89cefb91 100644 --- a/charts/trino/README.md +++ b/charts/trino/README.md @@ -969,6 +969,68 @@ Fast distributed SQL query engine for big data analytics that helps you explore hosts: - chart-example.local ``` +* `gateway.enabled` - bool, default: `false` + + Set to true to create HTTPRoute resources for [Kubernetes Gateway API](https://gateway-api.sigs.k8s.io/). The Gateway API is the successor to the Ingress API and provides more advanced routing capabilities. + > [!NOTE] + > - Requires Gateway API CRDs to be installed in the cluster + > - Not recommended to use together with `ingress.enabled` (choose one or the other) + > - Requires a Gateway resource to be configured separately +* `gateway.annotations` - object, default: `{}` + + Annotations to add to the HTTPRoute resource. + Example: + ```yaml + gateway.networking.k8s.io/example: "value" + ``` +* `gateway.parentRefs` - list, default: `[]` + + References to the Gateway resources that this HTTPRoute should attach to. + Example: + ```yaml + - name: trino-gateway + namespace: gateway-system + sectionName: https + ``` +* `gateway.hostnames` - list, default: `[]` + + Hostnames to match for routing traffic. + Example: + ```yaml + - trino.example.com + - trino-prod.example.com + ``` +* `gateway.rules` - list, default: `[]` + + HTTPRoute rules for routing traffic to Trino. Each rule can use either the simplified `path` format for basic routing, or the full `matches` format for advanced use cases. + Simple path-based routing example: + ```yaml + - path: + type: PathPrefix + value: / + filters: + - type: RequestHeaderModifier + requestHeaderModifier: + set: + - name: X-Forwarded-Proto + value: https + ``` + Advanced matching example with headers: + ```yaml + - matches: + - path: + type: PathPrefix + value: /ui + headers: + - name: X-Custom-Header + value: custom-value + filters: + - type: RequestHeaderModifier + requestHeaderModifier: + set: + - name: X-Forwarded-Proto + value: https + ``` * `networkPolicy.enabled` - bool, default: `false` Set to true to enable Trino pod protection with a [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/). By default, the NetworkPolicy will only allow Trino pods to communicate with each other. diff --git a/charts/trino/templates/httproute.yaml b/charts/trino/templates/httproute.yaml new file mode 100644 index 00000000..e4b666a0 --- /dev/null +++ b/charts/trino/templates/httproute.yaml @@ -0,0 +1,43 @@ +{{- if .Values.gateway.enabled -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ template "trino.coordinator" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + {{- with .Values.gateway.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.gateway.parentRefs }} + parentRefs: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.gateway.hostnames }} + hostnames: + {{- toYaml . | nindent 4 }} + {{- end }} + rules: + {{- range .Values.gateway.rules }} + - matches: + {{- if .matches }} + {{- toYaml .matches | nindent 8 }} + {{- else }} + - path: + type: {{ .path.type | default "PathPrefix" }} + value: {{ .path.value | default "/" }} + {{- end }} + {{- if .filters }} + filters: + {{- toYaml .filters | nindent 8 }} + {{- end }} + backendRefs: + - name: {{ include "trino.fullname" $ }} + port: {{ if $.Values.server.config.https.enabled }}{{ $.Values.server.config.https.port }}{{ else }}{{ $.Values.service.port }}{{ end }} + {{- if .weight }} + weight: {{ .weight }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/trino/values.yaml b/charts/trino/values.yaml index 631d39ca..ffc1634b 100644 --- a/charts/trino/values.yaml +++ b/charts/trino/values.yaml @@ -1180,6 +1180,73 @@ ingress: # - chart-example.local # ``` +gateway: + # gateway.enabled -- Set to true to create HTTPRoute resources for [Kubernetes Gateway API](https://gateway-api.sigs.k8s.io/). + # The Gateway API is the successor to the Ingress API and provides more advanced routing capabilities. + # @raw + # > [!NOTE] + # > - Requires Gateway API CRDs to be installed in the cluster + # > - Not recommended to use together with `ingress.enabled` (choose one or the other) + # > - Requires a Gateway resource to be configured separately + enabled: false + annotations: {} + # gateway.annotations -- Annotations to add to the HTTPRoute resource. + # @raw + # Example: + # ```yaml + # gateway.networking.k8s.io/example: "value" + # ``` + parentRefs: [] + # gateway.parentRefs -- References to the Gateway resources that this HTTPRoute should attach to. + # @raw + # Example: + # ```yaml + # - name: trino-gateway + # namespace: gateway-system + # sectionName: https + # ``` + hostnames: [] + # gateway.hostnames -- Hostnames to match for routing traffic. + # @raw + # Example: + # ```yaml + # - trino.example.com + # - trino-prod.example.com + # ``` + rules: [] + # gateway.rules -- HTTPRoute rules for routing traffic to Trino. + # Each rule can use either the simplified `path` format for basic routing, + # or the full `matches` format for advanced use cases. + # @raw + # Simple path-based routing example: + # ```yaml + # - path: + # type: PathPrefix + # value: / + # filters: + # - type: RequestHeaderModifier + # requestHeaderModifier: + # set: + # - name: X-Forwarded-Proto + # value: https + # ``` + # Advanced matching example with headers: + # ```yaml + # - matches: + # - path: + # type: PathPrefix + # value: /ui + # headers: + # - name: X-Custom-Header + # value: custom-value + # filters: + # - type: RequestHeaderModifier + # requestHeaderModifier: + # set: + # - name: X-Forwarded-Proto + # value: https + # ``` + networkPolicy: # networkPolicy.enabled -- Set to true to enable Trino pod protection with a # [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/). diff --git a/tests/trino/test-gateway-https-values.yaml b/tests/trino/test-gateway-https-values.yaml new file mode 100644 index 00000000..b857149d --- /dev/null +++ b/tests/trino/test-gateway-https-values.yaml @@ -0,0 +1,18 @@ +# Test values for Gateway API configuration with HTTPS +server: + workers: 1 + config: + https: + enabled: true + port: 8443 + +gateway: + enabled: true + parentRefs: + - name: trino-gateway + hostnames: + - trino-secure.example.com + rules: + - path: + type: PathPrefix + value: / diff --git a/tests/trino/test-gateway-values.yaml b/tests/trino/test-gateway-values.yaml new file mode 100644 index 00000000..96ef4c5c --- /dev/null +++ b/tests/trino/test-gateway-values.yaml @@ -0,0 +1,17 @@ +# Test values for Gateway API configuration +server: + workers: 1 + +gateway: + enabled: true + annotations: + gateway.networking.k8s.io/test: "true" + parentRefs: + - name: trino-gateway + namespace: gateway-system + hostnames: + - trino.example.com + rules: + - path: + type: PathPrefix + value: / diff --git a/tests/trino/test.sh b/tests/trino/test.sh index 797f5b60..61720cb6 100755 --- a/tests/trino/test.sh +++ b/tests/trino/test.sh @@ -11,6 +11,7 @@ declare -A testCases=( [exchange_manager_values]="--values test-exchange-manager-values.yaml" [graceful_shutdown]="--values test-graceful-shutdown-values.yaml" [resource_groups_properties]="--values test-resource-groups-properties-values.yaml" + [gateway]="--values test-gateway-values.yaml" ) declare -A testCaseCharts=( @@ -22,6 +23,7 @@ declare -A testCaseCharts=( [exchange_manager_values]="../../charts/trino" [graceful_shutdown]="../../charts/trino" [resource_groups_properties]="../../charts/trino" + [gateway]="../../charts/trino" ) function join_by { @@ -41,7 +43,7 @@ CT_ARGS=( --helm-extra-args="--timeout 2m" ) CLEANUP_NAMESPACE=true -TEST_NAMES=(default single_node complete_values access_control_properties_values exchange_manager_values graceful_shutdown resource_groups_properties) +TEST_NAMES=(default single_node complete_values access_control_properties_values exchange_manager_values graceful_shutdown resource_groups_properties gateway) usage() { cat <&2 @@ -153,6 +155,14 @@ if printf '%s\0' "${TEST_NAMES[@]}" | grep -qwz resource_groups_properties; then kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=postgresql --timeout=300s -n "$DB_NAMESPACE" fi +# only install Gateway API CRDs when running the `gateway` test +if printf '%s\0' "${TEST_NAMES[@]}" | grep -qwz gateway; then + echo 1>&2 "Installing Gateway API CRDs" + kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/standard-install.yaml + kubectl wait --for condition=established --timeout=60s crd/gateways.gateway.networking.k8s.io + kubectl wait --for condition=established --timeout=60s crd/httproutes.gateway.networking.k8s.io +fi + CT_ARGS+=(--namespace "$NAMESPACE") result=0 @@ -183,7 +193,7 @@ if [ "$CLEANUP_NAMESPACE" == "true" ]; then kubectl delete namespace "$NAMESPACE" helm -n "$KEDA_NAMESPACE" uninstall keda --ignore-not-found kubectl delete namespace "$KEDA_NAMESPACE" - for api_group in monitoring.coreos.com eventing.keda.sh keda.sh; do + for api_group in monitoring.coreos.com eventing.keda.sh keda.sh gateway.networking.k8s.io; do mapfile -t crds < <(kubectl api-resources --api-group="$api_group" --output name) if [ ${#crds[@]} -ne 0 ]; then kubectl delete crd "${crds[@]}"