Feature/add support for kubernetes gateway api

charts/trino/README.md

@@ -969,6 +969,68 @@ Fast distributed SQL query engine for big data analytics that helps you explore
      hosts:
        - chart-example.local
   ```
+* `gateway.enabled` - bool, default: `false`  
+
+  Set to true to create HTTPRoute resources for [Kubernetes Gateway API](https://gateway-api.sigs.k8s.io/). The Gateway API is the successor to the Ingress API and provides more advanced routing capabilities.
+  > [!NOTE]
+  > - Requires Gateway API CRDs to be installed in the cluster
+  > - Not recommended to use together with `ingress.enabled` (choose one or the other)
+  > - Requires a Gateway resource to be configured separately
+* `gateway.annotations` - object, default: `{}`  
+
+  Annotations to add to the HTTPRoute resource.
+  Example:
+  ```yaml
+   gateway.networking.k8s.io/example: "value"
+  ```
+* `gateway.parentRefs` - list, default: `[]`  
+
+  References to the Gateway resources that this HTTPRoute should attach to.
+  Example:
+  ```yaml
+   - name: trino-gateway
+     namespace: gateway-system
+     sectionName: https
+  ```
+* `gateway.hostnames` - list, default: `[]`  
+
+  Hostnames to match for routing traffic.
+  Example:
+  ```yaml
+   - trino.example.com
+   - trino-prod.example.com
+  ```
+* `gateway.rules` - list, default: `[]`  
+
+  HTTPRoute rules for routing traffic to Trino. Each rule can use either the simplified `path` format for basic routing, or the full `matches` format for advanced use cases.
+  Simple path-based routing example:
+  ```yaml
+   - path:
+       type: PathPrefix
+       value: /
+     filters:
+       - type: RequestHeaderModifier
+         requestHeaderModifier:
+           set:
+             - name: X-Forwarded-Proto
+               value: https
+  ```
+  Advanced matching example with headers:
+  ```yaml
+   - matches:
+       - path:
+           type: PathPrefix
+           value: /ui
+         headers:
+           - name: X-Custom-Header
+             value: custom-value
+     filters:
+       - type: RequestHeaderModifier
+         requestHeaderModifier:
+           set:
+             - name: X-Forwarded-Proto
+               value: https
+  ```
 * `networkPolicy.enabled` - bool, default: `false`  
 
   Set to true to enable Trino pod protection with a [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/). By default, the NetworkPolicy will only allow Trino pods to communicate with each other.

charts/trino/templates/httproute.yaml

@@ -0,0 +1,43 @@
+{{- if .Values.gateway.enabled -}}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ template "trino.coordinator" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "trino.labels" . | nindent 4 }}
+  {{- with .Values.gateway.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.gateway.parentRefs }}
+  parentRefs:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.gateway.hostnames }}
+  hostnames:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  rules:
+    {{- range .Values.gateway.rules }}
+    - matches:
+        {{- if .matches }}
+        {{- toYaml .matches | nindent 8 }}
+        {{- else }}
+        - path:
+            type: {{ .path.type | default "PathPrefix" }}
+            value: {{ .path.value | default "/" }}
+        {{- end }}
+      {{- if .filters }}
+      filters:
+        {{- toYaml .filters | nindent 8 }}
+      {{- end }}
+      backendRefs:
+        - name: {{ include "trino.fullname" $ }}
+          port: {{ if $.Values.server.config.https.enabled }}{{ $.Values.server.config.https.port }}{{ else }}{{ $.Values.service.port }}{{ end }}
+          {{- if .weight }}
+          weight: {{ .weight }}
+          {{- end }}
+    {{- end }}
+{{- end }}

charts/trino/values.yaml

@@ -1180,6 +1180,73 @@ ingress:
   #      - chart-example.local
   # ```
 
+gateway:
+  # gateway.enabled -- Set to true to create HTTPRoute resources for [Kubernetes Gateway API](https://gateway-api.sigs.k8s.io/).
+  # The Gateway API is the successor to the Ingress API and provides more advanced routing capabilities.
+  # @raw
+  # > [!NOTE]
+  # > - Requires Gateway API CRDs to be installed in the cluster
+  # > - Not recommended to use together with `ingress.enabled` (choose one or the other)
+  # > - Requires a Gateway resource to be configured separately
+  enabled: false
+  annotations: {}
+  # gateway.annotations -- Annotations to add to the HTTPRoute resource.
+  # @raw
+  # Example:
+  # ```yaml
+  #  gateway.networking.k8s.io/example: "value"
+  # ```
+  parentRefs: []
+  # gateway.parentRefs -- References to the Gateway resources that this HTTPRoute should attach to.
+  # @raw
+  # Example:
+  # ```yaml
+  #  - name: trino-gateway
+  #    namespace: gateway-system
+  #    sectionName: https
+  # ```
+  hostnames: []
+  # gateway.hostnames -- Hostnames to match for routing traffic.
+  # @raw
+  # Example:
+  # ```yaml
+  #  - trino.example.com
+  #  - trino-prod.example.com
+  # ```
+  rules: []
+  # gateway.rules -- HTTPRoute rules for routing traffic to Trino.
+  # Each rule can use either the simplified `path` format for basic routing,
+  # or the full `matches` format for advanced use cases.
+  # @raw
+  # Simple path-based routing example:
+  # ```yaml
+  #  - path:
+  #      type: PathPrefix
+  #      value: /
+  #    filters:
+  #      - type: RequestHeaderModifier
+  #        requestHeaderModifier:
+  #          set:
+  #            - name: X-Forwarded-Proto
+  #              value: https
+  # ```
+  # Advanced matching example with headers:
+  # ```yaml
+  #  - matches:
+  #      - path:
+  #          type: PathPrefix
+  #          value: /ui
+  #        headers:
+  #          - name: X-Custom-Header
+  #            value: custom-value
+  #    filters:
+  #      - type: RequestHeaderModifier
+  #        requestHeaderModifier:
+  #          set:
+  #            - name: X-Forwarded-Proto
+  #              value: https
+  # ```
+
 networkPolicy:
   # networkPolicy.enabled -- Set to true to enable Trino pod protection with a
   # [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/).

tests/trino/test-gateway-https-values.yaml

@@ -0,0 +1,18 @@
+# Test values for Gateway API configuration with HTTPS
+server:
+  workers: 1
+  config:
+    https:
+      enabled: true
+      port: 8443
+
+gateway:
+  enabled: true
+  parentRefs:
+    - name: trino-gateway
+  hostnames:
+    - trino-secure.example.com
+  rules:
+    - path:
+        type: PathPrefix
+        value: /

tests/trino/test-gateway-values.yaml

@@ -0,0 +1,17 @@
+# Test values for Gateway API configuration
+server:
+  workers: 1
+
+gateway:
+  enabled: true
+  annotations:
+    gateway.networking.k8s.io/test: "true"
+  parentRefs:
+    - name: trino-gateway
+      namespace: gateway-system
+  hostnames:
+    - trino.example.com
+  rules:
+    - path:
+        type: PathPrefix
+        value: /

tests/trino/test.sh

@@ -11,6 +11,7 @@ declare -A testCases=(
     [exchange_manager_values]="--values test-exchange-manager-values.yaml"
     [graceful_shutdown]="--values test-graceful-shutdown-values.yaml"
     [resource_groups_properties]="--values test-resource-groups-properties-values.yaml"
+    [gateway]="--values test-gateway-values.yaml"
 )
 
 declare -A testCaseCharts=(
@@ -22,6 +23,7 @@ declare -A testCaseCharts=(
     [exchange_manager_values]="../../charts/trino"
     [graceful_shutdown]="../../charts/trino"
     [resource_groups_properties]="../../charts/trino"
+    [gateway]="../../charts/trino"
 )
 
 function join_by {
@@ -41,7 +43,7 @@ CT_ARGS=(
     --helm-extra-args="--timeout 2m"
 )
 CLEANUP_NAMESPACE=true
-TEST_NAMES=(default single_node complete_values access_control_properties_values exchange_manager_values graceful_shutdown resource_groups_properties)
+TEST_NAMES=(default single_node complete_values access_control_properties_values exchange_manager_values graceful_shutdown resource_groups_properties gateway)
 
 usage() {
     cat <<EOF 1>&2
@@ -153,6 +155,14 @@ if printf '%s\0' "${TEST_NAMES[@]}" | grep -qwz resource_groups_properties; then
     kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=postgresql --timeout=300s -n "$DB_NAMESPACE"
 fi
 
+# only install Gateway API CRDs when running the `gateway` test
+if printf '%s\0' "${TEST_NAMES[@]}" | grep -qwz gateway; then
+    echo 1>&2 "Installing Gateway API CRDs"
+    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/standard-install.yaml
+    kubectl wait --for condition=established --timeout=60s crd/gateways.gateway.networking.k8s.io
+    kubectl wait --for condition=established --timeout=60s crd/httproutes.gateway.networking.k8s.io
+fi
+
 CT_ARGS+=(--namespace "$NAMESPACE")
 
 result=0
@@ -183,7 +193,7 @@ if [ "$CLEANUP_NAMESPACE" == "true" ]; then
     kubectl delete namespace "$NAMESPACE"
     helm -n "$KEDA_NAMESPACE" uninstall keda --ignore-not-found
     kubectl delete namespace "$KEDA_NAMESPACE"
-    for api_group in monitoring.coreos.com eventing.keda.sh keda.sh; do
+    for api_group in monitoring.coreos.com eventing.keda.sh keda.sh gateway.networking.k8s.io; do
         mapfile -t crds < <(kubectl api-resources --api-group="$api_group" --output name)
         if [ ${#crds[@]} -ne 0 ]; then
             kubectl delete crd "${crds[@]}"