Remove deprecated httproute.yaml and implement server-httproute.yaml template for Vault HTTPRoute configuration in Helm chart.

2026-04-12 17:38:48 +07:00
parent bcfb683c10
commit 499c71b31c
3 changed files with 42 additions and 37 deletions
--- a/manifest/vault/httproute.yaml
+++ b/manifest/vault/httproute.yaml
@@ -1,35 +0,0 @@
-# HTTPRoute for HashiCorp Vault behind Envoy Gateway (Gateway API).
-# Matches the intent of server.httpRoute in values.yaml (chart may not render it yet).
-#
-# Before applying:
-#   kubectl get svc -n vault
-# If the Vault Service is not named "vault" (e.g. release "foo" -> Service "foo-vault"),
-# change spec.rules[].backendRefs[].name below.
-#
-# Ensure your Gateway allows routes from namespace "vault" (listener allowedRoutes / infrastructure).
-#
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: vault-httproute
-  namespace: vault
-spec:
-  parentRefs:
-    - group: gateway.networking.k8s.io
-      kind: Gateway
-      name: envoy-gateway
-      namespace: envoy-gateway-system
-      sectionName: http
-  hostnames:
-    - vault.fireflylab.local
-  rules:
-    - matches:
-        - path:
-            type: PathPrefix
-            value: /
-      backendRefs:
-        - group: ""
-          kind: Service
-          name: vault
-          port: 8200
-          weight: 1
--- a/manifest/vault/templates/server-httproute.yaml
+++ b/manifest/vault/templates/server-httproute.yaml
@@ -0,0 +1,40 @@
+{{/*
+HTTPRoute for Vault behind Gateway API (e.g. Envoy Gateway).
+Only Helm files under templates/ are rendered; a sibling httproute.yaml at chart root is ignored by Argo CD Helm.
+*/}}
+{{- if .Values.server.httpRoute.enabled }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ template "vault.fullname" . }}-httproute
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  parentRefs:
+{{- range .Values.server.httpRoute.parentRefs }}
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: {{ .name }}
+      namespace: {{ .namespace }}
+{{- if .sectionName }}
+      sectionName: {{ .sectionName }}
+{{- end }}
+{{- end }}
+  hostnames:
+{{- range .Values.server.httpRoute.hostnames }}
+    - {{ . | quote }}
+{{- end }}
+  rules:
+    - matches:
+{{ toYaml .Values.server.httpRoute.matches | nindent 8 }}
+      backendRefs:
+        - group: ""
+          kind: Service
+          name: {{ template "vault.fullname" . }}
+          port: {{ .Values.server.service.port }}
+          weight: 1
+{{- end }}