From 42b635f29832aa1f28cdc8e179a6231c5419fcc1 Mon Sep 17 00:00:00 2001 From: Michael Lechner Date: Mon, 16 Mar 2026 17:44:51 +0100 Subject: [PATCH 01/16] 1308: add gateway-api support for the console helm chart --- charts/console/chart/README.md | 22 ++ charts/console/chart/notes.go | 6 +- .../console/chart/templates/_chart.chart.tpl | 2 +- .../console/chart/templates/_chart.notes.tpl | 10 +- .../chart/templates/_console.gateway.tpl | 47 ++++ .../chart/templates/_console.render.tpl | 4 +- .../testdata/template-cases.golden.txtar | 215 ++++++++++++++++++ .../chart/testdata/template-cases.txtar | 14 ++ charts/console/chart/values.schema.json | 59 +++++ charts/console/chart/values.yaml | 17 ++ charts/console/gateway.go | 92 ++++++++ charts/console/render.go | 4 + charts/console/render_test.go | 22 ++ charts/console/rendervalues.go | 17 ++ charts/console/rendervalues_partial.gen.go | 17 ++ 15 files changed, 543 insertions(+), 5 deletions(-) create mode 100644 charts/console/chart/templates/_console.gateway.tpl create mode 100644 charts/console/gateway.go diff --git a/charts/console/chart/README.md b/charts/console/chart/README.md index 2c500b9a8..7b0cf10e3 100644 --- a/charts/console/chart/README.md +++ b/charts/console/chart/README.md @@ -117,6 +117,28 @@ Override `console.fullname` template. **Default:** `""` +### [gateway](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=gateway) + +Gateway API `HTTPRoute` settings. + +**Default:** + +``` +{"annotations":{},"enabled":false,"hostnames":["chart-example.local"],"parentRefs":[],"path":"/","pathType":"PathPrefix"} +``` + +### [gateway.parentRefs](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=gateway.parentRefs) + +Gateway parent references for this route. If no parentRefs are specified, the HTTPRoute is still rendered but will not attach to any Gateway until configured. + +**Default:** `[]` + +### [gateway.pathType](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=gateway.pathType) + +One of Exact, PathPrefix, or RegularExpression. + +**Default:** `"PathPrefix"` + ### [image](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=image) Redpanda Console Docker image settings. diff --git a/charts/console/chart/notes.go b/charts/console/chart/notes.go index 57fff974a..268e426f8 100644 --- a/charts/console/chart/notes.go +++ b/charts/console/chart/notes.go @@ -21,7 +21,11 @@ func Notes(dot *helmette.Dot) []string { commands := []string{ `1. Get the application URL by running these commands:`, } - if values.Ingress.Enabled { + if values.Gateway.Enabled { + for _, hostname := range values.Gateway.Hostnames { + commands = append(commands, fmt.Sprintf("http://%s%s", hostname, values.Gateway.Path)) + } + } else if values.Ingress.Enabled { scheme := "http" if len(values.Ingress.TLS) > 0 { scheme = "https" diff --git a/charts/console/chart/templates/_chart.chart.tpl b/charts/console/chart/templates/_chart.chart.tpl index 1a7194605..42257467e 100644 --- a/charts/console/chart/templates/_chart.chart.tpl +++ b/charts/console/chart/templates/_chart.chart.tpl @@ -22,7 +22,7 @@ {{- $_ := (set $values.secret.authentication "jwtSigningKey" (randAlphaNum (32 | int))) -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "ReleaseName" "" "Namespace" "" "Template" (coalesce nil) "CommonLabels" (coalesce nil) "Values" (dict "replicaCount" 0 "nameOverride" "" "commonLabels" (coalesce nil) "fullnameOverride" "" "image" (dict "registry" "" "repository" "" "pullPolicy" "" "tag" "") "imagePullSecrets" (coalesce nil) "automountServiceAccountToken" false "serviceAccount" (dict "create" false "automountServiceAccountToken" false "annotations" (coalesce nil) "name" "") "annotations" (coalesce nil) "podAnnotations" (coalesce nil) "podLabels" (coalesce nil) "podSecurityContext" (dict) "securityContext" (dict) "service" (dict "type" "" "port" 0 "annotations" (coalesce nil)) "ingress" (dict "enabled" false "annotations" (coalesce nil) "hosts" (coalesce nil) "tls" (coalesce nil)) "resources" (dict) "autoscaling" (dict "enabled" false "minReplicas" 0 "maxReplicas" 0 "targetCPUUtilizationPercentage" (coalesce nil)) "nodeSelector" (coalesce nil) "tolerations" (coalesce nil) "affinity" (dict) "topologySpreadConstraints" (coalesce nil) "priorityClassName" "" "config" (coalesce nil) "extraEnv" (coalesce nil) "extraEnvFrom" (coalesce nil) "extraVolumes" (coalesce nil) "extraVolumeMounts" (coalesce nil) "extraContainers" (coalesce nil) "extraContainerPorts" (coalesce nil) "initContainers" (dict "extraInitContainers" (coalesce nil)) "secretMounts" (coalesce nil) "secret" (dict "create" false "kafka" (dict) "authentication" (dict "jwtSigningKey" "" "oidc" (dict)) "license" "" "redpanda" (dict "adminApi" (dict)) "serde" (dict) "schemaRegistry" (dict)) "livenessProbe" (dict) "readinessProbe" (dict) "configmap" (dict "create" false) "deployment" (dict "create" false) "strategy" (dict) "monitoring" (dict "enabled" false "scrapeInterval" "" "labels" (coalesce nil)))) (dict "ReleaseName" $dot.Release.Name "Namespace" $dot.Release.Namespace "Values" $values "Template" (list "chart.templater.Template" $templater) "CommonLabels" (dict "helm.sh/chart" (get (fromJson (include "chart.ChartLabel" (dict "a" (list $dot)))) "r") "app.kubernetes.io/managed-by" $dot.Release.Service "app.kubernetes.io/version" $dot.Chart.AppVersion)))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "ReleaseName" "" "Namespace" "" "Template" (coalesce nil) "CommonLabels" (coalesce nil) "Values" (dict "replicaCount" 0 "nameOverride" "" "commonLabels" (coalesce nil) "fullnameOverride" "" "image" (dict "registry" "" "repository" "" "pullPolicy" "" "tag" "") "imagePullSecrets" (coalesce nil) "automountServiceAccountToken" false "serviceAccount" (dict "create" false "automountServiceAccountToken" false "annotations" (coalesce nil) "name" "") "annotations" (coalesce nil) "podAnnotations" (coalesce nil) "podLabels" (coalesce nil) "podSecurityContext" (dict) "securityContext" (dict) "service" (dict "type" "" "port" 0 "annotations" (coalesce nil)) "ingress" (dict "enabled" false "annotations" (coalesce nil) "hosts" (coalesce nil) "tls" (coalesce nil)) "gateway" (dict "enabled" false "annotations" (coalesce nil) "parentRefs" (coalesce nil) "hostnames" (coalesce nil) "path" "") "resources" (dict) "autoscaling" (dict "enabled" false "minReplicas" 0 "maxReplicas" 0 "targetCPUUtilizationPercentage" (coalesce nil)) "nodeSelector" (coalesce nil) "tolerations" (coalesce nil) "affinity" (dict) "topologySpreadConstraints" (coalesce nil) "priorityClassName" "" "config" (coalesce nil) "extraEnv" (coalesce nil) "extraEnvFrom" (coalesce nil) "extraVolumes" (coalesce nil) "extraVolumeMounts" (coalesce nil) "extraContainers" (coalesce nil) "extraContainerPorts" (coalesce nil) "initContainers" (dict "extraInitContainers" (coalesce nil)) "secretMounts" (coalesce nil) "secret" (dict "create" false "kafka" (dict) "authentication" (dict "jwtSigningKey" "" "oidc" (dict)) "license" "" "redpanda" (dict "adminApi" (dict)) "serde" (dict) "schemaRegistry" (dict)) "livenessProbe" (dict) "readinessProbe" (dict) "configmap" (dict "create" false) "deployment" (dict "create" false) "strategy" (dict) "monitoring" (dict "enabled" false "scrapeInterval" "" "labels" (coalesce nil)))) (dict "ReleaseName" $dot.Release.Name "Namespace" $dot.Release.Namespace "Values" $values "Template" (list "chart.templater.Template" $templater) "CommonLabels" (dict "helm.sh/chart" (get (fromJson (include "chart.ChartLabel" (dict "a" (list $dot)))) "r") "app.kubernetes.io/managed-by" $dot.Release.Service "app.kubernetes.io/version" $dot.Chart.AppVersion)))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/console/chart/templates/_chart.notes.tpl b/charts/console/chart/templates/_chart.notes.tpl index b1b113e48..da92b58e5 100644 --- a/charts/console/chart/templates/_chart.notes.tpl +++ b/charts/console/chart/templates/_chart.notes.tpl @@ -7,7 +7,14 @@ {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} {{- $commands := (list `1. Get the application URL by running these commands:`) -}} -{{- if $values.ingress.enabled -}} +{{- if $values.gateway.enabled -}} +{{- range $_, $hostname := $values.gateway.hostnames -}} +{{- $commands = (concat (default (list) $commands) (list (printf "http://%s%s" $hostname $values.gateway.path))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- else -}}{{- if $values.ingress.enabled -}} {{- $scheme := "http" -}} {{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.ingress.tls)))) "r") | int) (0 | int)) -}} {{- $scheme = "https" -}} @@ -33,6 +40,7 @@ {{- end -}} {{- end -}} {{- end -}} +{{- end -}} {{- $_is_returning = true -}} {{- (dict "r" $commands) | toJson -}} {{- break -}} diff --git a/charts/console/chart/templates/_console.gateway.tpl b/charts/console/chart/templates/_console.gateway.tpl new file mode 100644 index 000000000..58b741645 --- /dev/null +++ b/charts/console/chart/templates/_console.gateway.tpl @@ -0,0 +1,47 @@ +{{- /* GENERATED FILE DO NOT EDIT */ -}} +{{- /* Transpiled by gotohelm from "github.com/redpanda-data/redpanda-operator/charts/console/v3/gateway.go" */ -}} + +{{- define "console.HTTPRoute" -}} +{{- $state := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (not $state.Values.gateway.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $parentRefs := (coalesce nil) -}} +{{- range $_, $parentRef := $state.Values.gateway.parentRefs -}} +{{- $ref := (mustMergeOverwrite (dict "name" "") (dict "name" (toString (get (fromJson (include (first $state.Template) (dict "a" (concat (rest $state.Template) (list $parentRef.name))))) "r")))) -}} +{{- if (ne (toJson $parentRef.namespace) "null") -}} +{{- $namespace := (get (fromJson (include (first $state.Template) (dict "a" (concat (rest $state.Template) (list $parentRef.namespace))))) "r") -}} +{{- $_ := (set $ref "namespace" (toString $namespace)) -}} +{{- end -}} +{{- if (ne (toJson $parentRef.sectionName) "null") -}} +{{- $sectionName := (toString (get (fromJson (include (first $state.Template) (dict "a" (concat (rest $state.Template) (list (toString $parentRef.sectionName)))))) "r")) -}} +{{- $_ := (set $ref "sectionName" $sectionName) -}} +{{- end -}} +{{- $parentRefs = (concat (default (list) $parentRefs) (list $ref)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $hostnames := (coalesce nil) -}} +{{- range $_, $hostname := $state.Values.gateway.hostnames -}} +{{- $hostnames = (concat (default (list) $hostnames) (list (toString (get (fromJson (include (first $state.Template) (dict "a" (concat (rest $state.Template) (list $hostname))))) "r")))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $pathType := "PathPrefix" -}} +{{- if (ne (toJson $state.Values.gateway.pathType) "null") -}} +{{- $pathType = $state.Values.gateway.pathType -}} +{{- end -}} +{{- $path := (get (fromJson (include (first $state.Template) (dict "a" (concat (rest $state.Template) (list $state.Values.gateway.path))))) "r") -}} +{{- $port := (($state.Values.service.port | int) | int) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict) "spec" (dict) "status" (dict "parents" (coalesce nil))) (mustMergeOverwrite (dict) (dict "kind" "HTTPRoute" "apiVersion" "gateway.networking.k8s.io/v1")) (dict "metadata" (mustMergeOverwrite (dict) (dict "name" (get (fromJson (include "console.RenderState.FullName" (dict "a" (list $state)))) "r") "labels" (get (fromJson (include "console.RenderState.Labels" (dict "a" (list $state (coalesce nil))))) "r") "namespace" $state.Namespace "annotations" $state.Values.gateway.annotations)) "spec" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "parentRefs" $parentRefs)) (dict "hostnames" $hostnames "rules" (list (mustMergeOverwrite (dict) (dict "matches" (list (mustMergeOverwrite (dict) (dict "path" (mustMergeOverwrite (dict) (dict "type" $pathType "value" $path))))) "backendRefs" (list (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict "name" "") (dict "name" (toString (get (fromJson (include "console.RenderState.FullName" (dict "a" (list $state)))) "r")) "port" $port)) (dict)) (dict))))))))))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/console/chart/templates/_console.render.tpl b/charts/console/chart/templates/_console.render.tpl index 66d8af884..d8a00f1c5 100644 --- a/charts/console/chart/templates/_console.render.tpl +++ b/charts/console/chart/templates/_console.render.tpl @@ -80,7 +80,7 @@ {{- $state := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $manifests := (list (get (fromJson (include "console.ServiceAccount" (dict "a" (list $state)))) "r") (get (fromJson (include "console.Secret" (dict "a" (list $state)))) "r") (get (fromJson (include "console.ConfigMap" (dict "a" (list $state)))) "r") (get (fromJson (include "console.Service" (dict "a" (list $state)))) "r") (get (fromJson (include "console.Ingress" (dict "a" (list $state)))) "r") (get (fromJson (include "console.Deployment" (dict "a" (list $state)))) "r") (get (fromJson (include "console.HorizontalPodAutoscaler" (dict "a" (list $state)))) "r") (get (fromJson (include "console.ServiceMonitor" (dict "a" (list $state)))) "r")) -}} +{{- $manifests := (list (get (fromJson (include "console.ServiceAccount" (dict "a" (list $state)))) "r") (get (fromJson (include "console.Secret" (dict "a" (list $state)))) "r") (get (fromJson (include "console.ConfigMap" (dict "a" (list $state)))) "r") (get (fromJson (include "console.Service" (dict "a" (list $state)))) "r") (get (fromJson (include "console.Ingress" (dict "a" (list $state)))) "r") (get (fromJson (include "console.HTTPRoute" (dict "a" (list $state)))) "r") (get (fromJson (include "console.Deployment" (dict "a" (list $state)))) "r") (get (fromJson (include "console.HorizontalPodAutoscaler" (dict "a" (list $state)))) "r") (get (fromJson (include "console.ServiceMonitor" (dict "a" (list $state)))) "r")) -}} {{- $_is_returning = true -}} {{- (dict "r" $manifests) | toJson -}} {{- break -}} @@ -91,7 +91,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (list (mustMergeOverwrite (dict "metadata" (dict)) (dict)) (mustMergeOverwrite (dict "metadata" (dict)) (dict)) (mustMergeOverwrite (dict "metadata" (dict)) (dict)) (mustMergeOverwrite (dict "metadata" (dict) "spec" (dict) "status" (dict "loadBalancer" (dict))) (dict)) (mustMergeOverwrite (dict "metadata" (dict) "spec" (dict) "status" (dict "loadBalancer" (dict))) (dict)) (mustMergeOverwrite (dict "metadata" (dict) "spec" (dict "selector" (coalesce nil) "template" (dict "metadata" (dict) "spec" (dict "containers" (coalesce nil))) "strategy" (dict)) "status" (dict)) (dict)) (mustMergeOverwrite (dict "metadata" (dict) "spec" (dict "scaleTargetRef" (dict "kind" "" "name" "") "maxReplicas" 0) "status" (dict "desiredReplicas" 0 "currentMetrics" (coalesce nil))) (dict)) (mustMergeOverwrite (dict "metadata" (dict) "spec" (dict "endpoints" (coalesce nil) "selector" (dict) "namespaceSelector" (dict))) (dict)))) | toJson -}} +{{- (dict "r" (list (mustMergeOverwrite (dict "metadata" (dict)) (dict)) (mustMergeOverwrite (dict "metadata" (dict)) (dict)) (mustMergeOverwrite (dict "metadata" (dict)) (dict)) (mustMergeOverwrite (dict "metadata" (dict) "spec" (dict) "status" (dict "loadBalancer" (dict))) (dict)) (mustMergeOverwrite (dict "metadata" (dict) "spec" (dict) "status" (dict "loadBalancer" (dict))) (dict)) (mustMergeOverwrite (dict "metadata" (dict) "spec" (dict) "status" (dict "parents" (coalesce nil))) (dict)) (mustMergeOverwrite (dict "metadata" (dict) "spec" (dict "selector" (coalesce nil) "template" (dict "metadata" (dict) "spec" (dict "containers" (coalesce nil))) "strategy" (dict)) "status" (dict)) (dict)) (mustMergeOverwrite (dict "metadata" (dict) "spec" (dict "scaleTargetRef" (dict "kind" "" "name" "") "maxReplicas" 0) "status" (dict "desiredReplicas" 0 "currentMetrics" (coalesce nil))) (dict)) (mustMergeOverwrite (dict "metadata" (dict) "spec" (dict "endpoints" (coalesce nil) "selector" (dict) "namespaceSelector" (dict))) (dict)))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/console/chart/testdata/template-cases.golden.txtar b/charts/console/chart/testdata/template-cases.golden.txtar index a8a9f6b3b..bf2f502eb 100644 --- a/charts/console/chart/testdata/template-cases.golden.txtar +++ b/charts/console/chart/testdata/template-cases.golden.txtar @@ -23237,3 +23237,218 @@ spec: - name: secrets secret: secretName: console +-- testdata/gateway-templating.yaml.golden -- +--- +# Source: console/templates/entry-point.yaml +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: console + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: console + namespace: test-namespace +--- +# Source: console/templates/entry-point.yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: console + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: console + namespace: test-namespace +stringData: + authentication-jwt-signingkey: SECRETKEY + authentication-oidc-client-secret: "" + kafka-sasl-aws-msk-iam-secret-key: "" + kafka-sasl-password: "" + kafka-tls-ca: "" + kafka-tls-cert: "" + kafka-tls-key: "" + license: "" + redpanda-admin-api-password: "" + redpanda-admin-api-tls-ca: "" + redpanda-admin-api-tls-cert: "" + redpanda-admin-api-tls-key: "" + schema-registry-bearertoken: "" + schema-registry-password: "" + schemaregistry-tls-ca: "" + schemaregistry-tls-cert: "" + schemaregistry-tls-key: "" + serde-protobuf-git-basicauth-password: "" +type: Opaque +--- +# Source: console/templates/entry-point.yaml +apiVersion: v1 +data: + config.yaml: | + # from .Values.config + {} +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: console + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: console + namespace: test-namespace +--- +# Source: console/templates/entry-point.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: console + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: console + namespace: test-namespace +spec: + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: 0 + selector: + app.kubernetes.io/instance: console + app.kubernetes.io/name: console + type: ClusterIP +--- +# Source: console/templates/entry-point.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: console + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: console + namespace: test-namespace +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: console + app.kubernetes.io/name: console + strategy: {} + template: + metadata: + annotations: + checksum/config: 28d978af90a43439edaee767a120fd85a15f923d1977979170de19b9e74c5895 + labels: + app.kubernetes.io/instance: console + app.kubernetes.io/name: console + spec: + affinity: {} + automountServiceAccountToken: false + containers: + - args: + - --config.filepath=/etc/console/configs/config.yaml + command: null + env: + - name: AUTHENTICATION_JWTSIGNINGKEY + valueFrom: + secretKeyRef: + key: authentication-jwt-signingkey + name: console + envFrom: [] + image: docker.redpanda.com/redpandadata/console:v3.3.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /admin/health + port: http + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: console + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /admin/health + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: {} + securityContext: + runAsNonRoot: true + volumeMounts: + - mountPath: /etc/console/configs + name: configs + readOnly: true + - mountPath: /etc/console/secrets + name: secrets + readOnly: true + imagePullSecrets: [] + initContainers: null + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 99 + fsGroupChangePolicy: Always + runAsUser: 99 + serviceAccountName: console + tolerations: [] + topologySpreadConstraints: [] + volumes: + - configMap: + name: console + name: configs + - name: secrets + secret: + secretName: console +--- +# Source: console/templates/entry-point.yaml +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + annotations: + gateway: test + labels: + app.kubernetes.io/instance: console + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: console + namespace: test-namespace +spec: + hostnames: + - '"console.example.local"' + parentRefs: + - name: '"public-gateway"' + namespace: '"networking"' + sectionName: '"http"' + rules: + - backendRefs: + - name: console + port: 8080 + matches: + - path: + type: PathPrefix + value: / diff --git a/charts/console/chart/testdata/template-cases.txtar b/charts/console/chart/testdata/template-cases.txtar index d5aa06c3a..dcb1f2552 100644 --- a/charts/console/chart/testdata/template-cases.txtar +++ b/charts/console/chart/testdata/template-cases.txtar @@ -66,6 +66,20 @@ ingress: hosts: - '{{ "blah" | quote }}' +-- gateway-templating -- +gateway: + enabled: true + annotations: + gateway: test + parentRefs: + - name: '{{ "public-gateway" | quote }}' + namespace: '{{ "networking" | quote }}' + sectionName: '{{ "http" | quote }}' + hostnames: + - '{{ "console.example.local" | quote }}' + path: '{{ "/" }}' + pathType: PathPrefix + -- no-registry -- image: registry: "" diff --git a/charts/console/chart/values.schema.json b/charts/console/chart/values.schema.json index 0e753ba12..5bde8e4d9 100644 --- a/charts/console/chart/values.schema.json +++ b/charts/console/chart/values.schema.json @@ -3051,6 +3051,65 @@ "fullnameOverride": { "type": "string" }, + "gateway": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "hostnames": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "parentRefs": { + "oneOf": [ + { + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "sectionName": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "path": { + "type": "string" + }, + "pathType": { + "type": "string" + } + }, + "type": "object" + }, "global": { "type": "object" }, diff --git a/charts/console/chart/values.yaml b/charts/console/chart/values.yaml index 02086fcfd..b182f7625 100644 --- a/charts/console/chart/values.yaml +++ b/charts/console/chart/values.yaml @@ -107,6 +107,23 @@ ingress: # hosts: # - chart-example.local +# -- Gateway API `HTTPRoute` settings. +gateway: + enabled: false + annotations: {} + # -- Gateway parent references for this route. + # If no parentRefs are specified, the HTTPRoute is still rendered but will + # not attach to any Gateway until configured. + parentRefs: [] + # - name: public-gateway + # namespace: default + # sectionName: http + hostnames: + - chart-example.local + path: / + # -- One of Exact, PathPrefix, or RegularExpression. + pathType: PathPrefix + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/charts/console/gateway.go b/charts/console/gateway.go new file mode 100644 index 000000000..b33884eaf --- /dev/null +++ b/charts/console/gateway.go @@ -0,0 +1,92 @@ +// Copyright 2026 Redpanda Data, Inc. +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.md +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0 + +package console + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" + gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" +) + +func HTTPRoute(state *RenderState) *gatewayv1.HTTPRoute { + if !state.Values.Gateway.Enabled { + return nil + } + + var parentRefs []gatewayv1.ParentReference + for _, parentRef := range state.Values.Gateway.ParentRefs { + ref := gatewayv1.ParentReference{ + Name: gatewayv1.ObjectName(state.Template(parentRef.Name)), + } + if parentRef.Namespace != nil { + namespace := state.Template(*parentRef.Namespace) + ref.Namespace = ptr.To(gatewayv1.Namespace(namespace)) + } + if parentRef.SectionName != nil { + sectionName := gatewayv1.SectionName(state.Template(string(*parentRef.SectionName))) + ref.SectionName = ptr.To(sectionName) + } + parentRefs = append(parentRefs, ref) + } + + var hostnames []gatewayv1.Hostname + for _, hostname := range state.Values.Gateway.Hostnames { + hostnames = append(hostnames, gatewayv1.Hostname(state.Template(hostname))) + } + + pathType := gatewayv1.PathMatchPathPrefix + if state.Values.Gateway.PathType != nil { + pathType = *state.Values.Gateway.PathType + } + + path := state.Template(state.Values.Gateway.Path) + port := gatewayv1.PortNumber(state.Values.Service.Port) + + return &gatewayv1.HTTPRoute{ + TypeMeta: metav1.TypeMeta{ + Kind: "HTTPRoute", + APIVersion: "gateway.networking.k8s.io/v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: state.FullName(), + Labels: state.Labels(nil), + Namespace: state.Namespace, + Annotations: state.Values.Gateway.Annotations, + }, + Spec: gatewayv1.HTTPRouteSpec{ + CommonRouteSpec: gatewayv1.CommonRouteSpec{ + ParentRefs: parentRefs, + }, + Hostnames: hostnames, + Rules: []gatewayv1.HTTPRouteRule{ + { + Matches: []gatewayv1.HTTPRouteMatch{ + { + Path: &gatewayv1.HTTPPathMatch{ + Type: ptr.To(pathType), + Value: ptr.To(path), + }, + }, + }, + BackendRefs: []gatewayv1.HTTPBackendRef{ + { + BackendRef: gatewayv1.BackendRef{ + BackendObjectReference: gatewayv1.BackendObjectReference{ + Name: gatewayv1.ObjectName(state.FullName()), + Port: ptr.To(port), + }, + }, + }, + }, + }, + }, + }, + } +} diff --git a/charts/console/render.go b/charts/console/render.go index 24762c12b..26cfb76e8 100644 --- a/charts/console/render.go +++ b/charts/console/render.go @@ -25,6 +25,7 @@ import ( networkingv1 "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes/scheme" + gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" "sigs.k8s.io/yaml" "github.com/redpanda-data/redpanda-operator/gotohelm/helmette" @@ -47,6 +48,7 @@ const ( func init() { must(scheme.AddToScheme(Scheme)) must(monitoringv1.AddToScheme(Scheme)) + must(gatewayv1.Install(Scheme)) } // +gotohelm:ignore=true @@ -167,6 +169,7 @@ func Render(state *RenderState) []kube.Object { ConfigMap(state), Service(state), Ingress(state), + HTTPRoute(state), Deployment(state), HorizontalPodAutoscaler(state), ServiceMonitor(state), @@ -185,6 +188,7 @@ func Types() []kube.Object { &corev1.ConfigMap{}, &corev1.Service{}, &networkingv1.Ingress{}, + &gatewayv1.HTTPRoute{}, &appsv1.Deployment{}, &autoscalingv2.HorizontalPodAutoscaler{}, &monitoringv1.ServiceMonitor{}, diff --git a/charts/console/render_test.go b/charts/console/render_test.go index 2ff93fee4..30552c166 100644 --- a/charts/console/render_test.go +++ b/charts/console/render_test.go @@ -18,6 +18,7 @@ import ( "github.com/stretchr/testify/require" networkingv1 "k8s.io/api/networking/v1" "k8s.io/utils/ptr" + gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" ) // TestAppVersion asserts that the AppVersion const is inline with the version @@ -83,6 +84,15 @@ func TestTypes(t *testing.T) { }, }, }, + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + ParentRefs: []PartialGatewayParentReference{ + { + Name: ptr.To("public-gateway"), + }, + }, + Hostnames: []string{"console.example.com"}, + }, Autoscaling: &PartialAutoScaling{ Enabled: ptr.To(true), MinReplicas: ptr.To(int32(1)), @@ -112,6 +122,18 @@ func TestTypes(t *testing.T) { }, }, }, + { + name: "gateway disabled", + values: PartialRenderValues{ + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(false), + PathType: ptr.To(gatewayv1.PathMatchPathPrefix), + }, + ConfigMap: &PartialCreatable{ + Create: ptr.To(true), + }, + }, + }, { name: "autoscaling disabled", values: PartialRenderValues{ diff --git a/charts/console/rendervalues.go b/charts/console/rendervalues.go index a789e8444..1a0f24b58 100644 --- a/charts/console/rendervalues.go +++ b/charts/console/rendervalues.go @@ -15,6 +15,7 @@ import ( appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" networkingv1 "k8s.io/api/networking/v1" + gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" ) type RenderValues struct { @@ -33,6 +34,7 @@ type RenderValues struct { SecurityContext corev1.SecurityContext `json:"securityContext" partial:"builtin"` Service ServiceConfig `json:"service"` Ingress IngressConfig `json:"ingress"` + Gateway GatewayConfig `json:"gateway"` Resources corev1.ResourceRequirements `json:"resources"` Autoscaling AutoScaling `json:"autoscaling"` NodeSelector map[string]string `json:"nodeSelector"` @@ -103,6 +105,21 @@ type IngressPath struct { PathType *networkingv1.PathType `json:"pathType"` } +type GatewayConfig struct { + Enabled bool `json:"enabled"` + Annotations map[string]string `json:"annotations"` + ParentRefs []GatewayParentReference `json:"parentRefs"` + Hostnames []string `json:"hostnames"` + Path string `json:"path"` + PathType *gatewayv1.PathMatchType `json:"pathType,omitempty"` +} + +type GatewayParentReference struct { + Name string `json:"name"` + Namespace *string `json:"namespace,omitempty"` + SectionName *gatewayv1.SectionName `json:"sectionName,omitempty"` +} + type AutoScaling struct { Enabled bool `json:"enabled"` MinReplicas int32 `json:"minReplicas"` diff --git a/charts/console/rendervalues_partial.gen.go b/charts/console/rendervalues_partial.gen.go index 261cdcfc4..de7dd4571 100644 --- a/charts/console/rendervalues_partial.gen.go +++ b/charts/console/rendervalues_partial.gen.go @@ -19,6 +19,7 @@ import ( corev1 "k8s.io/api/core/v1" networkingv1 "k8s.io/api/networking/v1" applycorev1 "k8s.io/client-go/applyconfigurations/core/v1" + gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" ) type PartialRenderValues struct { @@ -37,6 +38,7 @@ type PartialRenderValues struct { SecurityContext *applycorev1.SecurityContextApplyConfiguration "json:\"securityContext,omitempty\"" Service *PartialServiceConfig "json:\"service,omitempty\"" Ingress *PartialIngressConfig "json:\"ingress,omitempty\"" + Gateway *PartialGatewayConfig "json:\"gateway,omitempty\"" Resources *corev1.ResourceRequirements "json:\"resources,omitempty\"" Autoscaling *PartialAutoScaling "json:\"autoscaling,omitempty\"" NodeSelector map[string]string "json:\"nodeSelector,omitempty\"" @@ -93,6 +95,15 @@ type PartialIngressConfig struct { TLS []networkingv1.IngressTLS "json:\"tls,omitempty\"" } +type PartialGatewayConfig struct { + Enabled *bool "json:\"enabled,omitempty\"" + Annotations map[string]string "json:\"annotations,omitempty\"" + ParentRefs []PartialGatewayParentReference "json:\"parentRefs,omitempty\"" + Hostnames []string "json:\"hostnames,omitempty\"" + Path *string "json:\"path,omitempty\"" + PathType *gatewayv1.PathMatchType "json:\"pathType,omitempty\"" +} + type PartialAutoScaling struct { Enabled *bool "json:\"enabled,omitempty\"" MinReplicas *int32 "json:\"minReplicas,omitempty\"" @@ -174,6 +185,12 @@ type PartialIngressHost struct { Paths []PartialIngressPath "json:\"paths,omitempty\"" } +type PartialGatewayParentReference struct { + Name *string "json:\"name,omitempty\"" + Namespace *string "json:\"namespace,omitempty\"" + SectionName *gatewayv1.SectionName "json:\"sectionName,omitempty\"" +} + type PartialOIDCLoginSecrets struct { ClientSecret *string "json:\"clientSecret,omitempty\"" } From 1a618df6a856d0316e32995343d3b8b7978e9f9a Mon Sep 17 00:00:00 2001 From: Michael Lechner Date: Mon, 16 Mar 2026 17:54:33 +0100 Subject: [PATCH 02/16] add support for enabling ingress and gateway in console helm chart --- charts/console/chart/notes.go | 12 +- .../console/chart/templates/_chart.notes.tpl | 13 +- .../testdata/template-cases.golden.txtar | 247 ++++++++++++++++++ .../chart/testdata/template-cases.txtar | 27 ++ 4 files changed, 293 insertions(+), 6 deletions(-) diff --git a/charts/console/chart/notes.go b/charts/console/chart/notes.go index 268e426f8..d6f768f7e 100644 --- a/charts/console/chart/notes.go +++ b/charts/console/chart/notes.go @@ -25,7 +25,9 @@ func Notes(dot *helmette.Dot) []string { for _, hostname := range values.Gateway.Hostnames { commands = append(commands, fmt.Sprintf("http://%s%s", hostname, values.Gateway.Path)) } - } else if values.Ingress.Enabled { + } + + if values.Ingress.Enabled { scheme := "http" if len(values.Ingress.TLS) > 0 { scheme = "https" @@ -35,7 +37,13 @@ func Notes(dot *helmette.Dot) []string { commands = append(commands, fmt.Sprintf("%s://%s%s", scheme, host.Host, path.Path)) } } - } else if helmette.Contains("NodePort", string(values.Service.Type)) { + } + + if len(commands) > 1 { + return commands + } + + if helmette.Contains("NodePort", string(values.Service.Type)) { commands = append( commands, fmt.Sprintf(` export NODE_PORT=$(kubectl get --namespace %s -o jsonpath="{.spec.ports[0].nodePort}" services %s)`, dot.Release.Namespace, Fullname(dot)), diff --git a/charts/console/chart/templates/_chart.notes.tpl b/charts/console/chart/templates/_chart.notes.tpl index da92b58e5..acbf068e4 100644 --- a/charts/console/chart/templates/_chart.notes.tpl +++ b/charts/console/chart/templates/_chart.notes.tpl @@ -14,7 +14,8 @@ {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- else -}}{{- if $values.ingress.enabled -}} +{{- end -}} +{{- if $values.ingress.enabled -}} {{- $scheme := "http" -}} {{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.ingress.tls)))) "r") | int) (0 | int)) -}} {{- $scheme = "https" -}} @@ -30,7 +31,13 @@ {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- else -}}{{- if (contains "NodePort" (toString $values.service.type)) -}} +{{- end -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $commands)))) "r") | int) (1 | int)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $commands) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (contains "NodePort" (toString $values.service.type)) -}} {{- $commands = (concat (default (list) $commands) (list (printf ` export NODE_PORT=$(kubectl get --namespace %s -o jsonpath="{.spec.ports[0].nodePort}" services %s)` $dot.Release.Namespace (get (fromJson (include "chart.Fullname" (dict "a" (list $dot)))) "r")) (printf ` export NODE_IP=$(kubectl get nodes --namespace %s -o jsonpath="{.items[0].status.addresses[0].address}")` $dot.Release.Namespace) " echo http://$NODE_IP:$NODE_PORT")) -}} {{- else -}}{{- if (contains "NodePort" (toString $values.service.type)) -}} {{- $commands = (concat (default (list) $commands) (list ` NOTE: It may take a few minutes for the LoadBalancer IP to be available.` (printf ` You can watch the status of by running 'kubectl get --namespace %s svc -w %s'` $dot.Release.Namespace (get (fromJson (include "chart.Fullname" (dict "a" (list $dot)))) "r")) (printf ` export SERVICE_IP=$(kubectl get svc --namespace %s %s --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")` $dot.Release.Namespace (get (fromJson (include "chart.Fullname" (dict "a" (list $dot)))) "r")) (printf ` echo http://$SERVICE_IP:%d` ($values.service.port | int)))) -}} @@ -39,8 +46,6 @@ {{- end -}} {{- end -}} {{- end -}} -{{- end -}} -{{- end -}} {{- $_is_returning = true -}} {{- (dict "r" $commands) | toJson -}} {{- break -}} diff --git a/charts/console/chart/testdata/template-cases.golden.txtar b/charts/console/chart/testdata/template-cases.golden.txtar index bf2f502eb..2482257c0 100644 --- a/charts/console/chart/testdata/template-cases.golden.txtar +++ b/charts/console/chart/testdata/template-cases.golden.txtar @@ -23452,3 +23452,250 @@ spec: - path: type: PathPrefix value: / +-- testdata/ingress-and-gateway-templating.yaml.golden -- +--- +# Source: console/templates/entry-point.yaml +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: console + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: console + namespace: test-namespace +--- +# Source: console/templates/entry-point.yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: console + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: console + namespace: test-namespace +stringData: + authentication-jwt-signingkey: SECRETKEY + authentication-oidc-client-secret: "" + kafka-sasl-aws-msk-iam-secret-key: "" + kafka-sasl-password: "" + kafka-tls-ca: "" + kafka-tls-cert: "" + kafka-tls-key: "" + license: "" + redpanda-admin-api-password: "" + redpanda-admin-api-tls-ca: "" + redpanda-admin-api-tls-cert: "" + redpanda-admin-api-tls-key: "" + schema-registry-bearertoken: "" + schema-registry-password: "" + schemaregistry-tls-ca: "" + schemaregistry-tls-cert: "" + schemaregistry-tls-key: "" + serde-protobuf-git-basicauth-password: "" +type: Opaque +--- +# Source: console/templates/entry-point.yaml +apiVersion: v1 +data: + config.yaml: | + # from .Values.config + {} +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: console + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: console + namespace: test-namespace +--- +# Source: console/templates/entry-point.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: console + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: console + namespace: test-namespace +spec: + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: 0 + selector: + app.kubernetes.io/instance: console + app.kubernetes.io/name: console + type: ClusterIP +--- +# Source: console/templates/entry-point.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: console + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: console + namespace: test-namespace +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: console + app.kubernetes.io/name: console + strategy: {} + template: + metadata: + annotations: + checksum/config: 28d978af90a43439edaee767a120fd85a15f923d1977979170de19b9e74c5895 + labels: + app.kubernetes.io/instance: console + app.kubernetes.io/name: console + spec: + affinity: {} + automountServiceAccountToken: false + containers: + - args: + - --config.filepath=/etc/console/configs/config.yaml + command: null + env: + - name: AUTHENTICATION_JWTSIGNINGKEY + valueFrom: + secretKeyRef: + key: authentication-jwt-signingkey + name: console + envFrom: [] + image: docker.redpanda.com/redpandadata/console:v3.3.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /admin/health + port: http + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: console + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /admin/health + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: {} + securityContext: + runAsNonRoot: true + volumeMounts: + - mountPath: /etc/console/configs + name: configs + readOnly: true + - mountPath: /etc/console/secrets + name: secrets + readOnly: true + imagePullSecrets: [] + initContainers: null + nodeSelector: {} + priorityClassName: "" + securityContext: + fsGroup: 99 + fsGroupChangePolicy: Always + runAsUser: 99 + serviceAccountName: console + tolerations: [] + topologySpreadConstraints: [] + volumes: + - configMap: + name: console + name: configs + - name: secrets + secret: + secretName: console +--- +# Source: console/templates/entry-point.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + ingress: test + labels: + app.kubernetes.io/instance: console + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: console + namespace: test-namespace +spec: + ingressClassName: null + rules: + - host: '"a-host"' + http: + paths: + - backend: + service: + name: console + port: + number: 8080 + path: / + pathType: Exact + tls: + - hosts: + - '"blah"' + secretName: my-secret +--- +# Source: console/templates/entry-point.yaml +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + annotations: + gateway: test + labels: + app.kubernetes.io/instance: console + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: console + namespace: test-namespace +spec: + hostnames: + - '"console.example.local"' + parentRefs: + - name: '"public-gateway"' + namespace: '"networking"' + sectionName: '"http"' + rules: + - backendRefs: + - name: console + port: 8080 + matches: + - path: + type: PathPrefix + value: / diff --git a/charts/console/chart/testdata/template-cases.txtar b/charts/console/chart/testdata/template-cases.txtar index dcb1f2552..92fd0ab4e 100644 --- a/charts/console/chart/testdata/template-cases.txtar +++ b/charts/console/chart/testdata/template-cases.txtar @@ -80,6 +80,33 @@ gateway: path: '{{ "/" }}' pathType: PathPrefix +-- ingress-and-gateway-templating -- +ingress: + enabled: true + annotations: + ingress: test + hosts: + - host: '{{ "a-host" | quote }}' + paths: + - path: / + pathType: Exact + tls: + - secretName: my-secret + hosts: + - '{{ "blah" | quote }}' +gateway: + enabled: true + annotations: + gateway: test + parentRefs: + - name: '{{ "public-gateway" | quote }}' + namespace: '{{ "networking" | quote }}' + sectionName: '{{ "http" | quote }}' + hostnames: + - '{{ "console.example.local" | quote }}' + path: '{{ "/" }}' + pathType: PathPrefix + -- no-registry -- image: registry: "" From cd81d5cc114f622688182a114cf5f2763a10d748 Mon Sep 17 00:00:00 2001 From: david-yu Date: Fri, 20 Mar 2026 12:38:34 -0700 Subject: [PATCH 03/16] operator: add Gateway API (HTTPRoute) support to Console CRD - Add GatewayConfig and GatewayParentReference types to console_types.go - Add Gateway field to ConsoleValues and RedpandaConsole structs - Add RBAC permission for gateway.networking.k8s.io/httproutes - Register gatewayv1 types in V2 scheme - Bump sigs.k8s.io/gateway-api from v1.4.1 to v1.5.1 - Regenerate deepcopy and goverter conversion code Co-Authored-By: Claude Opus 4.6 (1M context) --- .../api/redpanda/v1alpha2/console_types.go | 19 ++++ operator/api/redpanda/v1alpha2/conversion.go | 1 + .../v1alpha2/redpanda_clusterspec_types.go | 3 + .../v1alpha2/zz_generated.conversion.go | 73 ++++++++++++-- .../v1alpha2/zz_generated.deepcopy.go | 94 +++++++++++++++++-- operator/go.mod | 8 +- operator/go.sum | 16 ++-- .../internal/controller/console/controller.go | 1 + operator/internal/controller/scheme.go | 2 + 9 files changed, 189 insertions(+), 28 deletions(-) diff --git a/operator/api/redpanda/v1alpha2/console_types.go b/operator/api/redpanda/v1alpha2/console_types.go index 0f1c328ff..2239d2edc 100644 --- a/operator/api/redpanda/v1alpha2/console_types.go +++ b/operator/api/redpanda/v1alpha2/console_types.go @@ -20,6 +20,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" applycorev1 "k8s.io/client-go/applyconfigurations/core/v1" "k8s.io/utils/ptr" + gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" "github.com/redpanda-data/redpanda-operator/charts/console/v3" "github.com/redpanda-data/redpanda-operator/operator/pkg/functional" @@ -108,6 +109,7 @@ type ConsoleValues struct { SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty"` Service *ServiceConfig `json:"service,omitempty"` Ingress *IngressConfig `json:"ingress,omitempty"` + Gateway *GatewayConfig `json:"gateway,omitempty"` Resources *corev1.ResourceRequirements `json:"resources,omitempty"` Autoscaling *AutoScaling `json:"autoscaling,omitempty"` NodeSelector map[string]string `json:"nodeSelector,omitempty"` @@ -195,6 +197,23 @@ type IngressPath struct { PathType *networkingv1.PathType `json:"pathType,omitempty"` } +// GatewayConfig configures a Gateway API HTTPRoute for Console. +type GatewayConfig struct { + Enabled *bool `json:"enabled,omitempty"` + Annotations map[string]string `json:"annotations,omitempty"` + ParentRefs []GatewayParentReference `json:"parentRefs,omitempty"` + Hostnames []string `json:"hostnames,omitempty"` + Path *string `json:"path,omitempty"` + PathType *gatewayv1.PathMatchType `json:"pathType,omitempty"` +} + +// GatewayParentReference identifies a parent Gateway for the HTTPRoute. +type GatewayParentReference struct { + Name string `json:"name"` + Namespace *string `json:"namespace,omitempty"` + SectionName *gatewayv1.SectionName `json:"sectionName,omitempty"` +} + type SecretMount struct { Name string `json:"name,omitempty"` SecretName string `json:"secretName,omitempty"` diff --git a/operator/api/redpanda/v1alpha2/conversion.go b/operator/api/redpanda/v1alpha2/conversion.go index ab64c9b0c..cfa892684 100644 --- a/operator/api/redpanda/v1alpha2/conversion.go +++ b/operator/api/redpanda/v1alpha2/conversion.go @@ -279,6 +279,7 @@ var ( conv_runtime_RawExtension_To_ServiceAccountConfig = convertRuntimeRawExtension[*ServiceAccountConfig] conv_runtime_RawExtension_To_Service = convertRuntimeRawExtension[*ServiceConfig] conv_runtime_RawExtension_To_Ingress = convertRuntimeRawExtension[*IngressConfig] + conv_runtime_RawExtension_To_Gateway = convertRuntimeRawExtension[*GatewayConfig] conv_runtime_RawExtension_To_Autoscaling = convertRuntimeRawExtension[*AutoScaling] conv_runtime_RawExtension_To_SecretMounts = convertRuntimeRawExtension[SecretMount] conv_runtime_RawExtension_To_Secret = convertRuntimeRawExtension[SecretConfig] diff --git a/operator/api/redpanda/v1alpha2/redpanda_clusterspec_types.go b/operator/api/redpanda/v1alpha2/redpanda_clusterspec_types.go index 876cd053a..0813652c8 100644 --- a/operator/api/redpanda/v1alpha2/redpanda_clusterspec_types.go +++ b/operator/api/redpanda/v1alpha2/redpanda_clusterspec_types.go @@ -238,6 +238,9 @@ type RedpandaConsole struct { // Configures the Kubernetes Ingress resource for Redpanda Console. Ingress *runtime.RawExtension `json:"ingress,omitempty"` // +kubebuilder:pruning:PreserveUnknownFields + // Configures a Gateway API HTTPRoute for Redpanda Console. + Gateway *runtime.RawExtension `json:"gateway,omitempty"` + // +kubebuilder:pruning:PreserveUnknownFields // Configures resource requests and limits for the Pods that run Redpanda Console. Resources *runtime.RawExtension `json:"resources,omitempty"` // +kubebuilder:pruning:PreserveUnknownFields diff --git a/operator/api/redpanda/v1alpha2/zz_generated.conversion.go b/operator/api/redpanda/v1alpha2/zz_generated.conversion.go index b4d424898..e3de4f804 100644 --- a/operator/api/redpanda/v1alpha2/zz_generated.conversion.go +++ b/operator/api/redpanda/v1alpha2/zz_generated.conversion.go @@ -4,15 +4,16 @@ package v1alpha2 import ( - v15 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + v16 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" v3 "github.com/redpanda-data/redpanda-operator/charts/console/v3" ir "github.com/redpanda-data/redpanda-operator/pkg/ir" v12 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" - v14 "k8s.io/api/networking/v1" + v15 "k8s.io/api/networking/v1" v13 "k8s.io/apimachinery/pkg/apis/meta/v1" intstr "k8s.io/apimachinery/pkg/util/intstr" v11 "k8s.io/client-go/applyconfigurations/core/v1" + v14 "sigs.k8s.io/gateway-api/apis/v1" ) func init() { @@ -80,6 +81,7 @@ func init() { consolePartialRenderValues.SecurityContext = pV1SecurityContextToPV1SecurityContextApplyConfiguration((*source).SecurityContext) consolePartialRenderValues.Service = pV1alpha2ServiceConfigToPConsolePartialServiceConfig((*source).Service) consolePartialRenderValues.Ingress = pV1alpha2IngressConfigToPConsolePartialIngressConfig((*source).Ingress) + consolePartialRenderValues.Gateway = pV1alpha2GatewayConfigToPConsolePartialGatewayConfig((*source).Gateway) consolePartialRenderValues.Resources = pV1ResourceRequirementsToPV1ResourceRequirements((*source).Resources) consolePartialRenderValues.Autoscaling = pV1alpha2AutoScalingToPConsolePartialAutoScaling((*source).Autoscaling) if (*source).NodeSelector != nil { @@ -307,6 +309,11 @@ func init() { return nil, err } v1alpha2ConsoleValues.Ingress = pV1alpha2IngressConfig + pV1alpha2GatewayConfig, err := conv_runtime_RawExtension_To_Gateway((*source).Gateway) + if err != nil { + return nil, err + } + v1alpha2ConsoleValues.Gateway = pV1alpha2GatewayConfig pV1ResourceRequirements, err := conv_runtime_RawExtension_To_corev1_Resources((*source).Resources) if err != nil { return nil, err @@ -1154,6 +1161,44 @@ func pV1alpha2ExternalSecretKeySelectorToPIrExternalSecretKeySelector(source *Ex } return pIrExternalSecretKeySelector } +func pV1alpha2GatewayConfigToPConsolePartialGatewayConfig(source *GatewayConfig) *v3.PartialGatewayConfig { + var pConsolePartialGatewayConfig *v3.PartialGatewayConfig + if source != nil { + var consolePartialGatewayConfig v3.PartialGatewayConfig + if (*source).Enabled != nil { + xbool := *(*source).Enabled + consolePartialGatewayConfig.Enabled = &xbool + } + if (*source).Annotations != nil { + consolePartialGatewayConfig.Annotations = make(map[string]string, len((*source).Annotations)) + for key, value := range (*source).Annotations { + consolePartialGatewayConfig.Annotations[key] = value + } + } + if (*source).ParentRefs != nil { + consolePartialGatewayConfig.ParentRefs = make([]v3.PartialGatewayParentReference, len((*source).ParentRefs)) + for i := 0; i < len((*source).ParentRefs); i++ { + consolePartialGatewayConfig.ParentRefs[i] = v1alpha2GatewayParentReferenceToConsolePartialGatewayParentReference((*source).ParentRefs[i]) + } + } + if (*source).Hostnames != nil { + consolePartialGatewayConfig.Hostnames = make([]string, len((*source).Hostnames)) + for j := 0; j < len((*source).Hostnames); j++ { + consolePartialGatewayConfig.Hostnames[j] = (*source).Hostnames[j] + } + } + if (*source).Path != nil { + xstring := *(*source).Path + consolePartialGatewayConfig.Path = &xstring + } + if (*source).PathType != nil { + v1PathMatchType := v14.PathMatchType(*(*source).PathType) + consolePartialGatewayConfig.PathType = &v1PathMatchType + } + pConsolePartialGatewayConfig = &consolePartialGatewayConfig + } + return pConsolePartialGatewayConfig +} func pV1alpha2ImageToPConsolePartialImage(source *Image) *v3.PartialImage { var pConsolePartialImage *v3.PartialImage if source != nil { @@ -1203,7 +1248,7 @@ func pV1alpha2IngressConfigToPConsolePartialIngressConfig(source *IngressConfig) } } if (*source).TLS != nil { - consolePartialIngressConfig.TLS = make([]v14.IngressTLS, len((*source).TLS)) + consolePartialIngressConfig.TLS = make([]v15.IngressTLS, len((*source).TLS)) for j := 0; j < len((*source).TLS); j++ { consolePartialIngressConfig.TLS[j] = v1IngressTLSToV1IngressTLS((*source).TLS[j]) } @@ -1253,7 +1298,7 @@ func pV1alpha2MonitoringConfigToPConsolePartialMonitoringConfig(source *Monitori consolePartialMonitoringConfig.Enabled = &xbool } if (*source).ScrapeInterval != nil { - v1Duration := v15.Duration(*(*source).ScrapeInterval) + v1Duration := v16.Duration(*(*source).ScrapeInterval) consolePartialMonitoringConfig.ScrapeInterval = &v1Duration } if (*source).Labels != nil { @@ -1520,8 +1565,8 @@ func v1HTTPHeaderToV1HTTPHeader(source v1.HTTPHeader) v1.HTTPHeader { v1HTTPHeader.Value = source.Value return v1HTTPHeader } -func v1IngressTLSToV1IngressTLS(source v14.IngressTLS) v14.IngressTLS { - var v1IngressTLS v14.IngressTLS +func v1IngressTLSToV1IngressTLS(source v15.IngressTLS) v15.IngressTLS { + var v1IngressTLS v15.IngressTLS if source.Hosts != nil { v1IngressTLS.Hosts = make([]string, len(source.Hosts)) for i := 0; i < len(source.Hosts); i++ { @@ -1696,6 +1741,20 @@ func v1WeightedPodAffinityTermToV1WeightedPodAffinityTerm(source v1.WeightedPodA v1WeightedPodAffinityTerm.PodAffinityTerm = v1PodAffinityTermToV1PodAffinityTerm(source.PodAffinityTerm) return v1WeightedPodAffinityTerm } +func v1alpha2GatewayParentReferenceToConsolePartialGatewayParentReference(source GatewayParentReference) v3.PartialGatewayParentReference { + var consolePartialGatewayParentReference v3.PartialGatewayParentReference + pString := source.Name + consolePartialGatewayParentReference.Name = &pString + if source.Namespace != nil { + xstring := *source.Namespace + consolePartialGatewayParentReference.Namespace = &xstring + } + if source.SectionName != nil { + v1SectionName := v14.SectionName(*source.SectionName) + consolePartialGatewayParentReference.SectionName = &v1SectionName + } + return consolePartialGatewayParentReference +} func v1alpha2IngressHostToConsolePartialIngressHost(source IngressHost) v3.PartialIngressHost { var consolePartialIngressHost v3.PartialIngressHost pString := source.Host @@ -1713,7 +1772,7 @@ func v1alpha2IngressPathToConsolePartialIngressPath(source IngressPath) v3.Parti pString := source.Path consolePartialIngressPath.Path = &pString if source.PathType != nil { - v1PathType := v14.PathType(*source.PathType) + v1PathType := v15.PathType(*source.PathType) consolePartialIngressPath.PathType = &v1PathType } return consolePartialIngressPath diff --git a/operator/api/redpanda/v1alpha2/zz_generated.deepcopy.go b/operator/api/redpanda/v1alpha2/zz_generated.deepcopy.go index 2fc7a9c4f..a4631d9a6 100644 --- a/operator/api/redpanda/v1alpha2/zz_generated.deepcopy.go +++ b/operator/api/redpanda/v1alpha2/zz_generated.deepcopy.go @@ -1,14 +1,5 @@ //go:build !ignore_autogenerated -// Copyright 2026 Redpanda Data, Inc. -// -// Use of this software is governed by the Business Source License -// included in the file licenses/BSL.md -// -// As of the Change Date specified in that file, in accordance with -// the Business Source License, use of this software will be governed -// by the Apache License, Version 2.0 - // Code generated by controller-gen. DO NOT EDIT. package v1alpha2 @@ -22,6 +13,7 @@ import ( "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + apisv1 "sigs.k8s.io/gateway-api/apis/v1" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. @@ -1098,6 +1090,11 @@ func (in *ConsoleValues) DeepCopyInto(out *ConsoleValues) { *out = new(IngressConfig) (*in).DeepCopyInto(*out) } + if in.Gateway != nil { + in, out := &in.Gateway, &out.Gateway + *out = new(GatewayConfig) + (*in).DeepCopyInto(*out) + } if in.Resources != nil { in, out := &in.Resources, &out.Resources *out = new(v1.ResourceRequirements) @@ -1648,6 +1645,80 @@ func (in *FsValidator) DeepCopy() *FsValidator { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayConfig) DeepCopyInto(out *GatewayConfig) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.ParentRefs != nil { + in, out := &in.ParentRefs, &out.ParentRefs + *out = make([]GatewayParentReference, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Hostnames != nil { + in, out := &in.Hostnames, &out.Hostnames + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.PathType != nil { + in, out := &in.PathType, &out.PathType + *out = new(apisv1.PathMatchType) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfig. +func (in *GatewayConfig) DeepCopy() *GatewayConfig { + if in == nil { + return nil + } + out := new(GatewayConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayParentReference) DeepCopyInto(out *GatewayParentReference) { + *out = *in + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(string) + **out = **in + } + if in.SectionName != nil { + in, out := &in.SectionName, &out.SectionName + *out = new(apisv1.SectionName) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayParentReference. +func (in *GatewayParentReference) DeepCopy() *GatewayParentReference { + if in == nil { + return nil + } + out := new(GatewayParentReference) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Group) DeepCopyInto(out *Group) { *out = *in @@ -3736,6 +3807,11 @@ func (in *RedpandaConsole) DeepCopyInto(out *RedpandaConsole) { *out = new(runtime.RawExtension) (*in).DeepCopyInto(*out) } + if in.Gateway != nil { + in, out := &in.Gateway, &out.Gateway + *out = new(runtime.RawExtension) + (*in).DeepCopyInto(*out) + } if in.Resources != nil { in, out := &in.Resources, &out.Resources *out = new(runtime.RawExtension) diff --git a/operator/go.mod b/operator/go.mod index d58dda6f2..0e6f26f65 100644 --- a/operator/go.mod +++ b/operator/go.mod @@ -19,8 +19,8 @@ require ( github.com/json-iterator/go v1.1.12 github.com/moby/moby v24.0.7+incompatible github.com/moby/sys/mountinfo v0.7.2 - github.com/onsi/ginkgo/v2 v2.27.2 - github.com/onsi/gomega v1.38.2 + github.com/onsi/ginkgo/v2 v2.28.0 + github.com/onsi/gomega v1.39.1 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.89.0 github.com/prometheus/client_golang v1.23.2 github.com/prometheus/common v0.67.5 @@ -68,6 +68,7 @@ require ( k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 pgregory.net/rapid v1.1.0 sigs.k8s.io/controller-runtime v0.23.1 + sigs.k8s.io/gateway-api v1.5.1 sigs.k8s.io/multicluster-runtime v0.23.1 sigs.k8s.io/yaml v1.6.0 ) @@ -193,7 +194,7 @@ require ( github.com/google/cel-go v0.27.0 // indirect github.com/google/gnostic-models v0.7.1 // indirect github.com/google/go-cmp v0.7.0 // indirect - github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8 // indirect + github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 // indirect github.com/google/s2a-go v0.1.9 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect @@ -353,7 +354,6 @@ require ( k8s.io/kube-openapi v0.0.0-20260127142750-a19766b6e2d4 // indirect oras.land/oras-go/v2 v2.6.0 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 // indirect - sigs.k8s.io/gateway-api v1.4.1 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/kustomize/api v0.20.1 // indirect sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect diff --git a/operator/go.sum b/operator/go.sum index 805107318..f720fb61d 100644 --- a/operator/go.sum +++ b/operator/go.sum @@ -335,8 +335,8 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8 h1:3DsUAV+VNEQa2CUVLxCY3f87278uWfIDhJnbdvDjvmE= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -549,10 +549,10 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns= -github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= -github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= -github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= +github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/ginkgo/v2 v2.28.0/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= +github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= +github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -954,8 +954,8 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 h1:hSfpvjjTQXQY2 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= -sigs.k8s.io/gateway-api v1.4.1 h1:NPxFutNkKNa8UfLd2CMlEuhIPMQgDQ6DXNKG9sHbJU8= -sigs.k8s.io/gateway-api v1.4.1/go.mod h1:AR5RSqciWP98OPckEjOjh2XJhAe2Na4LHyXD2FUY7Qk= +sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= +sigs.k8s.io/gateway-api v1.5.1/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= diff --git a/operator/internal/controller/console/controller.go b/operator/internal/controller/console/controller.go index ec65be39e..cf69ce592 100644 --- a/operator/internal/controller/console/controller.go +++ b/operator/internal/controller/console/controller.go @@ -56,6 +56,7 @@ const ( // +kubebuilder:rbac:groups=cluster.redpanda.com,resources=consoles/status,verbs=get;update;patch // +kubebuilder:rbac:groups=autoscaling,resources=horizontalpodautoscalers,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=httproutes,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=core,resources=configmaps;secrets;services;serviceaccounts,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups="monitoring.coreos.com",resources=servicemonitors,verbs=get;list;watch;create;update;patch;delete diff --git a/operator/internal/controller/scheme.go b/operator/internal/controller/scheme.go index c3ec1f685..5fd04c3fc 100644 --- a/operator/internal/controller/scheme.go +++ b/operator/internal/controller/scheme.go @@ -16,6 +16,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" + gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" redpandav1alpha1 "github.com/redpanda-data/redpanda-operator/operator/api/redpanda/v1alpha1" redpandav1alpha2 "github.com/redpanda-data/redpanda-operator/operator/api/redpanda/v1alpha2" @@ -34,6 +35,7 @@ var ( certmanagerv1.AddToScheme, clientgoscheme.AddToScheme, monitoringv1.AddToScheme, + gatewayv1.Install, redpandav1alpha1.Install, redpandav1alpha2.Install, } From 19ee42d6ddd444cecf607c256fb014a88017633c Mon Sep 17 00:00:00 2001 From: david-yu Date: Fri, 20 Mar 2026 12:50:57 -0700 Subject: [PATCH 04/16] console: enforce mutual exclusion between gateway and ingress - Add validation in NewRenderState to reject both gateway and ingress enabled - Update notes.go to use else-if for gateway vs ingress - Remove ingress-and-gateway-templating test case (no longer valid) - Add TestIngressGatewayMutualExclusion test - Add TestGatewayRemoval tests (config removal, explicit disable, switch) - Add changelog entries for console chart and operator Co-Authored-By: Claude Opus 4.6 (1M context) --- .../charts-console-Added-20260320-180000.yaml | 4 + .../operator-Added-20260320-180000.yaml | 4 + charts/console/chart/notes.go | 4 +- .../testdata/template-cases.golden.txtar | 247 ------------------ .../chart/testdata/template-cases.txtar | 27 -- charts/console/render.go | 4 + charts/console/render_test.go | 150 ++++++++++- 7 files changed, 149 insertions(+), 291 deletions(-) create mode 100644 .changes/unreleased/charts-console-Added-20260320-180000.yaml create mode 100644 .changes/unreleased/operator-Added-20260320-180000.yaml diff --git a/.changes/unreleased/charts-console-Added-20260320-180000.yaml b/.changes/unreleased/charts-console-Added-20260320-180000.yaml new file mode 100644 index 000000000..fd9341c40 --- /dev/null +++ b/.changes/unreleased/charts-console-Added-20260320-180000.yaml @@ -0,0 +1,4 @@ +project: charts/console +kind: Added +body: Add Gateway API (HTTPRoute) support as an alternative to Ingress for exposing Console. Only one of gateway or ingress may be enabled at a time. +time: 2026-03-20T18:00:00.000000-05:00 diff --git a/.changes/unreleased/operator-Added-20260320-180000.yaml b/.changes/unreleased/operator-Added-20260320-180000.yaml new file mode 100644 index 000000000..5a1511714 --- /dev/null +++ b/.changes/unreleased/operator-Added-20260320-180000.yaml @@ -0,0 +1,4 @@ +project: operator +kind: Added +body: Add Gateway API (HTTPRoute) support to Console CRD, allowing Console to be exposed via Gateway API controllers as an alternative to Ingress. Bumps sigs.k8s.io/gateway-api to v1.5.1. +time: 2026-03-20T18:00:00.000000-05:00 diff --git a/charts/console/chart/notes.go b/charts/console/chart/notes.go index d6f768f7e..93aa76b3e 100644 --- a/charts/console/chart/notes.go +++ b/charts/console/chart/notes.go @@ -25,9 +25,7 @@ func Notes(dot *helmette.Dot) []string { for _, hostname := range values.Gateway.Hostnames { commands = append(commands, fmt.Sprintf("http://%s%s", hostname, values.Gateway.Path)) } - } - - if values.Ingress.Enabled { + } else if values.Ingress.Enabled { scheme := "http" if len(values.Ingress.TLS) > 0 { scheme = "https" diff --git a/charts/console/chart/testdata/template-cases.golden.txtar b/charts/console/chart/testdata/template-cases.golden.txtar index 43f4a7c6d..6e36cd645 100644 --- a/charts/console/chart/testdata/template-cases.golden.txtar +++ b/charts/console/chart/testdata/template-cases.golden.txtar @@ -23868,250 +23868,3 @@ spec: - path: type: PathPrefix value: / --- testdata/ingress-and-gateway-templating.yaml.golden -- ---- -# Source: console/templates/entry-point.yaml -apiVersion: v1 -automountServiceAccountToken: false -kind: ServiceAccount -metadata: - annotations: {} - labels: - app.kubernetes.io/instance: console - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 - name: console - namespace: test-namespace ---- -# Source: console/templates/entry-point.yaml -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/instance: console - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 - name: console - namespace: test-namespace -stringData: - authentication-jwt-signingkey: SECRETKEY - authentication-oidc-client-secret: "" - kafka-sasl-aws-msk-iam-secret-key: "" - kafka-sasl-password: "" - kafka-tls-ca: "" - kafka-tls-cert: "" - kafka-tls-key: "" - license: "" - redpanda-admin-api-password: "" - redpanda-admin-api-tls-ca: "" - redpanda-admin-api-tls-cert: "" - redpanda-admin-api-tls-key: "" - schema-registry-bearertoken: "" - schema-registry-password: "" - schemaregistry-tls-ca: "" - schemaregistry-tls-cert: "" - schemaregistry-tls-key: "" - serde-protobuf-git-basicauth-password: "" -type: Opaque ---- -# Source: console/templates/entry-point.yaml -apiVersion: v1 -data: - config.yaml: | - # from .Values.config - {} -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: console - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 - name: console - namespace: test-namespace ---- -# Source: console/templates/entry-point.yaml -apiVersion: v1 -kind: Service -metadata: - annotations: {} - labels: - app.kubernetes.io/instance: console - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 - name: console - namespace: test-namespace -spec: - ports: - - name: http - port: 8080 - protocol: TCP - targetPort: 0 - selector: - app.kubernetes.io/instance: console - app.kubernetes.io/name: console - type: ClusterIP ---- -# Source: console/templates/entry-point.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: {} - labels: - app.kubernetes.io/instance: console - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 - name: console - namespace: test-namespace -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: console - app.kubernetes.io/name: console - strategy: {} - template: - metadata: - annotations: - checksum/config: 28d978af90a43439edaee767a120fd85a15f923d1977979170de19b9e74c5895 - labels: - app.kubernetes.io/instance: console - app.kubernetes.io/name: console - spec: - affinity: {} - automountServiceAccountToken: false - containers: - - args: - - --config.filepath=/etc/console/configs/config.yaml - command: null - env: - - name: AUTHENTICATION_JWTSIGNINGKEY - valueFrom: - secretKeyRef: - key: authentication-jwt-signingkey - name: console - envFrom: [] - image: docker.redpanda.com/redpandadata/console:v3.3.2 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /admin/health - port: http - initialDelaySeconds: 0 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: console - ports: - - containerPort: 8080 - name: http - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /admin/health - port: http - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: {} - securityContext: - runAsNonRoot: true - volumeMounts: - - mountPath: /etc/console/configs - name: configs - readOnly: true - - mountPath: /etc/console/secrets - name: secrets - readOnly: true - imagePullSecrets: [] - initContainers: null - nodeSelector: {} - priorityClassName: "" - securityContext: - fsGroup: 99 - fsGroupChangePolicy: Always - runAsUser: 99 - serviceAccountName: console - tolerations: [] - topologySpreadConstraints: [] - volumes: - - configMap: - name: console - name: configs - - name: secrets - secret: - secretName: console ---- -# Source: console/templates/entry-point.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - ingress: test - labels: - app.kubernetes.io/instance: console - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 - name: console - namespace: test-namespace -spec: - ingressClassName: null - rules: - - host: '"a-host"' - http: - paths: - - backend: - service: - name: console - port: - number: 8080 - path: / - pathType: Exact - tls: - - hosts: - - '"blah"' - secretName: my-secret ---- -# Source: console/templates/entry-point.yaml -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - annotations: - gateway: test - labels: - app.kubernetes.io/instance: console - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 - name: console - namespace: test-namespace -spec: - hostnames: - - '"console.example.local"' - parentRefs: - - name: '"public-gateway"' - namespace: '"networking"' - sectionName: '"http"' - rules: - - backendRefs: - - name: console - port: 8080 - matches: - - path: - type: PathPrefix - value: / diff --git a/charts/console/chart/testdata/template-cases.txtar b/charts/console/chart/testdata/template-cases.txtar index 92fd0ab4e..dcb1f2552 100644 --- a/charts/console/chart/testdata/template-cases.txtar +++ b/charts/console/chart/testdata/template-cases.txtar @@ -80,33 +80,6 @@ gateway: path: '{{ "/" }}' pathType: PathPrefix --- ingress-and-gateway-templating -- -ingress: - enabled: true - annotations: - ingress: test - hosts: - - host: '{{ "a-host" | quote }}' - paths: - - path: / - pathType: Exact - tls: - - secretName: my-secret - hosts: - - '{{ "blah" | quote }}' -gateway: - enabled: true - annotations: - gateway: test - parentRefs: - - name: '{{ "public-gateway" | quote }}' - namespace: '{{ "networking" | quote }}' - sectionName: '{{ "http" | quote }}' - hostnames: - - '{{ "console.example.local" | quote }}' - path: '{{ "/" }}' - pathType: PathPrefix - -- no-registry -- image: registry: "" diff --git a/charts/console/render.go b/charts/console/render.go index dca343494..ae3c5d550 100644 --- a/charts/console/render.go +++ b/charts/console/render.go @@ -105,6 +105,10 @@ func NewRenderState(namespace, name string, labels map[string]string, values Par return nil, errors.WithStack(err) } + if rv.Ingress.Enabled && rv.Gateway.Enabled { + return nil, errors.New("ingress and gateway cannot both be enabled; use one or the other") + } + return &RenderState{ Namespace: namespace, ReleaseName: name, diff --git a/charts/console/render_test.go b/charts/console/render_test.go index 30552c166..f4ba47a55 100644 --- a/charts/console/render_test.go +++ b/charts/console/render_test.go @@ -15,6 +15,7 @@ import ( "reflect" "testing" + "github.com/redpanda-data/common-go/kube" "github.com/stretchr/testify/require" networkingv1 "k8s.io/api/networking/v1" "k8s.io/utils/ptr" @@ -70,20 +71,6 @@ func TestTypes(t *testing.T) { Deployment: &PartialDeploymentConfig{ Create: ptr.To(true), }, - Ingress: &PartialIngressConfig{ - Enabled: ptr.To(true), - Hosts: []PartialIngressHost{ - { - Host: ptr.To("console.example.com"), - Paths: []PartialIngressPath{ - { - Path: ptr.To("/"), - PathType: ptr.To(networkingv1.PathTypePrefix), - }, - }, - }, - }, - }, Gateway: &PartialGatewayConfig{ Enabled: ptr.To(true), ParentRefs: []PartialGatewayParentReference{ @@ -160,3 +147,138 @@ func TestTypes(t *testing.T) { }) } } + +func TestIngressGatewayMutualExclusion(t *testing.T) { + _, err := NewRenderState("test-namespace", "test-release", nil, PartialRenderValues{ + Ingress: &PartialIngressConfig{ + Enabled: ptr.To(true), + Hosts: []PartialIngressHost{ + { + Host: ptr.To("console.example.com"), + Paths: []PartialIngressPath{ + { + Path: ptr.To("/"), + PathType: ptr.To(networkingv1.PathTypePrefix), + }, + }, + }, + }, + }, + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + ParentRefs: []PartialGatewayParentReference{ + { + Name: ptr.To("public-gateway"), + }, + }, + Hostnames: []string{"console.example.com"}, + }, + }) + require.Error(t, err) + require.Contains(t, err.Error(), "ingress and gateway cannot both be enabled") +} + +// isNonNil returns true if the kube.Object interface holds a non-nil pointer. +func isNonNil(obj kube.Object) bool { + return obj != nil && !reflect.ValueOf(obj).IsNil() +} + +func TestGatewayRemoval(t *testing.T) { + // Simulate the scenario where gateway was previously enabled and is now + // removed from the config. Console should render without errors and + // produce no HTTPRoute. + t.Run("gateway removed from config", func(t *testing.T) { + state, err := NewRenderState("test-namespace", "test-release", nil, PartialRenderValues{ + ConfigMap: &PartialCreatable{ + Create: ptr.To(true), + }, + // No gateway stanza at all - simulates removal + }) + require.NoError(t, err) + + for _, obj := range Render(state) { + if !isNonNil(obj) { + continue + } + _, isHTTPRoute := obj.(*gatewayv1.HTTPRoute) + require.False(t, isHTTPRoute, "HTTPRoute should not be rendered when gateway is not configured") + } + }) + + t.Run("gateway explicitly disabled", func(t *testing.T) { + state, err := NewRenderState("test-namespace", "test-release", nil, PartialRenderValues{ + ConfigMap: &PartialCreatable{ + Create: ptr.To(true), + }, + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(false), + }, + }) + require.NoError(t, err) + + for _, obj := range Render(state) { + if !isNonNil(obj) { + continue + } + _, isHTTPRoute := obj.(*gatewayv1.HTTPRoute) + require.False(t, isHTTPRoute, "HTTPRoute should not be rendered when gateway is disabled") + } + }) + + t.Run("switch from gateway to ingress", func(t *testing.T) { + // First render with gateway + state1, err := NewRenderState("test-namespace", "test-release", nil, PartialRenderValues{ + ConfigMap: &PartialCreatable{Create: ptr.To(true)}, + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"console.example.com"}, + ParentRefs: []PartialGatewayParentReference{ + {Name: ptr.To("my-gw")}, + }, + }, + }) + require.NoError(t, err) + + var hasHTTPRoute bool + for _, obj := range Render(state1) { + if !isNonNil(obj) { + continue + } + if _, ok := obj.(*gatewayv1.HTTPRoute); ok { + hasHTTPRoute = true + } + } + require.True(t, hasHTTPRoute, "first render should have HTTPRoute") + + // Now render with ingress instead (gateway removed) + state2, err := NewRenderState("test-namespace", "test-release", nil, PartialRenderValues{ + ConfigMap: &PartialCreatable{Create: ptr.To(true)}, + Ingress: &PartialIngressConfig{ + Enabled: ptr.To(true), + Hosts: []PartialIngressHost{ + { + Host: ptr.To("console.example.com"), + Paths: []PartialIngressPath{{Path: ptr.To("/"), PathType: ptr.To(networkingv1.PathTypePrefix)}}, + }, + }, + }, + }) + require.NoError(t, err) + + var hasIngress bool + hasHTTPRoute = false + for _, obj := range Render(state2) { + if !isNonNil(obj) { + continue + } + if _, ok := obj.(*gatewayv1.HTTPRoute); ok { + hasHTTPRoute = true + } + if _, ok := obj.(*networkingv1.Ingress); ok { + hasIngress = true + } + } + require.False(t, hasHTTPRoute, "second render should not have HTTPRoute") + require.True(t, hasIngress, "second render should have Ingress") + }) +} From b62df7b3aa8d5e4cecda4e2d6cda739dd6ad6cf9 Mon Sep 17 00:00:00 2001 From: david-yu Date: Fri, 20 Mar 2026 12:57:52 -0700 Subject: [PATCH 05/16] console: add tests for gateway config field changes Chart-level tests (TestGatewayConfigFields): - hostnames: set and change hostnames - path/pathType: set custom path, change path, default PathPrefix - annotations: set, change, verify old keys removed - parentRefs: all fields, name-only, multiple refs, change refs - backend service port derived from service config CRD-level tests (TestController): - gateway-enabled: Console CRD with gateway config renders HTTPRoute - gateway-custom-path: multiple hostnames, custom path, multiple parentRefs Co-Authored-By: Claude Opus 4.6 (1M context) --- charts/console/render_test.go | 288 ++++++++++++++++++ .../controller/console/controller_test.go | 47 +++ 2 files changed, 335 insertions(+) diff --git a/charts/console/render_test.go b/charts/console/render_test.go index f4ba47a55..8acbc6b41 100644 --- a/charts/console/render_test.go +++ b/charts/console/render_test.go @@ -178,6 +178,294 @@ func TestIngressGatewayMutualExclusion(t *testing.T) { require.Contains(t, err.Error(), "ingress and gateway cannot both be enabled") } +// findHTTPRoute extracts the rendered HTTPRoute from a Render output, or nil. +func findHTTPRoute(objs []kube.Object) *gatewayv1.HTTPRoute { + for _, obj := range objs { + if !isNonNil(obj) { + continue + } + if hr, ok := obj.(*gatewayv1.HTTPRoute); ok { + return hr + } + } + return nil +} + +func TestGatewayConfigFields(t *testing.T) { + t.Run("hostnames", func(t *testing.T) { + state, err := NewRenderState("ns", "rel", nil, PartialRenderValues{ + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"a.example.com", "b.example.com"}, + ParentRefs: []PartialGatewayParentReference{ + {Name: ptr.To("gw")}, + }, + }, + }) + require.NoError(t, err) + hr := findHTTPRoute(Render(state)) + require.NotNil(t, hr) + require.Equal(t, []gatewayv1.Hostname{"a.example.com", "b.example.com"}, hr.Spec.Hostnames) + }) + + t.Run("change hostnames", func(t *testing.T) { + // First config + state1, err := NewRenderState("ns", "rel", nil, PartialRenderValues{ + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"old.example.com"}, + ParentRefs: []PartialGatewayParentReference{ + {Name: ptr.To("gw")}, + }, + }, + }) + require.NoError(t, err) + hr1 := findHTTPRoute(Render(state1)) + require.NotNil(t, hr1) + require.Equal(t, []gatewayv1.Hostname{"old.example.com"}, hr1.Spec.Hostnames) + + // Updated config + state2, err := NewRenderState("ns", "rel", nil, PartialRenderValues{ + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"new.example.com", "also-new.example.com"}, + ParentRefs: []PartialGatewayParentReference{ + {Name: ptr.To("gw")}, + }, + }, + }) + require.NoError(t, err) + hr2 := findHTTPRoute(Render(state2)) + require.NotNil(t, hr2) + require.Equal(t, []gatewayv1.Hostname{"new.example.com", "also-new.example.com"}, hr2.Spec.Hostnames) + }) + + t.Run("path and pathType", func(t *testing.T) { + state, err := NewRenderState("ns", "rel", nil, PartialRenderValues{ + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"console.example.com"}, + Path: ptr.To("/api/v1"), + PathType: ptr.To(gatewayv1.PathMatchExact), + ParentRefs: []PartialGatewayParentReference{ + {Name: ptr.To("gw")}, + }, + }, + }) + require.NoError(t, err) + hr := findHTTPRoute(Render(state)) + require.NotNil(t, hr) + require.Len(t, hr.Spec.Rules, 1) + require.Len(t, hr.Spec.Rules[0].Matches, 1) + match := hr.Spec.Rules[0].Matches[0] + require.NotNil(t, match.Path) + require.Equal(t, gatewayv1.PathMatchExact, *match.Path.Type) + require.Equal(t, "/api/v1", *match.Path.Value) + }) + + t.Run("change path", func(t *testing.T) { + state1, err := NewRenderState("ns", "rel", nil, PartialRenderValues{ + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"console.example.com"}, + Path: ptr.To("/old"), + ParentRefs: []PartialGatewayParentReference{ + {Name: ptr.To("gw")}, + }, + }, + }) + require.NoError(t, err) + hr1 := findHTTPRoute(Render(state1)) + require.Equal(t, "/old", *hr1.Spec.Rules[0].Matches[0].Path.Value) + + state2, err := NewRenderState("ns", "rel", nil, PartialRenderValues{ + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"console.example.com"}, + Path: ptr.To("/new/path"), + ParentRefs: []PartialGatewayParentReference{ + {Name: ptr.To("gw")}, + }, + }, + }) + require.NoError(t, err) + hr2 := findHTTPRoute(Render(state2)) + require.Equal(t, "/new/path", *hr2.Spec.Rules[0].Matches[0].Path.Value) + }) + + t.Run("annotations", func(t *testing.T) { + state, err := NewRenderState("ns", "rel", nil, PartialRenderValues{ + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"console.example.com"}, + Annotations: map[string]string{ + "example.com/team": "platform", + "example.com/owner": "alice", + }, + ParentRefs: []PartialGatewayParentReference{ + {Name: ptr.To("gw")}, + }, + }, + }) + require.NoError(t, err) + hr := findHTTPRoute(Render(state)) + require.NotNil(t, hr) + require.Equal(t, "platform", hr.Annotations["example.com/team"]) + require.Equal(t, "alice", hr.Annotations["example.com/owner"]) + }) + + t.Run("change annotations", func(t *testing.T) { + state1, err := NewRenderState("ns", "rel", nil, PartialRenderValues{ + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"console.example.com"}, + Annotations: map[string]string{"old-key": "old-val"}, + ParentRefs: []PartialGatewayParentReference{{Name: ptr.To("gw")}}, + }, + }) + require.NoError(t, err) + hr1 := findHTTPRoute(Render(state1)) + require.Equal(t, "old-val", hr1.Annotations["old-key"]) + + state2, err := NewRenderState("ns", "rel", nil, PartialRenderValues{ + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"console.example.com"}, + Annotations: map[string]string{"new-key": "new-val"}, + ParentRefs: []PartialGatewayParentReference{{Name: ptr.To("gw")}}, + }, + }) + require.NoError(t, err) + hr2 := findHTTPRoute(Render(state2)) + require.Equal(t, "new-val", hr2.Annotations["new-key"]) + require.Empty(t, hr2.Annotations["old-key"]) + }) + + t.Run("parentRefs with all fields", func(t *testing.T) { + state, err := NewRenderState("ns", "rel", nil, PartialRenderValues{ + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"console.example.com"}, + ParentRefs: []PartialGatewayParentReference{ + { + Name: ptr.To("primary-gw"), + Namespace: ptr.To("gateway-system"), + SectionName: ptr.To(gatewayv1.SectionName("https")), + }, + }, + }, + }) + require.NoError(t, err) + hr := findHTTPRoute(Render(state)) + require.NotNil(t, hr) + require.Len(t, hr.Spec.ParentRefs, 1) + ref := hr.Spec.ParentRefs[0] + require.Equal(t, gatewayv1.ObjectName("primary-gw"), ref.Name) + require.NotNil(t, ref.Namespace) + require.Equal(t, gatewayv1.Namespace("gateway-system"), *ref.Namespace) + require.NotNil(t, ref.SectionName) + require.Equal(t, gatewayv1.SectionName("https"), *ref.SectionName) + }) + + t.Run("multiple parentRefs", func(t *testing.T) { + state, err := NewRenderState("ns", "rel", nil, PartialRenderValues{ + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"console.example.com"}, + ParentRefs: []PartialGatewayParentReference{ + {Name: ptr.To("gw-a"), Namespace: ptr.To("ns-a")}, + {Name: ptr.To("gw-b"), Namespace: ptr.To("ns-b"), SectionName: ptr.To(gatewayv1.SectionName("http"))}, + }, + }, + }) + require.NoError(t, err) + hr := findHTTPRoute(Render(state)) + require.NotNil(t, hr) + require.Len(t, hr.Spec.ParentRefs, 2) + require.Equal(t, gatewayv1.ObjectName("gw-a"), hr.Spec.ParentRefs[0].Name) + require.Equal(t, gatewayv1.ObjectName("gw-b"), hr.Spec.ParentRefs[1].Name) + require.Equal(t, gatewayv1.SectionName("http"), *hr.Spec.ParentRefs[1].SectionName) + }) + + t.Run("change parentRefs", func(t *testing.T) { + state1, err := NewRenderState("ns", "rel", nil, PartialRenderValues{ + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"console.example.com"}, + ParentRefs: []PartialGatewayParentReference{{Name: ptr.To("old-gw")}}, + }, + }) + require.NoError(t, err) + hr1 := findHTTPRoute(Render(state1)) + require.Equal(t, gatewayv1.ObjectName("old-gw"), hr1.Spec.ParentRefs[0].Name) + + state2, err := NewRenderState("ns", "rel", nil, PartialRenderValues{ + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"console.example.com"}, + ParentRefs: []PartialGatewayParentReference{ + {Name: ptr.To("new-gw"), Namespace: ptr.To("new-ns")}, + }, + }, + }) + require.NoError(t, err) + hr2 := findHTTPRoute(Render(state2)) + require.Equal(t, gatewayv1.ObjectName("new-gw"), hr2.Spec.ParentRefs[0].Name) + require.Equal(t, gatewayv1.Namespace("new-ns"), *hr2.Spec.ParentRefs[0].Namespace) + }) + + t.Run("parentRef with only name", func(t *testing.T) { + state, err := NewRenderState("ns", "rel", nil, PartialRenderValues{ + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"console.example.com"}, + ParentRefs: []PartialGatewayParentReference{ + {Name: ptr.To("simple-gw")}, + }, + }, + }) + require.NoError(t, err) + hr := findHTTPRoute(Render(state)) + require.Len(t, hr.Spec.ParentRefs, 1) + require.Equal(t, gatewayv1.ObjectName("simple-gw"), hr.Spec.ParentRefs[0].Name) + require.Nil(t, hr.Spec.ParentRefs[0].Namespace) + require.Nil(t, hr.Spec.ParentRefs[0].SectionName) + }) + + t.Run("default pathType is PathPrefix", func(t *testing.T) { + state, err := NewRenderState("ns", "rel", nil, PartialRenderValues{ + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"console.example.com"}, + ParentRefs: []PartialGatewayParentReference{{Name: ptr.To("gw")}}, + // PathType not set — should default to PathPrefix + }, + }) + require.NoError(t, err) + hr := findHTTPRoute(Render(state)) + require.NotNil(t, hr) + require.Equal(t, gatewayv1.PathMatchPathPrefix, *hr.Spec.Rules[0].Matches[0].Path.Type) + }) + + t.Run("backend service port from values", func(t *testing.T) { + state, err := NewRenderState("ns", "rel", nil, PartialRenderValues{ + Service: &PartialServiceConfig{ + Port: ptr.To(int32(9090)), + }, + Gateway: &PartialGatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"console.example.com"}, + ParentRefs: []PartialGatewayParentReference{{Name: ptr.To("gw")}}, + }, + }) + require.NoError(t, err) + hr := findHTTPRoute(Render(state)) + require.NotNil(t, hr) + require.Len(t, hr.Spec.Rules[0].BackendRefs, 1) + require.Equal(t, gatewayv1.PortNumber(9090), *hr.Spec.Rules[0].BackendRefs[0].Port) + }) +} + // isNonNil returns true if the kube.Object interface holds a non-nil pointer. func isNonNil(obj kube.Object) bool { return obj != nil && !reflect.ValueOf(obj).IsNil() diff --git a/operator/internal/controller/console/controller_test.go b/operator/internal/controller/console/controller_test.go index 2f515b75c..af25e0481 100644 --- a/operator/internal/controller/console/controller_test.go +++ b/operator/internal/controller/console/controller_test.go @@ -103,6 +103,53 @@ func TestController(t *testing.T) { }, }, }, + { + name: "gateway-enabled", + console: &redpandav1alpha2.Console{ + ObjectMeta: metav1.ObjectMeta{ + Name: "console-gateway", + }, + Spec: redpandav1alpha2.ConsoleSpec{ + ConsoleValues: redpandav1alpha2.ConsoleValues{ + Gateway: &redpandav1alpha2.GatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"console.example.com"}, + Path: ptr.To("/"), + Annotations: map[string]string{ + "example.com/team": "platform", + }, + ParentRefs: []redpandav1alpha2.GatewayParentReference{ + { + Name: "my-gateway", + Namespace: ptr.To("gateway-system"), + }, + }, + }, + }, + }, + }, + }, + { + name: "gateway-custom-path", + console: &redpandav1alpha2.Console{ + ObjectMeta: metav1.ObjectMeta{ + Name: "console-gw-path", + }, + Spec: redpandav1alpha2.ConsoleSpec{ + ConsoleValues: redpandav1alpha2.ConsoleValues{ + Gateway: &redpandav1alpha2.GatewayConfig{ + Enabled: ptr.To(true), + Hostnames: []string{"console.example.com", "console.internal"}, + Path: ptr.To("/console"), + ParentRefs: []redpandav1alpha2.GatewayParentReference{ + {Name: "gw-a"}, + {Name: "gw-b", Namespace: ptr.To("other-ns")}, + }, + }, + }, + }, + }, + }, { name: "jwt-set", console: &redpandav1alpha2.Console{ From 9b011d42a5e62e0d802aa867b944440264f275b4 Mon Sep 17 00:00:00 2001 From: david-yu Date: Fri, 20 Mar 2026 13:12:40 -0700 Subject: [PATCH 06/16] fix: sync workspace deps and regenerate golden files - Run `go work sync` to propagate gateway-api v1.5.1 to all modules - Regenerate console chart golden txtar with correct gateway-templating output - Fix lint alignment in render_test.go (Enabled field spacing) Co-Authored-By: Claude Opus 4.6 (1M context) --- acceptance/go.mod | 2 +- acceptance/go.sum | 12 +- charts/connectors/go.mod | 3 + charts/connectors/go.sum | 12 +- .../testdata/template-cases.golden.txtar | 426 +++++++++--------- charts/console/go.mod | 2 + charts/console/go.sum | 12 +- charts/console/render_test.go | 2 +- charts/redpanda/go.mod | 2 +- charts/redpanda/go.sum | 12 +- gen/go.mod | 2 +- gen/go.sum | 12 +- go.work.sum | 33 +- gotohelm/go.mod | 3 + gotohelm/go.sum | 12 +- gotohelm/testdata/src/example/go.mod | 1 + gotohelm/testdata/src/example/go.sum | 12 +- harpoon/go.mod | 3 + harpoon/go.sum | 12 +- pkg/go.mod | 3 + pkg/go.sum | 12 +- 21 files changed, 276 insertions(+), 314 deletions(-) diff --git a/acceptance/go.mod b/acceptance/go.mod index 731e28375..10c841503 100644 --- a/acceptance/go.mod +++ b/acceptance/go.mod @@ -312,7 +312,7 @@ require ( k8s.io/kubectl v0.35.1 // indirect oras.land/oras-go/v2 v2.6.0 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 // indirect - sigs.k8s.io/gateway-api v1.4.1 // indirect + sigs.k8s.io/gateway-api v1.5.1 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/kustomize/api v0.20.1 // indirect sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect diff --git a/acceptance/go.sum b/acceptance/go.sum index 7dc66ad0d..3b6ea1b88 100644 --- a/acceptance/go.sum +++ b/acceptance/go.sum @@ -337,8 +337,7 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8 h1:3DsUAV+VNEQa2CUVLxCY3f87278uWfIDhJnbdvDjvmE= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -551,10 +550,8 @@ github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns= -github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= -github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= -github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= +github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -953,8 +950,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 h1:hSfpvjjTQXQY2 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= -sigs.k8s.io/gateway-api v1.4.1 h1:NPxFutNkKNa8UfLd2CMlEuhIPMQgDQ6DXNKG9sHbJU8= -sigs.k8s.io/gateway-api v1.4.1/go.mod h1:AR5RSqciWP98OPckEjOjh2XJhAe2Na4LHyXD2FUY7Qk= +sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= diff --git a/charts/connectors/go.mod b/charts/connectors/go.mod index 8d7d902e4..1c592f549 100644 --- a/charts/connectors/go.mod +++ b/charts/connectors/go.mod @@ -136,6 +136,8 @@ require ( github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect + github.com/onsi/ginkgo/v2 v2.28.0 // indirect + github.com/onsi/gomega v1.39.1 // indirect github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect @@ -220,6 +222,7 @@ require ( oras.land/oras-go/v2 v2.6.0 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 // indirect sigs.k8s.io/controller-runtime v0.23.1 // indirect + sigs.k8s.io/gateway-api v1.5.1 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/kustomize/api v0.20.1 // indirect sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect diff --git a/charts/connectors/go.sum b/charts/connectors/go.sum index 54faa50d1..937d1171d 100644 --- a/charts/connectors/go.sum +++ b/charts/connectors/go.sum @@ -215,8 +215,7 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8 h1:3DsUAV+VNEQa2CUVLxCY3f87278uWfIDhJnbdvDjvmE= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE= @@ -352,10 +351,8 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns= -github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= -github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= -github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= +github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -698,8 +695,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 h1:hSfpvjjTQXQY2 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= -sigs.k8s.io/gateway-api v1.4.1 h1:NPxFutNkKNa8UfLd2CMlEuhIPMQgDQ6DXNKG9sHbJU8= -sigs.k8s.io/gateway-api v1.4.1/go.mod h1:AR5RSqciWP98OPckEjOjh2XJhAe2Na4LHyXD2FUY7Qk= +sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= diff --git a/charts/console/chart/testdata/template-cases.golden.txtar b/charts/console/chart/testdata/template-cases.golden.txtar index 6e36cd645..694ea9de0 100644 --- a/charts/console/chart/testdata/template-cases.golden.txtar +++ b/charts/console/chart/testdata/template-cases.golden.txtar @@ -22205,7 +22205,7 @@ spec: - name: secrets secret: secretName: console --- testdata/ingress-templating.yaml.golden -- +-- testdata/gateway-templating.yaml.golden -- --- # Source: console/templates/entry-point.yaml apiVersion: v1 @@ -22400,11 +22400,11 @@ spec: secretName: console --- # Source: console/templates/entry-point.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute metadata: annotations: - ingress: test + gateway: test labels: app.kubernetes.io/instance: console app.kubernetes.io/managed-by: Helm @@ -22414,23 +22414,21 @@ metadata: name: console namespace: test-namespace spec: - ingressClassName: null + hostnames: + - '"console.example.local"' + parentRefs: + - name: '"public-gateway"' + namespace: '"networking"' + sectionName: '"http"' rules: - - host: '"a-host"' - http: - paths: - - backend: - service: - name: console - port: - number: 8080 - path: / - pathType: Exact - tls: - - hosts: - - '"blah"' - secretName: my-secret --- testdata/no-registry.yaml.golden -- + - backendRefs: + - name: console + port: 8080 + matches: + - path: + type: PathPrefix + value: / +-- testdata/ingress-templating.yaml.golden -- --- # Source: console/templates/entry-point.yaml apiVersion: v1 @@ -22570,7 +22568,7 @@ spec: - name: REDPANDA_METRICS_K8S_VERSION value: v1.99.0 envFrom: [] - image: redpandadata/console:v3.3.2 + image: docker.redpanda.com/redpandadata/console:v3.3.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -22623,7 +22621,39 @@ spec: - name: secrets secret: secretName: console --- testdata/service-account-automount-token-in-deployment-resource.yaml.golden -- +--- +# Source: console/templates/entry-point.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + ingress: test + labels: + app.kubernetes.io/instance: console + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 + name: console + namespace: test-namespace +spec: + ingressClassName: null + rules: + - host: '"a-host"' + http: + paths: + - backend: + service: + name: console + port: + number: 8080 + path: / + pathType: Exact + tls: + - hosts: + - '"blah"' + secretName: my-secret +-- testdata/no-registry.yaml.golden -- --- # Source: console/templates/entry-point.yaml apiVersion: v1 @@ -22763,7 +22793,7 @@ spec: - name: REDPANDA_METRICS_K8S_VERSION value: v1.99.0 envFrom: [] - image: docker.redpanda.com/redpandadata/console:v3.3.2 + image: redpandadata/console:v3.3.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -22798,8 +22828,6 @@ spec: - mountPath: /etc/console/secrets name: secrets readOnly: true - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access-overwrite imagePullSecrets: [] initContainers: null nodeSelector: {} @@ -22818,111 +22846,86 @@ spec: - name: secrets secret: secretName: console - - name: kube-api-access-overwrite - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 666 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: some-kube-root-ca-config-map.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace --- testdata/service-account-automount-token-in-pod-resource.yaml.golden -- +-- testdata/service-account-automount-token-in-deployment-resource.yaml.golden -- --- # Source: console/templates/entry-point.yaml apiVersion: v1 -automountServiceAccountToken: true +automountServiceAccountToken: false kind: ServiceAccount metadata: annotations: {} - creationTimestamp: null labels: app.kubernetes.io/instance: console app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: console - app.kubernetes.io/version: v2.7.2 - helm.sh/chart: console-0.7.30 + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 name: console - namespace: default + namespace: test-namespace --- # Source: console/templates/entry-point.yaml apiVersion: v1 kind: Secret metadata: - creationTimestamp: null labels: app.kubernetes.io/instance: console app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: console - app.kubernetes.io/version: v2.7.2 - helm.sh/chart: console-0.7.30 + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 name: console + namespace: test-namespace stringData: - enterprise-license: "" - kafka-protobuf-git-basicauth-password: "" + authentication-jwt-signingkey: SECRETKEY + authentication-oidc-client-secret: "" kafka-sasl-aws-msk-iam-secret-key: "" kafka-sasl-password: "" - kafka-schema-registry-password: "" - kafka-schemaregistry-tls-ca: "" - kafka-schemaregistry-tls-cert: "" - kafka-schemaregistry-tls-key: "" kafka-tls-ca: "" kafka-tls-cert: "" kafka-tls-key: "" - login-github-oauth-client-secret: "" - login-github-personal-access-token: "" - login-google-groups-service-account.json: "" - login-google-oauth-client-secret: "" - login-jwt-secret: SECRETKEY - login-oidc-client-secret: "" - login-okta-client-secret: "" - login-okta-directory-api-token: "" + license: "" redpanda-admin-api-password: "" redpanda-admin-api-tls-ca: "" redpanda-admin-api-tls-cert: "" redpanda-admin-api-tls-key: "" + schema-registry-bearertoken: "" + schema-registry-password: "" + schemaregistry-tls-ca: "" + schemaregistry-tls-cert: "" + schemaregistry-tls-key: "" + serde-protobuf-git-basicauth-password: "" type: Opaque --- # Source: console/templates/entry-point.yaml apiVersion: v1 data: config.yaml: | - # from .Values.console.config + # from .Values.config {} kind: ConfigMap metadata: - creationTimestamp: null labels: app.kubernetes.io/instance: console app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: console - app.kubernetes.io/version: v2.7.2 - helm.sh/chart: console-0.7.30 + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 name: console + namespace: test-namespace --- # Source: console/templates/entry-point.yaml apiVersion: v1 kind: Service metadata: annotations: {} - creationTimestamp: null labels: app.kubernetes.io/instance: console app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: console - app.kubernetes.io/version: v2.7.2 - helm.sh/chart: console-0.7.30 + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 name: console - namespace: default + namespace: test-namespace spec: ports: - name: http @@ -22939,15 +22942,14 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: {} - creationTimestamp: null labels: app.kubernetes.io/instance: console app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: console - app.kubernetes.io/version: v2.7.2 - helm.sh/chart: console-0.7.30 + app.kubernetes.io/version: v3.3.2 + helm.sh/chart: console-3.3.0 name: console - namespace: default + namespace: test-namespace spec: replicas: 1 selector: @@ -22958,8 +22960,7 @@ spec: template: metadata: annotations: - checksum/config: efd050fc7b39ebcbdd465dc72e96062efdd7fda6ba966d397c78734daffba611 - creationTimestamp: null + checksum/config: 28d978af90a43439edaee767a120fd85a15f923d1977979170de19b9e74c5895 labels: app.kubernetes.io/instance: console app.kubernetes.io/name: console @@ -22971,13 +22972,21 @@ spec: - --config.filepath=/etc/console/configs/config.yaml command: null env: - - name: LOGIN_JWTSECRET + - name: AUTHENTICATION_JWTSIGNINGKEY valueFrom: secretKeyRef: - key: login-jwt-secret + key: authentication-jwt-signingkey name: console + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: helm + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: 3.3.0 + - name: REDPANDA_METRICS_K8S_CONSOLE_IMAGE_VERSION + value: redpandadata/console:v3.3.2 + - name: REDPANDA_METRICS_K8S_VERSION + value: v1.99.0 envFrom: [] - image: docker.redpanda.com/redpandadata/console:v2.7.2 + image: docker.redpanda.com/redpandadata/console:v3.3.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -23012,12 +23021,15 @@ spec: - mountPath: /etc/console/secrets name: secrets readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access-overwrite imagePullSecrets: [] initContainers: null nodeSelector: {} priorityClassName: "" securityContext: fsGroup: 99 + fsGroupChangePolicy: Always runAsUser: 99 serviceAccountName: console tolerations: [] @@ -23029,109 +23041,111 @@ spec: - name: secrets secret: secretName: console ---- -# Source: console/templates/tests/test-connection.yaml -apiVersion: v1 -kind: Pod -metadata: - name: "console-test-connection" - namespace: "default" - labels: - app.kubernetes.io/instance: console - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v2.7.2 - helm.sh/chart: console-0.7.30 - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['console:8080'] - restartPolicy: Never - priorityClassName: --- testdata/service-account-automount-token-in-service-account-resource.yaml.golden -- + - name: kube-api-access-overwrite + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 666 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: some-kube-root-ca-config-map.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace +-- testdata/service-account-automount-token-in-pod-resource.yaml.golden -- --- # Source: console/templates/entry-point.yaml apiVersion: v1 -automountServiceAccountToken: false +automountServiceAccountToken: true kind: ServiceAccount metadata: annotations: {} + creationTimestamp: null labels: app.kubernetes.io/instance: console app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 + app.kubernetes.io/version: v2.7.2 + helm.sh/chart: console-0.7.30 name: console - namespace: test-namespace + namespace: default --- # Source: console/templates/entry-point.yaml apiVersion: v1 kind: Secret metadata: + creationTimestamp: null labels: app.kubernetes.io/instance: console app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 + app.kubernetes.io/version: v2.7.2 + helm.sh/chart: console-0.7.30 name: console - namespace: test-namespace stringData: - authentication-jwt-signingkey: SECRETKEY - authentication-oidc-client-secret: "" + enterprise-license: "" + kafka-protobuf-git-basicauth-password: "" kafka-sasl-aws-msk-iam-secret-key: "" kafka-sasl-password: "" + kafka-schema-registry-password: "" + kafka-schemaregistry-tls-ca: "" + kafka-schemaregistry-tls-cert: "" + kafka-schemaregistry-tls-key: "" kafka-tls-ca: "" kafka-tls-cert: "" kafka-tls-key: "" - license: "" + login-github-oauth-client-secret: "" + login-github-personal-access-token: "" + login-google-groups-service-account.json: "" + login-google-oauth-client-secret: "" + login-jwt-secret: SECRETKEY + login-oidc-client-secret: "" + login-okta-client-secret: "" + login-okta-directory-api-token: "" redpanda-admin-api-password: "" redpanda-admin-api-tls-ca: "" redpanda-admin-api-tls-cert: "" redpanda-admin-api-tls-key: "" - schema-registry-bearertoken: "" - schema-registry-password: "" - schemaregistry-tls-ca: "" - schemaregistry-tls-cert: "" - schemaregistry-tls-key: "" - serde-protobuf-git-basicauth-password: "" type: Opaque --- # Source: console/templates/entry-point.yaml apiVersion: v1 data: config.yaml: | - # from .Values.config + # from .Values.console.config {} kind: ConfigMap metadata: + creationTimestamp: null labels: app.kubernetes.io/instance: console app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 + app.kubernetes.io/version: v2.7.2 + helm.sh/chart: console-0.7.30 name: console - namespace: test-namespace --- # Source: console/templates/entry-point.yaml apiVersion: v1 kind: Service metadata: annotations: {} + creationTimestamp: null labels: app.kubernetes.io/instance: console app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 + app.kubernetes.io/version: v2.7.2 + helm.sh/chart: console-0.7.30 name: console - namespace: test-namespace + namespace: default spec: ports: - name: http @@ -23148,14 +23162,15 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: {} + creationTimestamp: null labels: app.kubernetes.io/instance: console app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 + app.kubernetes.io/version: v2.7.2 + helm.sh/chart: console-0.7.30 name: console - namespace: test-namespace + namespace: default spec: replicas: 1 selector: @@ -23166,7 +23181,8 @@ spec: template: metadata: annotations: - checksum/config: 28d978af90a43439edaee767a120fd85a15f923d1977979170de19b9e74c5895 + checksum/config: efd050fc7b39ebcbdd465dc72e96062efdd7fda6ba966d397c78734daffba611 + creationTimestamp: null labels: app.kubernetes.io/instance: console app.kubernetes.io/name: console @@ -23178,21 +23194,13 @@ spec: - --config.filepath=/etc/console/configs/config.yaml command: null env: - - name: AUTHENTICATION_JWTSIGNINGKEY + - name: LOGIN_JWTSECRET valueFrom: secretKeyRef: - key: authentication-jwt-signingkey + key: login-jwt-secret name: console - - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE - value: helm - - name: REDPANDA_METRICS_K8S_CHART_VERSION - value: 3.3.0 - - name: REDPANDA_METRICS_K8S_CONSOLE_IMAGE_VERSION - value: redpandadata/console:v3.3.2 - - name: REDPANDA_METRICS_K8S_VERSION - value: v1.99.0 envFrom: [] - image: docker.redpanda.com/redpandadata/console:v3.3.2 + image: docker.redpanda.com/redpandadata/console:v2.7.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -23227,15 +23235,12 @@ spec: - mountPath: /etc/console/secrets name: secrets readOnly: true - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access-overwrite imagePullSecrets: [] initContainers: null nodeSelector: {} priorityClassName: "" securityContext: fsGroup: 99 - fsGroupChangePolicy: Always runAsUser: 99 serviceAccountName: console tolerations: [] @@ -23247,25 +23252,30 @@ spec: - name: secrets secret: secretName: console - - name: kube-api-access-overwrite - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 666 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: some-kube-root-ca-config-map.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace --- testdata/service-nodeport.yaml.golden -- +--- +# Source: console/templates/tests/test-connection.yaml +apiVersion: v1 +kind: Pod +metadata: + name: "console-test-connection" + namespace: "default" + labels: + app.kubernetes.io/instance: console + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: console + app.kubernetes.io/version: v2.7.2 + helm.sh/chart: console-0.7.30 + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['console:8080'] + restartPolicy: Never + priorityClassName: +-- testdata/service-account-automount-token-in-service-account-resource.yaml.golden -- --- # Source: console/templates/entry-point.yaml apiVersion: v1 @@ -23350,11 +23360,11 @@ spec: - name: http port: 8080 protocol: TCP - targetPort: 2000 + targetPort: 0 selector: app.kubernetes.io/instance: console app.kubernetes.io/name: console - type: NodePort + type: ClusterIP --- # Source: console/templates/entry-point.yaml apiVersion: apps/v1 @@ -23418,7 +23428,7 @@ spec: timeoutSeconds: 1 name: console ports: - - containerPort: 2000 + - containerPort: 8080 name: http protocol: TCP readinessProbe: @@ -23440,6 +23450,8 @@ spec: - mountPath: /etc/console/secrets name: secrets readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access-overwrite imagePullSecrets: [] initContainers: null nodeSelector: {} @@ -23458,7 +23470,25 @@ spec: - name: secrets secret: secretName: console --- testdata/service-with-nodeport.yaml.golden -- + - name: kube-api-access-overwrite + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 666 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: some-kube-root-ca-config-map.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace +-- testdata/service-nodeport.yaml.golden -- --- # Source: console/templates/entry-point.yaml apiVersion: v1 @@ -23529,8 +23559,7 @@ metadata: apiVersion: v1 kind: Service metadata: - annotations: - hello: world + annotations: {} labels: app.kubernetes.io/instance: console app.kubernetes.io/managed-by: Helm @@ -23542,10 +23571,9 @@ metadata: spec: ports: - name: http - nodePort: 1000 port: 8080 protocol: TCP - targetPort: 0 + targetPort: 2000 selector: app.kubernetes.io/instance: console app.kubernetes.io/name: console @@ -23613,7 +23641,7 @@ spec: timeoutSeconds: 1 name: console ports: - - containerPort: 8080 + - containerPort: 2000 name: http protocol: TCP readinessProbe: @@ -23653,7 +23681,7 @@ spec: - name: secrets secret: secretName: console --- testdata/gateway-templating.yaml.golden -- +-- testdata/service-with-nodeport.yaml.golden -- --- # Source: console/templates/entry-point.yaml apiVersion: v1 @@ -23724,7 +23752,8 @@ metadata: apiVersion: v1 kind: Service metadata: - annotations: {} + annotations: + hello: world labels: app.kubernetes.io/instance: console app.kubernetes.io/managed-by: Helm @@ -23736,13 +23765,14 @@ metadata: spec: ports: - name: http + nodePort: 1000 port: 8080 protocol: TCP targetPort: 0 selector: app.kubernetes.io/instance: console app.kubernetes.io/name: console - type: ClusterIP + type: NodePort --- # Source: console/templates/entry-point.yaml apiVersion: apps/v1 @@ -23784,6 +23814,14 @@ spec: secretKeyRef: key: authentication-jwt-signingkey name: console + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: helm + - name: REDPANDA_METRICS_K8S_CHART_VERSION + value: 3.3.0 + - name: REDPANDA_METRICS_K8S_CONSOLE_IMAGE_VERSION + value: redpandadata/console:v3.3.2 + - name: REDPANDA_METRICS_K8S_VERSION + value: v1.99.0 envFrom: [] image: docker.redpanda.com/redpandadata/console:v3.3.2 imagePullPolicy: IfNotPresent @@ -23838,33 +23876,3 @@ spec: - name: secrets secret: secretName: console ---- -# Source: console/templates/entry-point.yaml -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - annotations: - gateway: test - labels: - app.kubernetes.io/instance: console - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: console - app.kubernetes.io/version: v3.3.2 - helm.sh/chart: console-3.3.0 - name: console - namespace: test-namespace -spec: - hostnames: - - '"console.example.local"' - parentRefs: - - name: '"public-gateway"' - namespace: '"networking"' - sectionName: '"http"' - rules: - - backendRefs: - - name: console - port: 8080 - matches: - - path: - type: PathPrefix - value: / diff --git a/charts/console/go.mod b/charts/console/go.mod index 8b830e487..1c580a9b2 100644 --- a/charts/console/go.mod +++ b/charts/console/go.mod @@ -20,6 +20,7 @@ require ( k8s.io/client-go v0.35.1 k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 sigs.k8s.io/controller-runtime v0.23.1 + sigs.k8s.io/gateway-api v1.5.1 sigs.k8s.io/yaml v1.6.0 ) @@ -124,6 +125,7 @@ require ( github.com/google/cel-go v0.27.0 // indirect github.com/google/gnostic-models v0.7.1 // indirect github.com/google/go-cmp v0.7.0 // indirect + github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 // indirect github.com/google/s2a-go v0.1.9 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect diff --git a/charts/console/go.sum b/charts/console/go.sum index 24ab94661..c23c9850e 100644 --- a/charts/console/go.sum +++ b/charts/console/go.sum @@ -288,8 +288,7 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8 h1:3DsUAV+VNEQa2CUVLxCY3f87278uWfIDhJnbdvDjvmE= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -467,10 +466,8 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns= -github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= -github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= -github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= +github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -838,8 +835,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 h1:hSfpvjjTQXQY2 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= -sigs.k8s.io/gateway-api v1.4.1 h1:NPxFutNkKNa8UfLd2CMlEuhIPMQgDQ6DXNKG9sHbJU8= -sigs.k8s.io/gateway-api v1.4.1/go.mod h1:AR5RSqciWP98OPckEjOjh2XJhAe2Na4LHyXD2FUY7Qk= +sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= diff --git a/charts/console/render_test.go b/charts/console/render_test.go index 8acbc6b41..726bebb5d 100644 --- a/charts/console/render_test.go +++ b/charts/console/render_test.go @@ -102,7 +102,7 @@ func TestTypes(t *testing.T) { name: "ingress disabled", values: PartialRenderValues{ Ingress: &PartialIngressConfig{ - Enabled: ptr.To(false), + Enabled: ptr.To(false), }, ConfigMap: &PartialCreatable{ Create: ptr.To(true), diff --git a/charts/redpanda/go.mod b/charts/redpanda/go.mod index 66c1c019b..50e288a85 100644 --- a/charts/redpanda/go.mod +++ b/charts/redpanda/go.mod @@ -285,7 +285,7 @@ require ( k8s.io/kubectl v0.35.1 // indirect oras.land/oras-go/v2 v2.6.0 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 // indirect - sigs.k8s.io/gateway-api v1.4.1 // indirect + sigs.k8s.io/gateway-api v1.5.1 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/kustomize/api v0.20.1 // indirect sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect diff --git a/charts/redpanda/go.sum b/charts/redpanda/go.sum index 3f7e7dcef..89da5d52c 100644 --- a/charts/redpanda/go.sum +++ b/charts/redpanda/go.sum @@ -303,8 +303,7 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8 h1:3DsUAV+VNEQa2CUVLxCY3f87278uWfIDhJnbdvDjvmE= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -491,10 +490,8 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns= -github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= -github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= -github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= +github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -870,8 +867,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 h1:hSfpvjjTQXQY2 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= -sigs.k8s.io/gateway-api v1.4.1 h1:NPxFutNkKNa8UfLd2CMlEuhIPMQgDQ6DXNKG9sHbJU8= -sigs.k8s.io/gateway-api v1.4.1/go.mod h1:AR5RSqciWP98OPckEjOjh2XJhAe2Na4LHyXD2FUY7Qk= +sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= diff --git a/gen/go.mod b/gen/go.mod index eb0a122b0..b8e0a00aa 100644 --- a/gen/go.mod +++ b/gen/go.mod @@ -300,7 +300,7 @@ require ( oras.land/oras-go/v2 v2.6.0 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 // indirect sigs.k8s.io/controller-runtime v0.23.1 // indirect - sigs.k8s.io/gateway-api v1.4.1 // indirect + sigs.k8s.io/gateway-api v1.5.1 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/kustomize/api v0.20.1 // indirect sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect diff --git a/gen/go.sum b/gen/go.sum index 95aa726ae..4ad39a9c7 100644 --- a/gen/go.sum +++ b/gen/go.sum @@ -329,8 +329,7 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8 h1:3DsUAV+VNEQa2CUVLxCY3f87278uWfIDhJnbdvDjvmE= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -531,10 +530,8 @@ github.com/oleiade/reflections v1.1.0 h1:D+I/UsXQB4esMathlt0kkZRJZdUDmhv5zGi/HOw github.com/oleiade/reflections v1.1.0/go.mod h1:mCxx0QseeVCHs5Um5HhJeCKVC7AwS8kO67tky4rdisA= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns= -github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= -github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= -github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= +github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -924,8 +921,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 h1:hSfpvjjTQXQY2 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= -sigs.k8s.io/gateway-api v1.4.1 h1:NPxFutNkKNa8UfLd2CMlEuhIPMQgDQ6DXNKG9sHbJU8= -sigs.k8s.io/gateway-api v1.4.1/go.mod h1:AR5RSqciWP98OPckEjOjh2XJhAe2Na4LHyXD2FUY7Qk= +sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= diff --git a/go.work.sum b/go.work.sum index f3b32ff7a..875267623 100644 --- a/go.work.sum +++ b/go.work.sum @@ -1741,6 +1741,7 @@ github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL9 github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= github.com/go-openapi/jsonreference v0.21.2/go.mod h1:pp3PEjIsJ9CZDGCNOyXIQxsNuroxm8FAJ/+quA0yKzQ= github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= @@ -1750,6 +1751,7 @@ github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0= github.com/go-openapi/swag/jsonname v0.25.1/go.mod h1:71Tekow6UOLBD3wS7XhdT98g5J5GR13NOTQ9/6Q11Zo= github.com/go-ozzo/ozzo-validation/v4 v4.3.0 h1:byhDUpfEwjsVQb1vBunvIjh2BHQ9ead57VkAEY4V+Es= github.com/go-ozzo/ozzo-validation/v4 v4.3.0/go.mod h1:2NKgrcHl3z6cJs+3Oo940FPRiTzuqKbvfrL2RxCj6Ew= @@ -2269,7 +2271,6 @@ github.com/microcosm-cc/bluemonday v1.0.23/go.mod h1:mN70sk7UkkF8TUr2IGBpNN0jAgS github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= -github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= @@ -3106,9 +3107,6 @@ golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= -golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= -golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= @@ -3178,10 +3176,7 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= @@ -3249,10 +3244,6 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= @@ -3311,10 +3302,6 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= -golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= -golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= @@ -3422,12 +3409,8 @@ golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= @@ -3466,10 +3449,6 @@ golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuX golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= @@ -3479,15 +3458,13 @@ golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ= golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw= golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254= +golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= @@ -3577,11 +3554,8 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.11.0/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8= -golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= -golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= @@ -4087,6 +4061,7 @@ k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20260108192941-914a6e750570/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= oras.land/oras-go v1.2.0/go.mod h1:pFNs7oHp2dYsYMSS82HaX5l4mpnGO7hbpPN6EWH2ltc= oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= diff --git a/gotohelm/go.mod b/gotohelm/go.mod index 8f2f5d3a4..092348319 100644 --- a/gotohelm/go.mod +++ b/gotohelm/go.mod @@ -140,6 +140,8 @@ require ( github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect + github.com/onsi/ginkgo/v2 v2.28.0 // indirect + github.com/onsi/gomega v1.39.1 // indirect github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect @@ -218,6 +220,7 @@ require ( k8s.io/kubectl v0.35.1 // indirect oras.land/oras-go/v2 v2.6.0 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 // indirect + sigs.k8s.io/gateway-api v1.5.1 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/kustomize/api v0.20.1 // indirect sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect diff --git a/gotohelm/go.sum b/gotohelm/go.sum index df04ca3e4..2a86b2094 100644 --- a/gotohelm/go.sum +++ b/gotohelm/go.sum @@ -215,8 +215,7 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8 h1:3DsUAV+VNEQa2CUVLxCY3f87278uWfIDhJnbdvDjvmE= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE= @@ -352,10 +351,8 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns= -github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= -github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= -github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= +github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -694,8 +691,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 h1:hSfpvjjTQXQY2 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= -sigs.k8s.io/gateway-api v1.4.1 h1:NPxFutNkKNa8UfLd2CMlEuhIPMQgDQ6DXNKG9sHbJU8= -sigs.k8s.io/gateway-api v1.4.1/go.mod h1:AR5RSqciWP98OPckEjOjh2XJhAe2Na4LHyXD2FUY7Qk= +sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= diff --git a/gotohelm/testdata/src/example/go.mod b/gotohelm/testdata/src/example/go.mod index f4f831cf6..7e7952b72 100644 --- a/gotohelm/testdata/src/example/go.mod +++ b/gotohelm/testdata/src/example/go.mod @@ -61,6 +61,7 @@ require ( github.com/google/cel-go v0.27.0 // indirect github.com/google/gnostic-models v0.7.1 // indirect github.com/google/go-cmp v0.7.0 // indirect + github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect diff --git a/gotohelm/testdata/src/example/go.sum b/gotohelm/testdata/src/example/go.sum index 0e7642c61..8e683fc30 100644 --- a/gotohelm/testdata/src/example/go.sum +++ b/gotohelm/testdata/src/example/go.sum @@ -160,8 +160,7 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8 h1:3DsUAV+VNEQa2CUVLxCY3f87278uWfIDhJnbdvDjvmE= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo= @@ -236,10 +235,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns= -github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= -github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= -github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= +github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -459,8 +456,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 h1:hSfpvjjTQXQY2 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= -sigs.k8s.io/gateway-api v1.4.1 h1:NPxFutNkKNa8UfLd2CMlEuhIPMQgDQ6DXNKG9sHbJU8= -sigs.k8s.io/gateway-api v1.4.1/go.mod h1:AR5RSqciWP98OPckEjOjh2XJhAe2Na4LHyXD2FUY7Qk= +sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= diff --git a/harpoon/go.mod b/harpoon/go.mod index 7cfed3287..fb1e76d3d 100644 --- a/harpoon/go.mod +++ b/harpoon/go.mod @@ -131,6 +131,8 @@ require ( github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect + github.com/onsi/ginkgo/v2 v2.28.0 // indirect + github.com/onsi/gomega v1.39.1 // indirect github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect @@ -208,6 +210,7 @@ require ( k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 // indirect oras.land/oras-go/v2 v2.6.0 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 // indirect + sigs.k8s.io/gateway-api v1.5.1 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/kustomize/api v0.20.1 // indirect sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect diff --git a/harpoon/go.sum b/harpoon/go.sum index 7aa00c5e9..eb2316b04 100644 --- a/harpoon/go.sum +++ b/harpoon/go.sum @@ -221,8 +221,7 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8 h1:3DsUAV+VNEQa2CUVLxCY3f87278uWfIDhJnbdvDjvmE= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE= @@ -367,10 +366,8 @@ github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns= -github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= -github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= -github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= +github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -715,8 +712,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 h1:hSfpvjjTQXQY2 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= -sigs.k8s.io/gateway-api v1.4.1 h1:NPxFutNkKNa8UfLd2CMlEuhIPMQgDQ6DXNKG9sHbJU8= -sigs.k8s.io/gateway-api v1.4.1/go.mod h1:AR5RSqciWP98OPckEjOjh2XJhAe2Na4LHyXD2FUY7Qk= +sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= diff --git a/pkg/go.mod b/pkg/go.mod index a05e0c123..31d8daf51 100644 --- a/pkg/go.mod +++ b/pkg/go.mod @@ -207,6 +207,8 @@ require ( github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect + github.com/onsi/ginkgo/v2 v2.28.0 // indirect + github.com/onsi/gomega v1.39.1 // indirect github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect @@ -297,6 +299,7 @@ require ( k8s.io/kubectl v0.35.1 // indirect oras.land/oras-go/v2 v2.6.0 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 // indirect + sigs.k8s.io/gateway-api v1.5.1 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/kustomize/api v0.20.1 // indirect sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect diff --git a/pkg/go.sum b/pkg/go.sum index 3eddf873a..817d3b074 100644 --- a/pkg/go.sum +++ b/pkg/go.sum @@ -305,8 +305,7 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8 h1:3DsUAV+VNEQa2CUVLxCY3f87278uWfIDhJnbdvDjvmE= -github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -487,10 +486,8 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns= -github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= -github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= -github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= +github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -870,8 +867,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 h1:hSfpvjjTQXQY2 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= -sigs.k8s.io/gateway-api v1.4.1 h1:NPxFutNkKNa8UfLd2CMlEuhIPMQgDQ6DXNKG9sHbJU8= -sigs.k8s.io/gateway-api v1.4.1/go.mod h1:AR5RSqciWP98OPckEjOjh2XJhAe2Na4LHyXD2FUY7Qk= +sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= From 44ef6f27fd133ec9fd8da316791f7ab62bb4b2d9 Mon Sep 17 00:00:00 2001 From: david-yu Date: Fri, 20 Mar 2026 14:26:01 -0700 Subject: [PATCH 07/16] fix: regenerate CRDs, RBAC, schema, golden files, and fix CI failures - Regenerate CRDs, deepcopy, RBAC, and schema for gateway API support - Fix InUseServerCerts to not skip external listener certs when internal TLS is disabled (the original bug fix for values.go) - Add Gateway API CRD loading in console controller tests so envtest can handle HTTPRoute resources - Update lifecycle and controller golden test files - Run go mod tidy across all modules - Regenerate crd-docs.adoc Co-Authored-By: Claude Opus 4.6 (1M context) --- acceptance/go.sum | 4 + charts/connectors/go.sum | 4 + .../console/chart/templates/_chart.notes.tpl | 4 +- charts/console/go.sum | 4 + charts/redpanda/chart/values.schema.json | 59 +++ charts/redpanda/go.sum | 4 + charts/redpanda/values.go | 6 +- gen/go.sum | 4 + gotohelm/go.sum | 4 + gotohelm/testdata/src/example/go.sum | 4 + harpoon/go.mod | 4 +- harpoon/go.sum | 4 + .../redpanda/v1alpha2/testdata/crd-docs.adoc | 51 ++ .../v1alpha2/zz_generated.deepcopy.go | 9 + .../chart/files/rbac/console.ClusterRole.yaml | 12 + .../bases/cluster.redpanda.com_consoles.yaml | 85 ++++ .../bases/cluster.redpanda.com_redpandas.yaml | 10 + operator/config/rbac/bases/operator/role.yaml | 12 + operator/config/rbac/itemized/console.yaml | 12 + .../controller/console/controller_test.go | 56 ++- .../testdata/controller-tests.golden.txtar | 454 ++++++++++++++++++ .../redpanda-cases.pools.golden.txtar | 36 +- .../redpanda-cases.values.golden.txtar | 50 +- operator/multicluster/values.go | 6 +- pkg/go.sum | 4 + 25 files changed, 846 insertions(+), 56 deletions(-) diff --git a/acceptance/go.sum b/acceptance/go.sum index 3b6ea1b88..33791b49f 100644 --- a/acceptance/go.sum +++ b/acceptance/go.sum @@ -338,6 +338,7 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -551,7 +552,9 @@ github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/ginkgo/v2 v2.28.0/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= +github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -951,6 +954,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1 sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= +sigs.k8s.io/gateway-api v1.5.1/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= diff --git a/charts/connectors/go.sum b/charts/connectors/go.sum index 937d1171d..acdc8484b 100644 --- a/charts/connectors/go.sum +++ b/charts/connectors/go.sum @@ -216,6 +216,7 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE= @@ -352,7 +353,9 @@ github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+ github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/ginkgo/v2 v2.28.0/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= +github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -696,6 +699,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1 sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= +sigs.k8s.io/gateway-api v1.5.1/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= diff --git a/charts/console/chart/templates/_chart.notes.tpl b/charts/console/chart/templates/_chart.notes.tpl index acbf068e4..056cdf31e 100644 --- a/charts/console/chart/templates/_chart.notes.tpl +++ b/charts/console/chart/templates/_chart.notes.tpl @@ -14,8 +14,7 @@ {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- end -}} -{{- if $values.ingress.enabled -}} +{{- else -}}{{- if $values.ingress.enabled -}} {{- $scheme := "http" -}} {{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.ingress.tls)))) "r") | int) (0 | int)) -}} {{- $scheme = "https" -}} @@ -32,6 +31,7 @@ {{- break -}} {{- end -}} {{- end -}} +{{- end -}} {{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $commands)))) "r") | int) (1 | int)) -}} {{- $_is_returning = true -}} {{- (dict "r" $commands) | toJson -}} diff --git a/charts/console/go.sum b/charts/console/go.sum index c23c9850e..cabf804a4 100644 --- a/charts/console/go.sum +++ b/charts/console/go.sum @@ -289,6 +289,7 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -467,7 +468,9 @@ github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+ github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/ginkgo/v2 v2.28.0/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= +github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -836,6 +839,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1 sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= +sigs.k8s.io/gateway-api v1.5.1/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= diff --git a/charts/redpanda/chart/values.schema.json b/charts/redpanda/chart/values.schema.json index 64e0b0ce1..382c76af0 100644 --- a/charts/redpanda/chart/values.schema.json +++ b/charts/redpanda/chart/values.schema.json @@ -3391,6 +3391,65 @@ "fullnameOverride": { "type": "string" }, + "gateway": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "hostnames": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "parentRefs": { + "oneOf": [ + { + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "sectionName": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "path": { + "type": "string" + }, + "pathType": { + "type": "string" + } + }, + "type": "object" + }, "global": { "type": "object" }, diff --git a/charts/redpanda/go.sum b/charts/redpanda/go.sum index 89da5d52c..da1fe81f5 100644 --- a/charts/redpanda/go.sum +++ b/charts/redpanda/go.sum @@ -304,6 +304,7 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -491,7 +492,9 @@ github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+ github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/ginkgo/v2 v2.28.0/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= +github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -868,6 +871,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1 sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= +sigs.k8s.io/gateway-api v1.5.1/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= diff --git a/charts/redpanda/values.go b/charts/redpanda/values.go index 019705eb5..56346efc7 100644 --- a/charts/redpanda/values.go +++ b/charts/redpanda/values.go @@ -904,12 +904,10 @@ func (l *Listeners) InUseServerCerts(tls *TLS) []string { } for _, listener := range listeners { - if !listener.TLS.IsEnabled(tls) { - continue + if listener.TLS.IsEnabled(tls) { + certs[listener.TLS.Cert] = true } - certs[listener.TLS.Cert] = true - for _, external := range helmette.SortedMap(listener.External) { if !external.IsEnabled() || !external.TLS.IsEnabled(&listener.TLS, tls) { continue diff --git a/gen/go.sum b/gen/go.sum index 4ad39a9c7..3512aecd6 100644 --- a/gen/go.sum +++ b/gen/go.sum @@ -330,6 +330,7 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -531,7 +532,9 @@ github.com/oleiade/reflections v1.1.0/go.mod h1:mCxx0QseeVCHs5Um5HhJeCKVC7AwS8kO github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/ginkgo/v2 v2.28.0/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= +github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -922,6 +925,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1 sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= +sigs.k8s.io/gateway-api v1.5.1/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= diff --git a/gotohelm/go.sum b/gotohelm/go.sum index 2a86b2094..a80846177 100644 --- a/gotohelm/go.sum +++ b/gotohelm/go.sum @@ -216,6 +216,7 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE= @@ -352,7 +353,9 @@ github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+ github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/ginkgo/v2 v2.28.0/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= +github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -692,6 +695,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1 sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= +sigs.k8s.io/gateway-api v1.5.1/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= diff --git a/gotohelm/testdata/src/example/go.sum b/gotohelm/testdata/src/example/go.sum index 8e683fc30..67cbdebe7 100644 --- a/gotohelm/testdata/src/example/go.sum +++ b/gotohelm/testdata/src/example/go.sum @@ -161,6 +161,7 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo= @@ -236,7 +237,9 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/ginkgo/v2 v2.28.0/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= +github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -457,6 +460,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1 sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= +sigs.k8s.io/gateway-api v1.5.1/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= diff --git a/harpoon/go.mod b/harpoon/go.mod index fb1e76d3d..1354c15bb 100644 --- a/harpoon/go.mod +++ b/harpoon/go.mod @@ -88,6 +88,7 @@ require ( github.com/google/cel-go v0.27.0 // indirect github.com/google/gnostic-models v0.7.1 // indirect github.com/google/go-cmp v0.7.0 // indirect + github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect github.com/gosuri/uitable v0.0.4 // indirect @@ -131,8 +132,6 @@ require ( github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect - github.com/onsi/ginkgo/v2 v2.28.0 // indirect - github.com/onsi/gomega v1.39.1 // indirect github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect @@ -210,7 +209,6 @@ require ( k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 // indirect oras.land/oras-go/v2 v2.6.0 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 // indirect - sigs.k8s.io/gateway-api v1.5.1 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/kustomize/api v0.20.1 // indirect sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect diff --git a/harpoon/go.sum b/harpoon/go.sum index eb2316b04..1832abe6e 100644 --- a/harpoon/go.sum +++ b/harpoon/go.sum @@ -222,6 +222,7 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE= @@ -367,7 +368,9 @@ github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/ginkgo/v2 v2.28.0/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= +github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -713,6 +716,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1 sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= +sigs.k8s.io/gateway-api v1.5.1/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= diff --git a/operator/api/redpanda/v1alpha2/testdata/crd-docs.adoc b/operator/api/redpanda/v1alpha2/testdata/crd-docs.adoc index a8d0989c5..a2b736910 100644 --- a/operator/api/redpanda/v1alpha2/testdata/crd-docs.adoc +++ b/operator/api/redpanda/v1alpha2/testdata/crd-docs.adoc @@ -970,6 +970,7 @@ ConsoleCreateObj represents configuration options for creating Kubernetes object | *`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#securitycontext-v1-core[$$SecurityContext$$]__ | | | | *`service`* __xref:{anchor_prefix}-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-serviceconfig[$$ServiceConfig$$]__ | | | | *`ingress`* __xref:{anchor_prefix}-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-ingressconfig[$$IngressConfig$$]__ | | | +| *`gateway`* __xref:{anchor_prefix}-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-gatewayconfig[$$GatewayConfig$$]__ | | | | *`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ | | | | *`autoscaling`* __xref:{anchor_prefix}-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-autoscaling[$$AutoScaling$$]__ | | | | *`nodeSelector`* __object (keys:string, values:string)__ | | | @@ -1320,6 +1321,55 @@ FilterType specifies the type, either include or exclude of a consumer group fil |=== +[id="{anchor_prefix}-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-gatewayconfig"] +==== GatewayConfig + + + +GatewayConfig configures a Gateway API HTTPRoute for Console. + + + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolespec[$$ConsoleSpec$$] +**** + +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`enabled`* __boolean__ | | | +| *`annotations`* __object (keys:string, values:string)__ | | | +| *`parentRefs`* __xref:{anchor_prefix}-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-gatewayparentreference[$$GatewayParentReference$$] array__ | | | +| *`hostnames`* __string array__ | | | +| *`path`* __string__ | | | +| *`pathType`* __xref:{anchor_prefix}-sigs-k8s-io-gateway-api-apis-v1-pathmatchtype[$$PathMatchType$$]__ | | | +|=== + + +[id="{anchor_prefix}-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-gatewayparentreference"] +==== GatewayParentReference + + + +GatewayParentReference identifies a parent Gateway for the HTTPRoute. + + + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-gatewayconfig[$$GatewayConfig$$] +**** + +[cols="20a,50a,15a,15a", options="header"] +|=== +| Field | Description | Default | Validation +| *`name`* __string__ | | | +| *`namespace`* __string__ | | | +| *`sectionName`* __xref:{anchor_prefix}-sigs-k8s-io-gateway-api-apis-v1-sectionname[$$SectionName$$]__ | | | +|=== + + [id="{anchor_prefix}-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-group"] ==== Group @@ -2756,6 +2806,7 @@ see the Helm values for the Redpanda Console chart: https://artifacthub.io/packa | *`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#rawextension-runtime-pkg[$$RawExtension$$]__ | Sets the security context for the Pods that run Redpanda Console. + | | | *`service`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#rawextension-runtime-pkg[$$RawExtension$$]__ | Configures the Kubernetes Service for Redpanda Console. + | | | *`ingress`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#rawextension-runtime-pkg[$$RawExtension$$]__ | Configures the Kubernetes Ingress resource for Redpanda Console. + | | +| *`gateway`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#rawextension-runtime-pkg[$$RawExtension$$]__ | Configures a Gateway API HTTPRoute for Redpanda Console. + | | | *`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#rawextension-runtime-pkg[$$RawExtension$$]__ | Configures resource requests and limits for the Pods that run Redpanda Console. + | | | *`autoscaling`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#rawextension-runtime-pkg[$$RawExtension$$]__ | Configures Horizontal Pod Autoscaling (HPA) for Redpanda Console. + | | | *`nodeSelector`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#rawextension-runtime-pkg[$$RawExtension$$]__ | Specifies Node labels for Pod assignment. + | | diff --git a/operator/api/redpanda/v1alpha2/zz_generated.deepcopy.go b/operator/api/redpanda/v1alpha2/zz_generated.deepcopy.go index a4631d9a6..bb7f63252 100644 --- a/operator/api/redpanda/v1alpha2/zz_generated.deepcopy.go +++ b/operator/api/redpanda/v1alpha2/zz_generated.deepcopy.go @@ -1,5 +1,14 @@ //go:build !ignore_autogenerated +// Copyright 2026 Redpanda Data, Inc. +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.md +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0 + // Code generated by controller-gen. DO NOT EDIT. package v1alpha2 diff --git a/operator/chart/files/rbac/console.ClusterRole.yaml b/operator/chart/files/rbac/console.ClusterRole.yaml index 98f4395e2..d39c62df2 100644 --- a/operator/chart/files/rbac/console.ClusterRole.yaml +++ b/operator/chart/files/rbac/console.ClusterRole.yaml @@ -71,6 +71,18 @@ rules: - get - patch - update + - apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: diff --git a/operator/config/crd/bases/cluster.redpanda.com_consoles.yaml b/operator/config/crd/bases/cluster.redpanda.com_consoles.yaml index 75535f8cf..b185200b9 100644 --- a/operator/config/crd/bases/cluster.redpanda.com_consoles.yaml +++ b/operator/config/crd/bases/cluster.redpanda.com_consoles.yaml @@ -6999,6 +6999,91 @@ spec: - name type: object type: array + gateway: + description: GatewayConfig configures a Gateway API HTTPRoute for + Console. + properties: + annotations: + additionalProperties: + type: string + type: object + enabled: + type: boolean + hostnames: + items: + type: string + type: array + parentRefs: + items: + description: GatewayParentReference identifies a parent Gateway + for the HTTPRoute. + properties: + name: + type: string + namespace: + type: string + sectionName: + description: |- + SectionName is the name of a section in a Kubernetes resource. + + In the following resources, SectionName is interpreted as the following: + + * Gateway: Listener name + * HTTPRoute: HTTPRouteRule name + * Service: Port name + + Section names can have a variety of forms, including RFC 1123 subdomains, + RFC 1123 labels, or RFC 1035 labels. + + This validation is based off of the corresponding Kubernetes validation: + https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L208 + + Valid values include: + + * "example" + * "foo-example" + * "example.com" + * "foo.example.com" + + Invalid values include: + + * "example.com/bar" - "/" is an invalid character + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - name + type: object + type: array + path: + type: string + pathType: + description: |- + PathMatchType specifies the semantics of how HTTP paths should be compared. + Valid PathMatchType values, along with their support levels, are: + + * "Exact" - Core + * "PathPrefix" - Core + * "RegularExpression" - Implementation Specific + + PathPrefix and Exact paths must be syntactically valid: + + - Must begin with the `/` character + - Must not contain consecutive `/` characters (e.g. `/foo///`, `//`). + + Note that values may be added to this enum, implementations + must ensure that unknown values will not cause a crash. + + Unknown values here must result in the implementation setting the + Accepted Condition for the Route to `status: False`, with a + Reason of `UnsupportedValue`. + enum: + - Exact + - PathPrefix + - RegularExpression + type: string + type: object image: properties: pullPolicy: diff --git a/operator/config/crd/bases/cluster.redpanda.com_redpandas.yaml b/operator/config/crd/bases/cluster.redpanda.com_redpandas.yaml index 21609c088..44d1587f3 100644 --- a/operator/config/crd/bases/cluster.redpanda.com_redpandas.yaml +++ b/operator/config/crd/bases/cluster.redpanda.com_redpandas.yaml @@ -1618,6 +1618,11 @@ spec: the entire naming convention including release name and chart name. type: string + gateway: + description: Configures a Gateway API HTTPRoute for Redpanda + Console. + type: object + x-kubernetes-preserve-unknown-fields: true image: description: Defines the container image for the Redpanda Console, including the repository, name, and tag. @@ -35412,6 +35417,11 @@ spec: the entire naming convention including release name and chart name. type: string + gateway: + description: Configures a Gateway API HTTPRoute for Redpanda + Console. + type: object + x-kubernetes-preserve-unknown-fields: true image: description: Defines the container image for the Redpanda Console, including the repository, name, and tag. diff --git a/operator/config/rbac/bases/operator/role.yaml b/operator/config/rbac/bases/operator/role.yaml index f8a24cf28..3b6f9a6d8 100644 --- a/operator/config/rbac/bases/operator/role.yaml +++ b/operator/config/rbac/bases/operator/role.yaml @@ -216,6 +216,18 @@ rules: - patch - update - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: diff --git a/operator/config/rbac/itemized/console.yaml b/operator/config/rbac/itemized/console.yaml index 1cf4f82ed..be6e784ff 100644 --- a/operator/config/rbac/itemized/console.yaml +++ b/operator/config/rbac/itemized/console.yaml @@ -71,6 +71,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: diff --git a/operator/internal/controller/console/controller_test.go b/operator/internal/controller/console/controller_test.go index af25e0481..7e163ad9a 100644 --- a/operator/internal/controller/console/controller_test.go +++ b/operator/internal/controller/console/controller_test.go @@ -10,9 +10,13 @@ package console import ( + "bytes" "context" "fmt" "math/rand" + "os" + "os/exec" + "path/filepath" "slices" "strings" "testing" @@ -175,6 +179,9 @@ func TestController(t *testing.T) { }, }) + allCRDs := crds.All() + allCRDs = append(allCRDs, loadGatewayAPICRDs(t)...) + require.NoError(t, kube.ApplyAllAndWait(t.Context(), ctl, func(crd *apiextensionsv1.CustomResourceDefinition, err error) (bool, error) { if err != nil { return false, err @@ -187,7 +194,7 @@ func TestController(t *testing.T) { } return false, nil - }, crds.All()...)) + }, allCRDs...)) // Create namespace ns, err := kube.Create(t.Context(), ctl, corev1.Namespace{ @@ -321,6 +328,53 @@ func scrapeControllerObjects(t *testing.T, ctl *kube.Ctl, console *redpandav1alp return objects } +// loadGatewayAPICRDs loads Gateway API CRDs from the sigs.k8s.io/gateway-api +// module in the Go module cache. This is needed for envtest to support +// HTTPRoute resources. +func loadGatewayAPICRDs(t *testing.T) []*apiextensionsv1.CustomResourceDefinition { + t.Helper() + + // Resolve the gateway-api module directory from the module cache. + cmd := exec.Command("go", "list", "-m", "-f", "{{.Dir}}", "sigs.k8s.io/gateway-api") + var out bytes.Buffer + cmd.Stdout = &out + cmd.Stderr = os.Stderr + require.NoError(t, cmd.Run(), "failed to resolve gateway-api module directory") + + crdDir := filepath.Join(strings.TrimSpace(out.String()), "config", "crd", "standard") + + scheme := runtime.NewScheme() + require.NoError(t, apiextensionsv1.AddToScheme(scheme)) + + entries, err := os.ReadDir(crdDir) + require.NoError(t, err) + + var result []*apiextensionsv1.CustomResourceDefinition + for _, entry := range entries { + if entry.IsDir() || !strings.HasSuffix(entry.Name(), ".yaml") { + continue + } + + data, err := os.ReadFile(filepath.Join(crdDir, entry.Name())) + require.NoError(t, err) + + objs, err := kube.DecodeYAML(data, scheme) + if err != nil { + // Skip non-CRD YAML files (e.g. ValidatingAdmissionPolicy). + continue + } + + for _, obj := range objs { + if crd, ok := obj.(*apiextensionsv1.CustomResourceDefinition); ok { + result = append(result, crd) + } + } + } + + require.NotEmpty(t, result, "no Gateway API CRDs found in %s", crdDir) + return result +} + // cleanObjectForGolden removes dynamic fields that change between test runs func cleanObjectForGolden(scheme *runtime.Scheme, obj client.Object) { gvks, _, err := scheme.ObjectKinds(obj) diff --git a/operator/internal/controller/console/testdata/controller-tests.golden.txtar b/operator/internal/controller/console/testdata/controller-tests.golden.txtar index 69e9faefe..a73b98181 100644 --- a/operator/internal/controller/console/testdata/controller-tests.golden.txtar +++ b/operator/internal/controller/console/testdata/controller-tests.golden.txtar @@ -227,6 +227,460 @@ type: ClusterIP status: loadBalancer: {} +-- gateway-custom-path -- +- apiVersion: v1 + data: + config.yaml: | + # from .Values.config + {} + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/instance: console-gw-path + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: console + name: console-gw-path-console + namespace: test-ns +- apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/instance: console-gw-path + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: console + name: console-gw-path-console + namespace: test-ns + spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: console-gw-path + app.kubernetes.io/name: console + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: 28d978af90a43439edaee767a120fd85a15f923d1977979170de19b9e74c5895 + labels: + app.kubernetes.io/instance: console-gw-path + app.kubernetes.io/name: console + spec: + affinity: {} + automountServiceAccountToken: false + containers: + - args: + - --config.filepath=/etc/console/configs/config.yaml + env: + - name: AUTHENTICATION_JWTSIGNINGKEY + valueFrom: + secretKeyRef: + key: authentication-jwt-signingkey + name: console-gw-path-console + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + - name: REDPANDA_METRICS_K8S_CONSOLE_IMAGE_VERSION + value: redpandadata/console:v3.3.2 + - name: REDPANDA_METRICS_K8S_CLUSTER_ID + value: 00000000-0000-0000-0000-000000000000 + image: docker.redpanda.com/redpandadata/console:v3.3.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /admin/health + port: http + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: console + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /admin/health + port: http + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: {} + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/console/configs + name: configs + readOnly: true + - mountPath: /etc/console/secrets + name: secrets + readOnly: true + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 99 + fsGroupChangePolicy: Always + runAsUser: 99 + serviceAccount: console-gw-path-console + serviceAccountName: console-gw-path-console + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + defaultMode: 420 + name: console-gw-path-console + name: configs + - name: secrets + secret: + defaultMode: 420 + secretName: console-gw-path-console + status: {} +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + labels: + app.kubernetes.io/instance: console-gw-path + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: console + name: console-gw-path-console + namespace: test-ns + spec: + hostnames: + - console.example.com + - console.internal + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: gw-a + - group: gateway.networking.k8s.io + kind: Gateway + name: gw-b + namespace: other-ns + rules: + - backendRefs: + - group: "" + kind: Service + name: console-gw-path-console + port: 8080 + weight: 1 + matches: + - path: + type: PathPrefix + value: /console + status: + parents: null +- apiVersion: v1 + data: + authentication-jwt-signingkey: cyBVLipLbStGaHl5LXg4XlAsP1glSj5XNX1KWWFISX4= + authentication-oidc-client-secret: "" + kafka-sasl-aws-msk-iam-secret-key: "" + kafka-sasl-password: "" + kafka-tls-ca: "" + kafka-tls-cert: "" + kafka-tls-key: "" + license: "" + redpanda-admin-api-password: "" + redpanda-admin-api-tls-ca: "" + redpanda-admin-api-tls-cert: "" + redpanda-admin-api-tls-key: "" + schema-registry-bearertoken: "" + schema-registry-password: "" + schemaregistry-tls-ca: "" + schemaregistry-tls-cert: "" + schemaregistry-tls-key: "" + serde-protobuf-git-basicauth-password: "" + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: console-gw-path + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: console + name: console-gw-path-console + namespace: test-ns + type: Opaque +- apiVersion: v1 + data: + key: cyBVLipLbStGaHl5LXg4XlAsP1glSj5XNX1KWWFISX4= + immutable: true + kind: Secret + metadata: + name: console-gw-path-jwt-secret + namespace: test-ns + type: Opaque +- apiVersion: v1 + automountServiceAccountToken: false + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/instance: console-gw-path + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: console + name: console-gw-path-console + namespace: test-ns +- apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: console-gw-path + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: console + name: console-gw-path-console + namespace: test-ns + spec: + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app.kubernetes.io/instance: console-gw-path + app.kubernetes.io/name: console + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} +-- gateway-enabled -- +- apiVersion: v1 + data: + config.yaml: | + # from .Values.config + {} + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/instance: console-gateway + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: console + name: console-gateway-console + namespace: test-ns +- apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/instance: console-gateway + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: console + name: console-gateway-console + namespace: test-ns + spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: console-gateway + app.kubernetes.io/name: console + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: 28d978af90a43439edaee767a120fd85a15f923d1977979170de19b9e74c5895 + labels: + app.kubernetes.io/instance: console-gateway + app.kubernetes.io/name: console + spec: + affinity: {} + automountServiceAccountToken: false + containers: + - args: + - --config.filepath=/etc/console/configs/config.yaml + env: + - name: AUTHENTICATION_JWTSIGNINGKEY + valueFrom: + secretKeyRef: + key: authentication-jwt-signingkey + name: console-gateway-console + - name: REDPANDA_METRICS_K8S_DEPLOYMENT_TYPE + value: operator + - name: REDPANDA_METRICS_K8S_CHART_VERSION + - name: REDPANDA_METRICS_K8S_CONSOLE_IMAGE_VERSION + value: redpandadata/console:v3.3.2 + - name: REDPANDA_METRICS_K8S_CLUSTER_ID + value: 00000000-0000-0000-0000-000000000000 + image: docker.redpanda.com/redpandadata/console:v3.3.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /admin/health + port: http + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: console + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /admin/health + port: http + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: {} + securityContext: + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/console/configs + name: configs + readOnly: true + - mountPath: /etc/console/secrets + name: secrets + readOnly: true + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 99 + fsGroupChangePolicy: Always + runAsUser: 99 + serviceAccount: console-gateway-console + serviceAccountName: console-gateway-console + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + defaultMode: 420 + name: console-gateway-console + name: configs + - name: secrets + secret: + defaultMode: 420 + secretName: console-gateway-console + status: {} +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + annotations: + example.com/team: platform + labels: + app.kubernetes.io/instance: console-gateway + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: console + name: console-gateway-console + namespace: test-ns + spec: + hostnames: + - console.example.com + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: my-gateway + namespace: gateway-system + rules: + - backendRefs: + - group: "" + kind: Service + name: console-gateway-console + port: 8080 + weight: 1 + matches: + - path: + type: PathPrefix + value: / + status: + parents: null +- apiVersion: v1 + data: + authentication-jwt-signingkey: QFMxdEokPGxVdnZlWXU7QVsuRiIubz9AUkNFS3YoXiw= + authentication-oidc-client-secret: "" + kafka-sasl-aws-msk-iam-secret-key: "" + kafka-sasl-password: "" + kafka-tls-ca: "" + kafka-tls-cert: "" + kafka-tls-key: "" + license: "" + redpanda-admin-api-password: "" + redpanda-admin-api-tls-ca: "" + redpanda-admin-api-tls-cert: "" + redpanda-admin-api-tls-key: "" + schema-registry-bearertoken: "" + schema-registry-password: "" + schemaregistry-tls-ca: "" + schemaregistry-tls-cert: "" + schemaregistry-tls-key: "" + serde-protobuf-git-basicauth-password: "" + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: console-gateway + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: console + name: console-gateway-console + namespace: test-ns + type: Opaque +- apiVersion: v1 + data: + key: QFMxdEokPGxVdnZlWXU7QVsuRiIubz9AUkNFS3YoXiw= + immutable: true + kind: Secret + metadata: + name: console-gateway-jwt-secret + namespace: test-ns + type: Opaque +- apiVersion: v1 + automountServiceAccountToken: false + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/instance: console-gateway + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: console + name: console-gateway-console + namespace: test-ns +- apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: console-gateway + app.kubernetes.io/managed-by: redpanda-operator + app.kubernetes.io/name: console + name: console-gateway-console + namespace: test-ns + spec: + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app.kubernetes.io/instance: console-gateway + app.kubernetes.io/name: console + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} -- jwt-set -- - apiVersion: v1 data: diff --git a/operator/internal/lifecycle/testdata/redpanda-cases.pools.golden.txtar b/operator/internal/lifecycle/testdata/redpanda-cases.pools.golden.txtar index a590b83be..734d3b82b 100644 --- a/operator/internal/lifecycle/testdata/redpanda-cases.pools.golden.txtar +++ b/operator/internal/lifecycle/testdata/redpanda-cases.pools.golden.txtar @@ -76,7 +76,7 @@ value: localhost/redpanda-operator:dev - name: REDPANDA_METRICS_K8S_CLUSTER_ID value: 00000000-0000-0000-0000-000000000000 - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + image: :v25.3.1 lifecycle: postStart: exec: @@ -209,7 +209,7 @@ - /bin/bash - -c - rpk redpanda tune all - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + image: :v25.3.1 name: tuning resources: {} securityContext: @@ -248,7 +248,7 @@ fieldRef: apiVersion: v1 fieldPath: status.hostIP - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + image: :v25.3.1 name: redpanda-configurator resources: {} volumeMounts: @@ -442,7 +442,7 @@ value: localhost/redpanda-operator:dev - name: REDPANDA_METRICS_K8S_CLUSTER_ID value: 00000000-0000-0000-0000-000000000000 - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + image: :v25.3.1 lifecycle: postStart: exec: @@ -595,7 +595,7 @@ fieldRef: apiVersion: v1 fieldPath: status.hostIP - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + image: :v25.3.1 name: redpanda-configurator resources: {} volumeMounts: @@ -971,7 +971,7 @@ xfs & wait $! command: - /bin/sh - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + image: :v25.3.1 name: fs-validator resources: limits: @@ -1237,7 +1237,7 @@ value: localhost/redpanda-operator:dev - name: REDPANDA_METRICS_K8S_CLUSTER_ID value: 00000000-0000-0000-0000-000000000000 - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + image: :v25.3.1 lifecycle: postStart: exec: @@ -1370,7 +1370,7 @@ - /bin/bash - -c - rpk redpanda tune all - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + image: :v25.3.1 name: tuning resources: {} securityContext: @@ -1409,7 +1409,7 @@ fieldRef: apiVersion: v1 fieldPath: status.hostIP - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + image: :v25.3.1 name: redpanda-configurator resources: {} volumeMounts: @@ -1603,7 +1603,7 @@ value: localhost/redpanda-operator:dev - name: REDPANDA_METRICS_K8S_CLUSTER_ID value: 00000000-0000-0000-0000-000000000000 - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + image: :v25.3.1 lifecycle: postStart: exec: @@ -1736,7 +1736,7 @@ - /bin/bash - -c - rpk redpanda tune all - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + image: :v25.3.1 name: tuning resources: {} securityContext: @@ -1775,7 +1775,7 @@ fieldRef: apiVersion: v1 fieldPath: status.hostIP - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + image: :v25.3.1 name: redpanda-configurator resources: {} volumeMounts: @@ -1970,7 +1970,7 @@ value: localhost/redpanda-operator:dev - name: REDPANDA_METRICS_K8S_CLUSTER_ID value: 00000000-0000-0000-0000-000000000000 - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + image: :v25.3.1 lifecycle: postStart: exec: @@ -2101,7 +2101,7 @@ - /bin/bash - -c - rpk redpanda tune all - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + image: :v25.3.1 name: tuning resources: {} securityContext: @@ -2140,7 +2140,7 @@ fieldRef: apiVersion: v1 fieldPath: status.hostIP - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + image: :v25.3.1 name: redpanda-configurator resources: {} volumeMounts: @@ -2335,7 +2335,7 @@ value: localhost/test:dev - name: REDPANDA_METRICS_K8S_CLUSTER_ID value: 00000000-0000-0000-0000-000000000000 - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + image: :v25.3.1 lifecycle: postStart: exec: @@ -2466,7 +2466,7 @@ - /bin/bash - -c - rpk redpanda tune all - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + image: :v25.3.1 name: tuning resources: {} securityContext: @@ -2505,7 +2505,7 @@ fieldRef: apiVersion: v1 fieldPath: status.hostIP - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + image: :v25.3.1 name: redpanda-configurator resources: {} volumeMounts: diff --git a/operator/internal/lifecycle/testdata/redpanda-cases.values.golden.txtar b/operator/internal/lifecycle/testdata/redpanda-cases.values.golden.txtar index a9ad592c3..e97229909 100644 --- a/operator/internal/lifecycle/testdata/redpanda-cases.values.golden.txtar +++ b/operator/internal/lifecycle/testdata/redpanda-cases.values.golden.txtar @@ -73,6 +73,12 @@ values: create: false enabled: true fullnameOverride: "" + gateway: + enabled: false + hostnames: + - chart-example.local + path: / + pathType: PathPrefix image: pullPolicy: IfNotPresent registry: docker.redpanda.com @@ -148,8 +154,8 @@ values: force: false fullnameOverride: "" image: - repository: redpandadata/redpanda-unstable - tag: v26.1.1-rc1 + repository: "" + tag: "" license_key: "" listeners: admin: @@ -668,6 +674,12 @@ values: create: false enabled: true fullnameOverride: "" + gateway: + enabled: false + hostnames: + - chart-example.local + path: / + pathType: PathPrefix image: pullPolicy: IfNotPresent registry: docker.redpanda.com @@ -743,8 +755,8 @@ values: force: false fullnameOverride: "" image: - repository: redpandadata/redpanda-unstable - tag: v26.1.1-rc1 + repository: "" + tag: "" license_key: "" listeners: admin: @@ -1114,8 +1126,8 @@ values: force: false fullnameOverride: "" image: - repository: redpandadata/redpanda-unstable - tag: v26.1.1-rc1 + repository: "" + tag: "" license_key: "" listeners: admin: @@ -1432,14 +1444,6 @@ pools: app.kubernetes.io/instance: '{{ .Release.Name }}' app.kubernetes.io/name: '{{ include "redpanda.name" . }}' topologyKey: kubernetes.io/hostname - containers: - - image: redpandadata/redpanda-unstable:v26.1.1-rc1 - name: redpanda - initContainers: - - image: redpandadata/redpanda-unstable:v26.1.1-rc1 - name: redpanda-configurator - - image: redpandadata/redpanda-unstable:v26.1.1-rc1 - name: tuning priorityClassName: "" securityContext: {} terminationGracePeriodSeconds: 90 @@ -1512,14 +1516,6 @@ pools: app.kubernetes.io/instance: '{{ .Release.Name }}' app.kubernetes.io/name: '{{ include "redpanda.name" . }}' topologyKey: kubernetes.io/hostname - containers: - - image: redpandadata/redpanda-unstable:v26.1.1-rc1 - name: redpanda - initContainers: - - image: redpandadata/redpanda-unstable:v26.1.1-rc1 - name: redpanda-configurator - - image: redpandadata/redpanda-unstable:v26.1.1-rc1 - name: tuning priorityClassName: "" securityContext: {} terminationGracePeriodSeconds: 90 @@ -1631,6 +1627,12 @@ values: create: false enabled: true fullnameOverride: "" + gateway: + enabled: false + hostnames: + - chart-example.local + path: / + pathType: PathPrefix image: pullPolicy: IfNotPresent registry: docker.redpanda.com @@ -1706,8 +1708,8 @@ values: force: false fullnameOverride: "" image: - repository: redpandadata/redpanda-unstable - tag: v26.1.1-rc1 + repository: "" + tag: "" license_key: "" listeners: admin: diff --git a/operator/multicluster/values.go b/operator/multicluster/values.go index e431e8315..dc9fd4e50 100644 --- a/operator/multicluster/values.go +++ b/operator/multicluster/values.go @@ -904,12 +904,10 @@ func (l *Listeners) InUseServerCerts(tls *TLS) []string { } for _, listener := range listeners { - if !listener.TLS.IsEnabled(tls) { - continue + if listener.TLS.IsEnabled(tls) { + certs[listener.TLS.Cert] = true } - certs[listener.TLS.Cert] = true - for _, external := range helmette.SortedMap(listener.External) { if !external.IsEnabled() || !external.TLS.IsEnabled(&listener.TLS, tls) { continue diff --git a/pkg/go.sum b/pkg/go.sum index 817d3b074..b3cb0b07b 100644 --- a/pkg/go.sum +++ b/pkg/go.sum @@ -306,6 +306,7 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= +github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -487,7 +488,9 @@ github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+ github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/ginkgo/v2 v2.28.0/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= +github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98 h1:H55sU3giNgBkIvmAo0vI/AAFwVTwfWsf6MN3+9H6U8o= github.com/opencontainers/go-digest v1.0.1-0.20231025023718-d50d2fec9c98/go.mod h1:RqnyioA3pIEZMkSbOIcrw32YSgETfn/VrLuEikEdPNU= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -868,6 +871,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1 sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0= +sigs.k8s.io/gateway-api v1.5.1/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= From 2abb04a19e36974bd5b1f00c896c895ccafdfe97 Mon Sep 17 00:00:00 2001 From: david-yu Date: Fri, 20 Mar 2026 19:35:59 -0700 Subject: [PATCH 08/16] fix: update operator chart golden tests and skip HTTPRoute watch when CRDs missing - Regenerate operator/chart/testdata/template-cases.golden.txtar to include the new gateway.networking.k8s.io httproutes RBAC rules added to console.ClusterRole.yaml. - Skip watching HTTPRoute resources when Gateway API CRDs are not installed in the cluster, following the same pattern used for ServiceMonitor. This prevents the operator from crashing at startup in environments without Gateway API (e.g. kuttl test clusters). - Generalize skipServiceMonitorWatchIfNotInstalled into a reusable skipWatchIfNotInstalled method. Co-Authored-By: Claude Opus 4.6 (1M context) --- .../testdata/template-cases.golden.txtar | 1200 +++++++++++++++++ .../internal/controller/console/controller.go | 16 +- 2 files changed, 1211 insertions(+), 5 deletions(-) diff --git a/operator/chart/testdata/template-cases.golden.txtar b/operator/chart/testdata/template-cases.golden.txtar index 0ff65ce9a..e6905799e 100644 --- a/operator/chart/testdata/template-cases.golden.txtar +++ b/operator/chart/testdata/template-cases.golden.txtar @@ -140,6 +140,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -898,6 +910,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -1464,6 +1488,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -2249,6 +2285,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -2835,6 +2883,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -3606,6 +3666,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -4178,6 +4250,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -5152,6 +5236,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -5981,6 +6077,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -6753,6 +6861,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -7323,6 +7443,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -8133,6 +8265,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -8791,6 +8935,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -9647,6 +9803,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -10338,6 +10506,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -11125,6 +11305,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -11698,6 +11890,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -12475,6 +12679,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -13050,6 +13266,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -13860,6 +14088,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -14433,6 +14673,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -15047,6 +15299,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -15634,6 +15898,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -16417,6 +16693,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -17008,6 +17296,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -17996,6 +18296,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -18736,6 +19048,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -19398,6 +19722,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -19959,6 +20295,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -20744,6 +21092,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -21325,6 +21685,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -22103,6 +22475,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -23043,6 +23427,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -24036,6 +24432,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -24618,6 +25026,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -25435,6 +25855,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -26008,6 +26440,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -26942,6 +27386,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -28043,6 +28499,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -28970,6 +29438,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -29545,6 +30025,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -30718,6 +31210,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -31457,6 +31961,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -32247,6 +32763,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -32837,6 +33365,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -33934,6 +34474,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -35017,6 +35569,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -35995,6 +36559,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -36987,6 +37563,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -37992,6 +38580,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -38584,6 +39184,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -39574,6 +40186,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -40157,6 +40781,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -41176,6 +41812,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -42597,6 +43245,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -43771,6 +44431,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -44463,6 +45135,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -45272,6 +45956,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -46007,6 +46703,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -47249,6 +47957,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -49386,6 +50106,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -50730,6 +51462,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -52425,6 +53169,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -53509,6 +54265,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -55772,6 +56540,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -57095,6 +57875,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -57786,6 +58578,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -59146,6 +59950,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -60501,6 +61317,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -61575,6 +62403,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -62856,6 +63696,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -64168,6 +65020,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -65038,6 +65902,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -66162,6 +67038,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -66884,6 +67772,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -68250,6 +69150,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -69099,6 +70011,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -70366,6 +71290,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -71060,6 +71996,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -71861,6 +72809,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -72518,6 +73478,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -73319,6 +74291,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -73975,6 +74959,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -74732,6 +75728,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -75298,6 +76306,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -76072,6 +77092,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -76638,6 +77670,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -77395,6 +78439,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -77961,6 +79017,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -78718,6 +79786,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -79284,6 +80364,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -80049,6 +81141,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -80615,6 +81719,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -81380,6 +82496,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -81946,6 +83074,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -82777,6 +83917,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -83444,6 +84596,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -84332,6 +85496,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -84898,6 +86074,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -85662,6 +86850,18 @@ rules: - get - patch - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: diff --git a/operator/internal/controller/console/controller.go b/operator/internal/controller/console/controller.go index cf69ce592..a9ddadbfe 100644 --- a/operator/internal/controller/console/controller.go +++ b/operator/internal/controller/console/controller.go @@ -32,6 +32,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" mcbuilder "sigs.k8s.io/multicluster-runtime/pkg/builder" mcreconcile "sigs.k8s.io/multicluster-runtime/pkg/reconcile" @@ -94,7 +95,13 @@ func (c *Controller) SetupWithManager(ctx context.Context, mgr multicluster.Mana // If it gets installed during the operator runtime, we will need to restart the operator to start watching for it. // While not ideal, given that we don't modify Console's ServiceMonitor at all, I think it's **fine**. if _, ok := t.(*monitoringv1.ServiceMonitor); ok { - if c.skipServiceMonitorWatchIfNotInstalled(ctx) { + if c.skipWatchIfNotInstalled(ctx, &monitoringv1.ServiceMonitorList{}, "ServiceMonitors") { + continue + } + } + // Skip HTTPRoute watch if Gateway API CRDs are not installed. + if _, ok := t.(*gatewayv1.HTTPRoute); ok { + if c.skipWatchIfNotInstalled(ctx, &gatewayv1.HTTPRouteList{}, "HTTPRoutes") { continue } } @@ -337,13 +344,12 @@ func (c *Controller) maybeSetJWTToken(ctx context.Context, cr *redpandav1alpha2. return nil } -func (c *Controller) skipServiceMonitorWatchIfNotInstalled(ctx context.Context) (skip bool) { - var serviceMonitorList monitoringv1.ServiceMonitorList - err := c.Ctl.List(ctx, "default", &serviceMonitorList) +func (c *Controller) skipWatchIfNotInstalled(ctx context.Context, list client.ObjectList, name string) (skip bool) { + err := c.Ctl.List(ctx, "default", list) if errors.Is(err, &meta.NoKindMatchError{}) { return true } else if err != nil { - log.Error(ctx, err, "could not list ServiceMonitors") + log.Error(ctx, err, "could not list "+name) return true } return false From ad45a111027c99847f1704e1b40c6398c84f15c8 Mon Sep 17 00:00:00 2001 From: david-yu Date: Fri, 20 Mar 2026 19:56:39 -0700 Subject: [PATCH 09/16] fix: gofumpt struct field alignment in render_test.go Co-Authored-By: Claude Opus 4.6 (1M context) --- charts/console/render_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/console/render_test.go b/charts/console/render_test.go index 726bebb5d..446471b25 100644 --- a/charts/console/render_test.go +++ b/charts/console/render_test.go @@ -102,7 +102,7 @@ func TestTypes(t *testing.T) { name: "ingress disabled", values: PartialRenderValues{ Ingress: &PartialIngressConfig{ - Enabled: ptr.To(false), + Enabled: ptr.To(false), }, ConfigMap: &PartialCreatable{ Create: ptr.To(true), @@ -113,7 +113,7 @@ func TestTypes(t *testing.T) { name: "gateway disabled", values: PartialRenderValues{ Gateway: &PartialGatewayConfig{ - Enabled: ptr.To(false), + Enabled: ptr.To(false), PathType: ptr.To(gatewayv1.PathMatchPathPrefix), }, ConfigMap: &PartialCreatable{ From 38a0104fcaac8f019d7fa0f5abd4fe2494cf57ee Mon Sep 17 00:00:00 2001 From: david-yu Date: Fri, 20 Mar 2026 20:03:04 -0700 Subject: [PATCH 10/16] fix: correct import ordering in raft_test.go Move common-go/kube/kubetest to the third-party import group where gci expects it (not the redpanda-operator prefix group). Co-Authored-By: Claude Opus 4.6 (1M context) --- pkg/multicluster/raft_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/multicluster/raft_test.go b/pkg/multicluster/raft_test.go index f693eddb9..f1f1f505a 100644 --- a/pkg/multicluster/raft_test.go +++ b/pkg/multicluster/raft_test.go @@ -20,11 +20,11 @@ import ( "github.com/go-logr/logr" "github.com/go-logr/logr/testr" + "github.com/redpanda-data/common-go/kube/kubetest" "github.com/stretchr/testify/require" "sigs.k8s.io/controller-runtime/pkg/cluster" ctrllog "sigs.k8s.io/controller-runtime/pkg/log" - "github.com/redpanda-data/common-go/kube/kubetest" "github.com/redpanda-data/redpanda-operator/pkg/multicluster" "github.com/redpanda-data/redpanda-operator/pkg/testutil" ) From 355dc907fe141908c65a2c2337fa6ceb19da2c0b Mon Sep 17 00:00:00 2001 From: david-yu Date: Fri, 20 Mar 2026 20:13:39 -0700 Subject: [PATCH 11/16] fix: regenerate _values.go.tpl after values.go changes The gotohelm-generated template was stale after the InUseServerCerts refactor in values.go. Co-Authored-By: Claude Opus 4.6 (1M context) --- .../redpanda/chart/templates/_values.go.tpl | 65 +++++++++---------- 1 file changed, 32 insertions(+), 33 deletions(-) diff --git a/charts/redpanda/chart/templates/_values.go.tpl b/charts/redpanda/chart/templates/_values.go.tpl index ca931acbe..818f2a1a6 100644 --- a/charts/redpanda/chart/templates/_values.go.tpl +++ b/charts/redpanda/chart/templates/_values.go.tpl @@ -508,10 +508,9 @@ {{- $_ := (set $certs $l.rpc.tls.cert true) -}} {{- end -}} {{- range $_, $listener := $listeners -}} -{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $listener.tls $tls)))) "r")) -}} -{{- continue -}} -{{- end -}} +{{- if (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $listener.tls $tls)))) "r") -}} {{- $_ := (set $certs $listener.tls.cert true) -}} +{{- end -}} {{- range $_, $external := $listener.external -}} {{- if (or (not (get (fromJson (include "redpanda.ExternalListener.IsEnabled" (dict "a" (list $external)))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $external.tls $listener.tls $tls)))) "r"))) -}} {{- continue -}} @@ -627,9 +626,9 @@ {{- $seen := (dict) -}} {{- $deduped := (coalesce nil) -}} {{- range $_, $item := $items -}} -{{- $_1029___ok_11 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $seen $item.key false)))) "r") -}} -{{- $_ := (index $_1029___ok_11 0) -}} -{{- $ok_11 := (index $_1029___ok_11 1) -}} +{{- $_1027___ok_11 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $seen $item.key false)))) "r") -}} +{{- $_ := (index $_1027___ok_11 0) -}} +{{- $ok_11 := (index $_1027___ok_11 1) -}} {{- if $ok_11 -}} {{- continue -}} {{- end -}} @@ -852,9 +851,9 @@ {{- $name := (index .a 1) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_1317_cert_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list $m $name (dict "enabled" (coalesce nil) "caEnabled" false "applyInternalDNSNames" (coalesce nil) "duration" "" "issuerRef" (coalesce nil) "secretRef" (coalesce nil) "clientSecretRef" (coalesce nil)))))) "r") -}} -{{- $cert := (index $_1317_cert_ok 0) -}} -{{- $ok := (index $_1317_cert_ok 1) -}} +{{- $_1315_cert_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list $m $name (dict "enabled" (coalesce nil) "caEnabled" false "applyInternalDNSNames" (coalesce nil) "duration" "" "issuerRef" (coalesce nil) "secretRef" (coalesce nil) "clientSecretRef" (coalesce nil)))))) "r") -}} +{{- $cert := (index $_1315_cert_ok 0) -}} +{{- $ok := (index $_1315_cert_ok 1) -}} {{- if (not $ok) -}} {{- $_ := (fail (printf "Certificate %q referenced, but not found in the tls.certs map" $name)) -}} {{- end -}} @@ -1333,9 +1332,9 @@ {{- $result := (dict) -}} {{- range $k, $v := $c -}} {{- if (not (empty $v)) -}} -{{- $_1847___ok_15 := (get (fromJson (include "_shims.asnumeric" (dict "a" (list $v)))) "r") -}} -{{- $_ := ((index $_1847___ok_15 0) | float64) -}} -{{- $ok_15 := (index $_1847___ok_15 1) -}} +{{- $_1845___ok_15 := (get (fromJson (include "_shims.asnumeric" (dict "a" (list $v)))) "r") -}} +{{- $_ := ((index $_1845___ok_15 0) | float64) -}} +{{- $ok_15 := (index $_1845___ok_15 1) -}} {{- if $ok_15 -}} {{- $_ := (set $result $k $v) -}} {{- else -}}{{- if (kindIs "bool" $v) -}} @@ -1361,9 +1360,9 @@ {{- $_is_returning := false -}} {{- $result := (dict) -}} {{- range $k, $v := $c -}} -{{- $_1867_b_16_ok_17 := (get (fromJson (include "_shims.typetest" (dict "a" (list "bool" $v false)))) "r") -}} -{{- $b_16 := (index $_1867_b_16_ok_17 0) -}} -{{- $ok_17 := (index $_1867_b_16_ok_17 1) -}} +{{- $_1865_b_16_ok_17 := (get (fromJson (include "_shims.typetest" (dict "a" (list "bool" $v false)))) "r") -}} +{{- $b_16 := (index $_1865_b_16_ok_17 0) -}} +{{- $ok_17 := (index $_1865_b_16_ok_17 1) -}} {{- if $ok_17 -}} {{- $_ := (set $result $k $b_16) -}} {{- continue -}} @@ -1406,15 +1405,15 @@ {{- $config := (index .a 1) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_1912___hasAccessKey := (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_access_key" (coalesce nil))))) "r") -}} -{{- $_ := (index $_1912___hasAccessKey 0) -}} -{{- $hasAccessKey := (index $_1912___hasAccessKey 1) -}} -{{- $_1913___hasSecretKey := (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_secret_key" (coalesce nil))))) "r") -}} -{{- $_ := (index $_1913___hasSecretKey 0) -}} -{{- $hasSecretKey := (index $_1913___hasSecretKey 1) -}} -{{- $_1914___hasSharedKey := (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_azure_shared_key" (coalesce nil))))) "r") -}} -{{- $_ := (index $_1914___hasSharedKey 0) -}} -{{- $hasSharedKey := (index $_1914___hasSharedKey 1) -}} +{{- $_1910___hasAccessKey := (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_access_key" (coalesce nil))))) "r") -}} +{{- $_ := (index $_1910___hasAccessKey 0) -}} +{{- $hasAccessKey := (index $_1910___hasAccessKey 1) -}} +{{- $_1911___hasSecretKey := (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_secret_key" (coalesce nil))))) "r") -}} +{{- $_ := (index $_1911___hasSecretKey 0) -}} +{{- $hasSecretKey := (index $_1911___hasSecretKey 1) -}} +{{- $_1912___hasSharedKey := (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_azure_shared_key" (coalesce nil))))) "r") -}} +{{- $_ := (index $_1912___hasSharedKey 0) -}} +{{- $hasSharedKey := (index $_1912___hasSharedKey 1) -}} {{- $envvars := (coalesce nil) -}} {{- if (and (not $hasAccessKey) (get (fromJson (include "redpanda.SecretRef.IsValid" (dict "a" (list $tsc.accessKey)))) "r")) -}} {{- $envvars = (concat (default (list) $envvars) (list (mustMergeOverwrite (dict "name" "") (dict "name" "REDPANDA_CLOUD_STORAGE_ACCESS_KEY" "valueFrom" (get (fromJson (include "redpanda.SecretRef.AsSource" (dict "a" (list $tsc.accessKey)))) "r"))))) -}} @@ -1437,12 +1436,12 @@ {{- $c := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_1950___containerExists := (get (fromJson (include "_shims.dicttest" (dict "a" (list $c "cloud_storage_azure_container" (coalesce nil))))) "r") -}} -{{- $_ := (index $_1950___containerExists 0) -}} -{{- $containerExists := (index $_1950___containerExists 1) -}} -{{- $_1951___accountExists := (get (fromJson (include "_shims.dicttest" (dict "a" (list $c "cloud_storage_azure_storage_account" (coalesce nil))))) "r") -}} -{{- $_ := (index $_1951___accountExists 0) -}} -{{- $accountExists := (index $_1951___accountExists 1) -}} +{{- $_1948___containerExists := (get (fromJson (include "_shims.dicttest" (dict "a" (list $c "cloud_storage_azure_container" (coalesce nil))))) "r") -}} +{{- $_ := (index $_1948___containerExists 0) -}} +{{- $containerExists := (index $_1948___containerExists 1) -}} +{{- $_1949___accountExists := (get (fromJson (include "_shims.dicttest" (dict "a" (list $c "cloud_storage_azure_storage_account" (coalesce nil))))) "r") -}} +{{- $_ := (index $_1949___accountExists 0) -}} +{{- $accountExists := (index $_1949___accountExists 1) -}} {{- $_is_returning = true -}} {{- (dict "r" (and $containerExists $accountExists)) | toJson -}} {{- break -}} @@ -1453,9 +1452,9 @@ {{- $c := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_1956_value_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list $c `cloud_storage_cache_size` (coalesce nil))))) "r") -}} -{{- $value := (index $_1956_value_ok 0) -}} -{{- $ok := (index $_1956_value_ok 1) -}} +{{- $_1954_value_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list $c `cloud_storage_cache_size` (coalesce nil))))) "r") -}} +{{- $value := (index $_1954_value_ok 0) -}} +{{- $ok := (index $_1954_value_ok 1) -}} {{- if (not $ok) -}} {{- $_is_returning = true -}} {{- (dict "r" (coalesce nil)) | toJson -}} From 7b6d3e08c1ce7173dd742597be0dc57fc9ea17ce Mon Sep 17 00:00:00 2001 From: david-yu Date: Fri, 20 Mar 2026 20:16:46 -0700 Subject: [PATCH 12/16] fix: update redpanda chart golden tests for TLS cert mount fix The InUseServerCerts refactor in values.go now correctly includes external listener certs when internal TLS is disabled. This updates the golden test output to reflect the additional cert mounts. Co-Authored-By: Claude Opus 4.6 (1M context) --- .../testdata/template-cases.golden.txtar | 111 ++++++++++++++++++ 1 file changed, 111 insertions(+) diff --git a/charts/redpanda/testdata/template-cases.golden.txtar b/charts/redpanda/testdata/template-cases.golden.txtar index bfb3bf315..ab42abc87 100644 --- a/charts/redpanda/testdata/template-cases.golden.txtar +++ b/charts/redpanda/testdata/template-cases.golden.txtar @@ -9092,6 +9092,8 @@ spec: initialDelaySeconds: 1 periodSeconds: 10 volumeMounts: + - mountPath: /etc/tls/certs/cert2 + name: redpanda-cert2-cert - mountPath: /etc/tls/certs/default name: redpanda-default-cert - mountPath: /etc/tls/certs/external @@ -9150,6 +9152,8 @@ spec: timeoutSeconds: 0 resources: {} volumeMounts: + - mountPath: /etc/tls/certs/cert2 + name: redpanda-cert2-cert - mountPath: /etc/tls/certs/default name: redpanda-default-cert - mountPath: /etc/tls/certs/external @@ -9178,6 +9182,8 @@ spec: runAsNonRoot: false runAsUser: 0 volumeMounts: + - mountPath: /etc/tls/certs/cert2 + name: redpanda-cert2-cert - mountPath: /etc/tls/certs/default name: redpanda-default-cert - mountPath: /etc/tls/certs/external @@ -9212,6 +9218,8 @@ spec: name: redpanda-configurator resources: {} volumeMounts: + - mountPath: /etc/tls/certs/cert2 + name: redpanda-cert2-cert - mountPath: /etc/tls/certs/default name: redpanda-default-cert - mountPath: /etc/tls/certs/external @@ -9267,6 +9275,10 @@ spec: topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: ScheduleAnyway volumes: + - name: redpanda-cert2-cert + secret: + defaultMode: 288 + secretName: redpanda-cert2-cert - name: redpanda-default-cert secret: defaultMode: 288 @@ -9330,6 +9342,31 @@ spec: # Source: redpanda/templates/entry-point.yaml apiVersion: cert-manager.io/v1 kind: Certificate +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.1 + name: redpanda-cert2-root-certificate + namespace: default +spec: + commonName: redpanda-cert2-root-certificate + duration: 43800h0m0s + isCA: true + issuerRef: + group: cert-manager.io + kind: Issuer + name: redpanda-cert2-selfsigned-issuer + privateKey: + algorithm: ECDSA + size: 256 + secretName: redpanda-cert2-root-certificate +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: cert-manager.io/v1 +kind: Certificate metadata: labels: app.kubernetes.io/component: redpanda @@ -9380,6 +9417,43 @@ spec: # Source: redpanda/templates/entry-point.yaml apiVersion: cert-manager.io/v1 kind: Certificate +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.1 + name: redpanda-cert2-cert + namespace: default +spec: + dnsNames: + - redpanda-cluster.redpanda.default.svc.cluster.local + - redpanda-cluster.redpanda.default.svc + - redpanda-cluster.redpanda.default + - '*.redpanda-cluster.redpanda.default.svc.cluster.local' + - '*.redpanda-cluster.redpanda.default.svc' + - '*.redpanda-cluster.redpanda.default' + - redpanda.default.svc.cluster.local + - redpanda.default.svc + - redpanda.default + - '*.redpanda.default.svc.cluster.local' + - '*.redpanda.default.svc' + - '*.redpanda.default' + duration: 43800h0m0s + isCA: false + issuerRef: + group: cert-manager.io + kind: Issuer + name: redpanda-cert2-root-issuer + privateKey: + algorithm: ECDSA + size: 256 + secretName: redpanda-cert2-cert +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: cert-manager.io/v1 +kind: Certificate metadata: labels: app.kubernetes.io/component: redpanda @@ -9454,6 +9528,37 @@ spec: # Source: redpanda/templates/entry-point.yaml apiVersion: cert-manager.io/v1 kind: Issuer +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.1 + name: redpanda-cert2-selfsigned-issuer + namespace: default +spec: + selfSigned: {} +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + app.kubernetes.io/component: redpanda + app.kubernetes.io/instance: redpanda + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redpanda + helm.sh/chart: redpanda-25.3.1 + name: redpanda-cert2-root-issuer + namespace: default +spec: + ca: + secretName: redpanda-cert2-root-certificate +--- +# Source: redpanda/templates/entry-point.yaml +apiVersion: cert-manager.io/v1 +kind: Issuer metadata: labels: app.kubernetes.io/component: redpanda @@ -9556,6 +9661,8 @@ spec: resources: {} securityContext: {} volumeMounts: + - mountPath: /etc/tls/certs/cert2 + name: redpanda-cert2-cert - mountPath: /etc/tls/certs/default name: redpanda-default-cert - mountPath: /etc/tls/certs/external @@ -9601,6 +9708,10 @@ spec: serviceAccountName: redpanda tolerations: [] volumes: + - name: redpanda-cert2-cert + secret: + defaultMode: 288 + secretName: redpanda-cert2-cert - name: redpanda-default-cert secret: defaultMode: 288 From 7a4aa7e54cc4ebea837ccaa1f23aa13f53fffbcd Mon Sep 17 00:00:00 2001 From: david-yu Date: Fri, 20 Mar 2026 20:31:29 -0700 Subject: [PATCH 13/16] ci: retrigger lint From c7e26cbfe18c6f57468fe3eb3aad7862215fcbcf Mon Sep 17 00:00:00 2001 From: david-yu Date: Fri, 20 Mar 2026 20:42:57 -0700 Subject: [PATCH 14/16] fix: update third-party licenses and lifecycle golden files - Update licenses/third_party.md for gomega v1.39.1 and gateway-api v1.5.1 - Regenerate lifecycle golden files with CI env vars (TEST_REDPANDA_REPO and TEST_REDPANDA_VERSION) so they match CI-rendered output Co-Authored-By: Claude Opus 4.6 (1M context) --- licenses/third_party.md | 4 +-- .../redpanda-cases.pools.golden.txtar | 36 +++++++++---------- .../redpanda-cases.values.golden.txtar | 32 ++++++++++++----- 3 files changed, 44 insertions(+), 28 deletions(-) diff --git a/licenses/third_party.md b/licenses/third_party.md index 2774cfcf0..b5f385971 100644 --- a/licenses/third_party.md +++ b/licenses/third_party.md @@ -191,7 +191,7 @@ run `task generate:third-party-licenses-list` | github.com/monochromegane/go-gitignore | [MIT](https://github.com/monochromegane/go-gitignore/blob/205db1a8cc00/LICENSE) | | github.com/munnerz/goautoneg | [BSD-3-Clause](https://github.com/munnerz/goautoneg/blob/a7dc8b61c822/LICENSE) | | github.com/mxk/go-flowrate/flowrate | [BSD-3-Clause](https://github.com/mxk/go-flowrate/blob/cca7078d478f/LICENSE) | -| github.com/onsi/gomega | [MIT](https://github.com/onsi/gomega/blob/v1.38.2/LICENSE) | +| github.com/onsi/gomega | [MIT](https://github.com/onsi/gomega/blob/v1.39.1/LICENSE) | | github.com/opencontainers/go-digest | [Apache-2.0](https://github.com/opencontainers/go-digest/blob/d50d2fec9c98/LICENSE) | | github.com/opencontainers/image-spec/specs-go | [Apache-2.0](https://github.com/opencontainers/image-spec/blob/v1.1.1/LICENSE) | | github.com/peterbourgon/diskv | [MIT](https://github.com/peterbourgon/diskv/blob/v2.0.1/LICENSE) | @@ -317,7 +317,7 @@ run `task generate:third-party-licenses-list` | pgregory.net/rapid | [MPL-2.0](https://github.com/chrisseto/rapid/blob/cdeef406c65c/LICENSE) | | sigs.k8s.io/apiserver-network-proxy/konnectivity-client | [Apache-2.0](https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.34.0/konnectivity-client/LICENSE) | | sigs.k8s.io/controller-runtime | [Apache-2.0](https://github.com/kubernetes-sigs/controller-runtime/blob/v0.23.1/LICENSE) | -| sigs.k8s.io/gateway-api/apis/v1 | [Apache-2.0](https://github.com/kubernetes-sigs/gateway-api/blob/v1.4.1/LICENSE) | +| sigs.k8s.io/gateway-api/apis/v1 | [Apache-2.0](https://github.com/kubernetes-sigs/gateway-api/blob/v1.5.1/LICENSE) | | sigs.k8s.io/json | [Apache-2.0](https://github.com/kubernetes-sigs/json/blob/2d320260d730/LICENSE) | | sigs.k8s.io/json | [BSD-3-Clause](https://github.com/kubernetes-sigs/json/blob/2d320260d730/LICENSE) | | sigs.k8s.io/kustomize/api | [Apache-2.0](https://github.com/kubernetes-sigs/kustomize/blob/api/v0.20.1/api/LICENSE) | diff --git a/operator/internal/lifecycle/testdata/redpanda-cases.pools.golden.txtar b/operator/internal/lifecycle/testdata/redpanda-cases.pools.golden.txtar index 734d3b82b..a590b83be 100644 --- a/operator/internal/lifecycle/testdata/redpanda-cases.pools.golden.txtar +++ b/operator/internal/lifecycle/testdata/redpanda-cases.pools.golden.txtar @@ -76,7 +76,7 @@ value: localhost/redpanda-operator:dev - name: REDPANDA_METRICS_K8S_CLUSTER_ID value: 00000000-0000-0000-0000-000000000000 - image: :v25.3.1 + image: redpandadata/redpanda-unstable:v26.1.1-rc1 lifecycle: postStart: exec: @@ -209,7 +209,7 @@ - /bin/bash - -c - rpk redpanda tune all - image: :v25.3.1 + image: redpandadata/redpanda-unstable:v26.1.1-rc1 name: tuning resources: {} securityContext: @@ -248,7 +248,7 @@ fieldRef: apiVersion: v1 fieldPath: status.hostIP - image: :v25.3.1 + image: redpandadata/redpanda-unstable:v26.1.1-rc1 name: redpanda-configurator resources: {} volumeMounts: @@ -442,7 +442,7 @@ value: localhost/redpanda-operator:dev - name: REDPANDA_METRICS_K8S_CLUSTER_ID value: 00000000-0000-0000-0000-000000000000 - image: :v25.3.1 + image: redpandadata/redpanda-unstable:v26.1.1-rc1 lifecycle: postStart: exec: @@ -595,7 +595,7 @@ fieldRef: apiVersion: v1 fieldPath: status.hostIP - image: :v25.3.1 + image: redpandadata/redpanda-unstable:v26.1.1-rc1 name: redpanda-configurator resources: {} volumeMounts: @@ -971,7 +971,7 @@ xfs & wait $! command: - /bin/sh - image: :v25.3.1 + image: redpandadata/redpanda-unstable:v26.1.1-rc1 name: fs-validator resources: limits: @@ -1237,7 +1237,7 @@ value: localhost/redpanda-operator:dev - name: REDPANDA_METRICS_K8S_CLUSTER_ID value: 00000000-0000-0000-0000-000000000000 - image: :v25.3.1 + image: redpandadata/redpanda-unstable:v26.1.1-rc1 lifecycle: postStart: exec: @@ -1370,7 +1370,7 @@ - /bin/bash - -c - rpk redpanda tune all - image: :v25.3.1 + image: redpandadata/redpanda-unstable:v26.1.1-rc1 name: tuning resources: {} securityContext: @@ -1409,7 +1409,7 @@ fieldRef: apiVersion: v1 fieldPath: status.hostIP - image: :v25.3.1 + image: redpandadata/redpanda-unstable:v26.1.1-rc1 name: redpanda-configurator resources: {} volumeMounts: @@ -1603,7 +1603,7 @@ value: localhost/redpanda-operator:dev - name: REDPANDA_METRICS_K8S_CLUSTER_ID value: 00000000-0000-0000-0000-000000000000 - image: :v25.3.1 + image: redpandadata/redpanda-unstable:v26.1.1-rc1 lifecycle: postStart: exec: @@ -1736,7 +1736,7 @@ - /bin/bash - -c - rpk redpanda tune all - image: :v25.3.1 + image: redpandadata/redpanda-unstable:v26.1.1-rc1 name: tuning resources: {} securityContext: @@ -1775,7 +1775,7 @@ fieldRef: apiVersion: v1 fieldPath: status.hostIP - image: :v25.3.1 + image: redpandadata/redpanda-unstable:v26.1.1-rc1 name: redpanda-configurator resources: {} volumeMounts: @@ -1970,7 +1970,7 @@ value: localhost/redpanda-operator:dev - name: REDPANDA_METRICS_K8S_CLUSTER_ID value: 00000000-0000-0000-0000-000000000000 - image: :v25.3.1 + image: redpandadata/redpanda-unstable:v26.1.1-rc1 lifecycle: postStart: exec: @@ -2101,7 +2101,7 @@ - /bin/bash - -c - rpk redpanda tune all - image: :v25.3.1 + image: redpandadata/redpanda-unstable:v26.1.1-rc1 name: tuning resources: {} securityContext: @@ -2140,7 +2140,7 @@ fieldRef: apiVersion: v1 fieldPath: status.hostIP - image: :v25.3.1 + image: redpandadata/redpanda-unstable:v26.1.1-rc1 name: redpanda-configurator resources: {} volumeMounts: @@ -2335,7 +2335,7 @@ value: localhost/test:dev - name: REDPANDA_METRICS_K8S_CLUSTER_ID value: 00000000-0000-0000-0000-000000000000 - image: :v25.3.1 + image: redpandadata/redpanda-unstable:v26.1.1-rc1 lifecycle: postStart: exec: @@ -2466,7 +2466,7 @@ - /bin/bash - -c - rpk redpanda tune all - image: :v25.3.1 + image: redpandadata/redpanda-unstable:v26.1.1-rc1 name: tuning resources: {} securityContext: @@ -2505,7 +2505,7 @@ fieldRef: apiVersion: v1 fieldPath: status.hostIP - image: :v25.3.1 + image: redpandadata/redpanda-unstable:v26.1.1-rc1 name: redpanda-configurator resources: {} volumeMounts: diff --git a/operator/internal/lifecycle/testdata/redpanda-cases.values.golden.txtar b/operator/internal/lifecycle/testdata/redpanda-cases.values.golden.txtar index e97229909..28da5cf15 100644 --- a/operator/internal/lifecycle/testdata/redpanda-cases.values.golden.txtar +++ b/operator/internal/lifecycle/testdata/redpanda-cases.values.golden.txtar @@ -154,8 +154,8 @@ values: force: false fullnameOverride: "" image: - repository: "" - tag: "" + repository: redpandadata/redpanda-unstable + tag: v26.1.1-rc1 license_key: "" listeners: admin: @@ -755,8 +755,8 @@ values: force: false fullnameOverride: "" image: - repository: "" - tag: "" + repository: redpandadata/redpanda-unstable + tag: v26.1.1-rc1 license_key: "" listeners: admin: @@ -1126,8 +1126,8 @@ values: force: false fullnameOverride: "" image: - repository: "" - tag: "" + repository: redpandadata/redpanda-unstable + tag: v26.1.1-rc1 license_key: "" listeners: admin: @@ -1444,6 +1444,14 @@ pools: app.kubernetes.io/instance: '{{ .Release.Name }}' app.kubernetes.io/name: '{{ include "redpanda.name" . }}' topologyKey: kubernetes.io/hostname + containers: + - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + name: redpanda + initContainers: + - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + name: redpanda-configurator + - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + name: tuning priorityClassName: "" securityContext: {} terminationGracePeriodSeconds: 90 @@ -1516,6 +1524,14 @@ pools: app.kubernetes.io/instance: '{{ .Release.Name }}' app.kubernetes.io/name: '{{ include "redpanda.name" . }}' topologyKey: kubernetes.io/hostname + containers: + - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + name: redpanda + initContainers: + - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + name: redpanda-configurator + - image: redpandadata/redpanda-unstable:v26.1.1-rc1 + name: tuning priorityClassName: "" securityContext: {} terminationGracePeriodSeconds: 90 @@ -1708,8 +1724,8 @@ values: force: false fullnameOverride: "" image: - repository: "" - tag: "" + repository: redpandadata/redpanda-unstable + tag: v26.1.1-rc1 license_key: "" listeners: admin: From 2f030a2a78903d7d17f9e7b896b21c48f9a81f4b Mon Sep 17 00:00:00 2001 From: david-yu Date: Sun, 22 Mar 2026 22:56:03 -0700 Subject: [PATCH 15/16] Revert raft_test.go import reordering per review feedback Restore common-go/kube/kubetest to the redpanda-operator import group as requested by RafalKorepta. Co-Authored-By: Claude Opus 4.6 (1M context) --- pkg/multicluster/raft_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/multicluster/raft_test.go b/pkg/multicluster/raft_test.go index f1f1f505a..f693eddb9 100644 --- a/pkg/multicluster/raft_test.go +++ b/pkg/multicluster/raft_test.go @@ -20,11 +20,11 @@ import ( "github.com/go-logr/logr" "github.com/go-logr/logr/testr" - "github.com/redpanda-data/common-go/kube/kubetest" "github.com/stretchr/testify/require" "sigs.k8s.io/controller-runtime/pkg/cluster" ctrllog "sigs.k8s.io/controller-runtime/pkg/log" + "github.com/redpanda-data/common-go/kube/kubetest" "github.com/redpanda-data/redpanda-operator/pkg/multicluster" "github.com/redpanda-data/redpanda-operator/pkg/testutil" ) From d9c1cc404597ebd712d4e20a45f749cdd4be7b73 Mon Sep 17 00:00:00 2001 From: david-yu Date: Mon, 23 Mar 2026 14:55:51 -0700 Subject: [PATCH 16/16] allow ingress and gateway to coexist for migration support Remove mutual exclusion validation so both Ingress and HTTPRoute can be enabled simultaneously, enabling gradual traffic migration from Ingress to Gateway API. Co-Authored-By: Claude Opus 4.6 (1M context) --- charts/console/chart/notes.go | 3 ++- .../console/chart/templates/_chart.notes.tpl | 4 ++-- charts/console/render.go | 4 ---- charts/console/render_test.go | 22 +++++++++++++++---- 4 files changed, 22 insertions(+), 11 deletions(-) diff --git a/charts/console/chart/notes.go b/charts/console/chart/notes.go index 93aa76b3e..b1561f929 100644 --- a/charts/console/chart/notes.go +++ b/charts/console/chart/notes.go @@ -25,7 +25,8 @@ func Notes(dot *helmette.Dot) []string { for _, hostname := range values.Gateway.Hostnames { commands = append(commands, fmt.Sprintf("http://%s%s", hostname, values.Gateway.Path)) } - } else if values.Ingress.Enabled { + } + if values.Ingress.Enabled { scheme := "http" if len(values.Ingress.TLS) > 0 { scheme = "https" diff --git a/charts/console/chart/templates/_chart.notes.tpl b/charts/console/chart/templates/_chart.notes.tpl index 056cdf31e..acbf068e4 100644 --- a/charts/console/chart/templates/_chart.notes.tpl +++ b/charts/console/chart/templates/_chart.notes.tpl @@ -14,7 +14,8 @@ {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- else -}}{{- if $values.ingress.enabled -}} +{{- end -}} +{{- if $values.ingress.enabled -}} {{- $scheme := "http" -}} {{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.ingress.tls)))) "r") | int) (0 | int)) -}} {{- $scheme = "https" -}} @@ -31,7 +32,6 @@ {{- break -}} {{- end -}} {{- end -}} -{{- end -}} {{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $commands)))) "r") | int) (1 | int)) -}} {{- $_is_returning = true -}} {{- (dict "r" $commands) | toJson -}} diff --git a/charts/console/render.go b/charts/console/render.go index ae3c5d550..dca343494 100644 --- a/charts/console/render.go +++ b/charts/console/render.go @@ -105,10 +105,6 @@ func NewRenderState(namespace, name string, labels map[string]string, values Par return nil, errors.WithStack(err) } - if rv.Ingress.Enabled && rv.Gateway.Enabled { - return nil, errors.New("ingress and gateway cannot both be enabled; use one or the other") - } - return &RenderState{ Namespace: namespace, ReleaseName: name, diff --git a/charts/console/render_test.go b/charts/console/render_test.go index 446471b25..7db1fe7b2 100644 --- a/charts/console/render_test.go +++ b/charts/console/render_test.go @@ -148,8 +148,8 @@ func TestTypes(t *testing.T) { } } -func TestIngressGatewayMutualExclusion(t *testing.T) { - _, err := NewRenderState("test-namespace", "test-release", nil, PartialRenderValues{ +func TestIngressAndGatewayCoexistence(t *testing.T) { + state, err := NewRenderState("test-namespace", "test-release", nil, PartialRenderValues{ Ingress: &PartialIngressConfig{ Enabled: ptr.To(true), Hosts: []PartialIngressHost{ @@ -174,8 +174,22 @@ func TestIngressGatewayMutualExclusion(t *testing.T) { Hostnames: []string{"console.example.com"}, }, }) - require.Error(t, err) - require.Contains(t, err.Error(), "ingress and gateway cannot both be enabled") + require.NoError(t, err) + + var hasIngress, hasHTTPRoute bool + for _, obj := range Render(state) { + if !isNonNil(obj) { + continue + } + if _, ok := obj.(*networkingv1.Ingress); ok { + hasIngress = true + } + if _, ok := obj.(*gatewayv1.HTTPRoute); ok { + hasHTTPRoute = true + } + } + require.True(t, hasIngress, "both enabled should produce Ingress") + require.True(t, hasHTTPRoute, "both enabled should produce HTTPRoute") } // findHTTPRoute extracts the rendered HTTPRoute from a Render output, or nil.