CH-225 implement gatekeeper and ingress optimizations

[filippomc]

Closes CH-225

Implemented solution

• white-listed endpoints bypassing gatekeepers at the ingress level
• gatekeepers replicas being configurable -- default 5

How to test this PR

Can test on samples application: the home page should be visible without logging in.

Sanity checks:

• The pull request is explicitly linked to the relevant issue(s)
• The issue is well described: clearly states the problem and the general proposed solution(s)
• In this PR it is explicitly stated how to test the current change
• The labels in the issue set the scope and the type of issue (bug, feature, etc.)
• The relevant components are indicated in the issue (if any)
• All the automated test checks are passing
• All the linked issues are included in one Sprint
• All the linked issues are in the Review state
• All the linked issues are assigned

Breaking changes (select one):

• The present changes do not change the preexisting api in any way
• This PR and the issue are tagged as a breaking-change and the migration procedure is well described above

Possible deployment updates issues (select one):

• There is no reason why deployments based on CloudHarness may break after the current update
• This PR and the issue are tagged as alert:deployment

Test coverage (select one):

• Tests for the relevant cases are included in this pr
• The changes included in this pr are out of the current test coverage scope

Documentation (select one):

• The documentation has been updated to match the current changes
• The changes included in this PR are out of the current documentation scope

Nice to have (if relevant):

• Screenshots of the changes
• Explanatory video/animated gif

[Copilot]

Pull Request Overview

This PR implements gatekeeper and ingress optimizations by adding configurable gatekeeper replicas (default: 5) and supporting white-listed endpoints that bypass authentication at the ingress level.

Key Changes:

• Added GatekeeperConf model with configurable image and replicas properties
• Extended ingress template to create direct routes for white-listed URIs, bypassing gatekeepers
• Updated default gatekeeper configuration with optimized replica count and nginx proxy buffer settings

Reviewed Changes

Copilot reviewed 16 out of 16 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
libraries/models/api/openapi.yaml	Added GatekeeperConf schema definition with image and replicas properties
libraries/models/cloudharness_model/models/gatekeeper_conf.py	Generated Python model class for GatekeeperConf
libraries/models/cloudharness_model/models/proxy_conf.py	Added gatekeeper field to ProxyConf model
deployment-configuration/helm/templates/ingress.yaml	Implemented white-listed URI handling to bypass gatekeepers at ingress level
deployment-configuration/helm/templates/auto-gatekeepers.yaml	Made gatekeeper replicas and image configurable
deployment-configuration/value-template.yaml	Added default gatekeeper configuration (5 replicas)
deployment-configuration/helm/values.yaml	Added default gatekeeper configuration values
applications/*/deploy/values.yaml	Set gatekeeper replicas to 1 for specific applications

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

CPU request was removed but CPU limit remains. Consider whether the CPU limit should also be removed, or if a request should be restored to ensure proper resource allocation and scheduling.

Suggested change

	memory: "32Mi"
	memory: "32Mi"
	cpu: "100m"

[filippomc]

cpu request has been removed to ensure pods can be scheduled with high replicas

[alxbrd]

Looks good to me. I think the default of 5 replicas is sensible.

[filippomc]

Changed the default configuration back to one replica and no cpu limits based on the conversation here: gogatekeeper/gatekeeper#642

[alxbrd]

Changed the default configuration back to one replica and no cpu limits based on the conversation here: gogatekeeper/gatekeeper#642

Interesting to see a different load testing tool used to benchmark: https://github.com/tsenart/vegeta

[alxbrd]

Based on the latest thread with the gogatekeeper developer this now looks good to me.