MetaCell · filippomc · Oct 28, 2025 · Oct 23, 2025 · Oct 23, 2025 · Oct 27, 2025
diff --git a/applications/common/deploy/values.yaml b/applications/common/deploy/values.yaml
@@ -5,6 +5,9 @@ harness:
     auto: true
     port: 8080
     name: common
+  proxy:
+    gatekeeper:
+      replicas: 1
   deployment:
     auto: true
     name: common

diff --git a/applications/samples/deploy/values.yaml b/applications/samples/deploy/values.yaml
@@ -17,6 +17,9 @@ harness:
       usenfs: false
     auto: true
     port: 8080
+  proxy:
+    gatekeeper:
+      replicas: 1
   uri_role_mapping:
     - uri: /
       white-listed: true

diff --git a/applications/volumemanager/deploy/values.yaml b/applications/volumemanager/deploy/values.yaml
@@ -1,6 +1,9 @@
 harness:
   name: volumemanager
   subdomain: volumemanager
+  proxy:
+    gatekeeper:
+      replicas: 1
   service:
     port: 8080
     auto: true

diff --git a/deployment-configuration/helm/templates/auto-gatekeepers.yaml b/deployment-configuration/helm/templates/auto-gatekeepers.yaml
@@ -121,7 +121,7 @@ metadata:
   labels:
     app: "{{ .subdomain  }}-gk"
 spec:
-  replicas: 1
+  replicas: {{ .app.harness.proxy.gatekeeper.replicas | default .root.Values.proxy.gatekeeper.replicas | default 5 }}
   selector:
     matchLabels:
       app: "{{ .subdomain  }}-gk"
@@ -135,7 +135,7 @@ spec:
 {{ include "deploy_utils.etcHosts" .root | indent 6 }}
       containers:
       - name: {{ .app.harness.service.name | quote }}
-        image: "quay.io/gogatekeeper/gatekeeper:2.14.3"
+        image: {{ .app.harness.proxy.gatekeeper.image | default .root.Values.proxy.gatekeeper.image | default "quay.io/gogatekeeper/gatekeeper:2.14.3" }}
         imagePullPolicy: IfNotPresent
         {{ if .root.Values.local }}
         securityContext:
@@ -165,7 +165,6 @@ spec:
         resources:
           requests:
             memory: "32Mi"
-            memory: "32Mi"
+            memory: "32Mi"
+            cpu: "100m"
-            memory: "32Mi"
+            memory: "32Mi"
+            cpu: "100m"
-            cpu: "5m"
           limits:
             memory: "64Mi"
             cpu: "100m"

diff --git a/deployment-configuration/helm/templates/ingress.yaml b/deployment-configuration/helm/templates/ingress.yaml
@@ -1,15 +1,52 @@
 {{- define "deploy_utils.ingress.http" }}
   {{ $domain := .root.Values.domain }}
   {{ $secured_gatekeepers := and .root.Values.secured_gatekeepers }}
+  {{ $app := .app }}
     http:
       paths:
+{{- if and $app.harness.secured $secured_gatekeepers $app.harness.uri_role_mapping }}
+  {{- range $mapping := $app.harness.uri_role_mapping }}
+    {{- if and (hasKey $mapping "white-listed") (index $mapping "white-listed") }}
+      {{- $uri := $mapping.uri }}
+      {{- if eq $uri "/" }}
+      - path: /()
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: {{ $app.harness.service.name | quote }}
+            port:
+              number: {{ $app.harness.service.port | default 80 }}
+      {{- else if hasSuffix "/*" $uri }}
+        {{- $cleanPath := trimSuffix "/*" $uri }}
+        {{- $pathWithoutSlash := trimPrefix "/" $cleanPath }}
+      - path: {{ printf "/(%s/.*)" $pathWithoutSlash }}
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: {{ $app.harness.service.name | quote }}
+            port:
+              number: {{ $app.harness.service.port | default 80 }}
+      {{- else if not (contains "*" $uri) }}
+        {{- $pathWithoutSlash := trimPrefix "/" $uri }}
+      - path: {{ printf "/(%s)" $pathWithoutSlash }}
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: {{ $app.harness.service.name | quote }}
+            port:
+              number: {{ $app.harness.service.port | default 80 }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+{{- end }}
       - path: /(.*)
         pathType: ImplementationSpecific
         backend:
           service:
-            name: {{ if (and .app.harness.secured $secured_gatekeepers) }}{{ printf "%s-gk" .subdomain }}{{ else }}{{ .app.harness.service.name | quote }}{{ end }}
+            name: {{ if (and $app.harness.secured $secured_gatekeepers) }}{{ printf "%s-gk" .subdomain }}{{ else }}{{ $app.harness.service.name | quote }}{{ end }}
             port:
-              number: {{- if (and .app.harness.secured $secured_gatekeepers) }} 8080 {{- else }} {{ .app.harness.service.port | default 80  }}{{- end }}
+              number: {{- if (and $app.harness.secured $secured_gatekeepers) }} 8080 {{- else }} {{ $app.harness.service.port | default 80  }}{{- end }}
+
 {{- end }}
 {{- define "deploy_utils.ingress.service" }}
   {{ $domain := .root.Values.domain }}
@@ -40,6 +77,9 @@ metadata:
     nginx.ingress.kubernetes.io/ssl-redirect: {{ (and $tls .Values.ingress.ssl_redirect) | quote }}
     nginx.ingress.kubernetes.io/proxy-body-size: '{{ .Values.proxy.payload.max }}m'
     nginx.ingress.kubernetes.io/proxy-buffer-size: '128k'
+    nginx.ingress.kubernetes.io/proxy-buffering: "on"
+    nginx.ingress.kubernetes.io/proxy-buffers-number: "8"
+    nginx.ingress.kubernetes.io/proxy-max-temp-file-size: "1024m"
     nginx.ingress.kubernetes.io/from-to-www-redirect: 'true'
     nginx.ingress.kubernetes.io/rewrite-target: /$1
     nginx.ingress.kubernetes.io/auth-keepalive-timeout: {{ .Values.proxy.timeout.keepalive | quote }}

diff --git a/deployment-configuration/helm/values.yaml b/deployment-configuration/helm/values.yaml
@@ -76,3 +76,8 @@ proxy:
   payload:
     # -- Maximum size of payload in MB
     max: 250
+  gatekeeper:
+    # -- Default gatekeeper image
+    image: "quay.io/gogatekeeper/gatekeeper:2.14.3"
+    # -- Default number of gatekeeper replicas
+    replicas: 5
diff --git a/deployment-configuration/value-template.yaml b/deployment-configuration/value-template.yaml
@@ -139,3 +139,8 @@ harness:
     payload:
       # -- Maximum size of payload in MB
       max:
+    gatekeeper:
+      # -- Default gatekeeper image
+      image: "quay.io/gogatekeeper/gatekeeper:2.14.3"
+      # -- Default number of gatekeeper replicas
+      replicas: 5
diff --git a/docs/model/GatekeeperConf.md b/docs/model/GatekeeperConf.md
@@ -0,0 +1,31 @@
+# GatekeeperConf
+
+
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**image** | **str** |  | [optional] 
+**replicas** | **int** |  | [optional] 
+
+## Example
+
+```python
+from cloudharness_model.models.gatekeeper_conf import GatekeeperConf
+
+# TODO update the JSON string below
+json = "{}"
+# create an instance of GatekeeperConf from a JSON string
+gatekeeper_conf_instance = GatekeeperConf.from_json(json)
+# print the JSON string representation of the object
+print(GatekeeperConf.to_json())
+
+# convert the object into a dict
+gatekeeper_conf_dict = gatekeeper_conf_instance.to_dict()
+# create an instance of GatekeeperConf from a dict
+gatekeeper_conf_from_dict = GatekeeperConf.from_dict(gatekeeper_conf_dict)
+```
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/docs/model/ProxyConf.md b/docs/model/ProxyConf.md
@@ -9,6 +9,7 @@ Name | Type | Description | Notes
 **forwarded_headers** | **bool** |  | [optional] 
 **payload** | [**ProxyPayloadConf**](ProxyPayloadConf.md) |  | [optional] 
 **timeout** | [**ProxyTimeoutConf**](ProxyTimeoutConf.md) |  | [optional] 
+**gatekeeper** | [**GatekeeperConf**](GatekeeperConf.md) |  | [optional] 
 
 ## Example
 

diff --git a/libraries/models/README.md b/libraries/models/README.md
@@ -87,6 +87,7 @@ Class | Method | HTTP request | Description
  - [DockerfileConfig](docs/DockerfileConfig.md)
  - [E2ETestsConfig](docs/E2ETestsConfig.md)
  - [FileResourcesConfig](docs/FileResourcesConfig.md)
+ - [GatekeeperConf](docs/GatekeeperConf.md)
  - [GitDependencyConfig](docs/GitDependencyConfig.md)
  - [HarnessMainConfig](docs/HarnessMainConfig.md)
  - [IngressConfig](docs/IngressConfig.md)