feat: add optional name to httproute rules#407
Conversation
tboerger
force-pushed
the
feat/gateway-rule-name
branch
2 times, most recently
from
b8c794b to
ab4af24
Compare
|
Hi @tboerger, thanks for this PR! The use case makes sense — being able to target specific HTTPRoute rules with SecurityPolicy via CI is green ✅ (both DCO and lint-test pass). A few suggestions/requests before merging: 1. Field positioning in the templatePer the Gateway API spec, {{- range .Values.gatewayApi.rules }}
- - matches:
+ - {{- if .name }}
+ name: {{ .name }}
+ {{- end }}
+ matches:(or at minimum before 2. Version bump conflictYou bumped to 3. Add a CI test value fileThere's no chart-testing scenario covering the # ci/httproute-name-values.yaml
gatewayApi:
enabled: true
gatewayRef:
name: test-gateway
rules:
- name: service
matches:
- path:
type: PathPrefix
value: /
- name: metrics
matches:
- path:
type: PathPrefix
value: /metrics4. Document the new field in values.yamlThe # HTTPRoute rule configuration
# rules:
# - name: service # optional: enables targeting by sectionName in policies
# matches:
# - path:
# type: PathPrefix
# value: /Let me know if you have questions — happy to help! |
There was a problem hiding this comment.
Pull request overview
This PR extends the Helm chart’s Gateway API support by allowing each generated HTTPRoute rule to optionally set a name, enabling external policy resources (e.g., Envoy Gateway SecurityPolicy) to target specific rules via sectionName.
Changes:
- Add optional
namerendering for eachgatewayApi.rules[]entry in theHTTPRoutetemplate. - Bump chart version to
10.5.0. - Update the Artifact Hub changelog entry to describe the new capability and link to the PR.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
helm/oauth2-proxy/templates/httproute.yaml |
Adds optional rule-level name field rendering for HTTPRoute rules. |
helm/oauth2-proxy/Chart.yaml |
Bumps chart version and updates Artifact Hub changelog entry/link. |
Comments suppressed due to low confidence (1)
helm/oauth2-proxy/templates/httproute.yaml:54
- This introduces a new user-facing value (
gatewayApi.rules[].name), but it isn't currently documented in the chart values examples/README (onlymatches/filtersare shown). Please add it to the documented Gateway API rules examples so users can discover how to set it for PolicyAttachmentsectionNameuse-cases.
{{- if .name }}
name: {{ .name }}
{{- end }}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
In order to apply security policies from gateway api implementations like Envoy Gateway to the HTTPRoute I have added an optional name attribute to the rules. These name attributes can be matched by the sectionName of other resources. Signed-off-by: Thomas Boerger <thomas@webhippie.de>
tboerger
force-pushed
the
feat/gateway-rule-name
branch
from
ab4af24 to
9539190
Compare
|
@pierluigilenoci sorry for the delay, I have integrated your requested changes now. |
Update the Helm chart README to: - include the optional 'name' field in the Advanced Gateway API configuration example - add a new subsection explaining how rules[].name maps to sectionName on policies (SecurityPolicy, BackendTrafficPolicy, etc.) so that consumers can target individual HTTPRoute rules. Addresses Copilot review comment on Chart.yaml:37. Signed-off-by: Pierluigi Lenoci <pierluigi.lenoci@gmail.com>
Description
In order to apply security policies from gateway api implementations like Envoy Gateway to the HTTPRoute I have added an optional name attribute to the rules. These name attributes can be matched by the sectionName of other resources.
As an example this can't match without a named rule to specific rules:
Checklist: