From d5e8d7b7d92140b2cb908e99303df2a07b03531e Mon Sep 17 00:00:00 2001 From: ariyonaty Date: Wed, 8 Apr 2026 22:54:23 +0300 Subject: [PATCH] feat: add basic support for Gateway API HTTPRoute for routing --- helm/defectdojo/README.md | 3 ++ .../templates/django-httproute.yaml | 53 +++++++++++++++++++ helm/defectdojo/values.schema.json | 17 ++++++ helm/defectdojo/values.yaml | 10 ++++ 4 files changed, 83 insertions(+) create mode 100644 helm/defectdojo/templates/django-httproute.yaml diff --git a/helm/defectdojo/README.md b/helm/defectdojo/README.md index 519decabd6a..b03bf2e1559 100644 --- a/helm/defectdojo/README.md +++ b/helm/defectdojo/README.md @@ -618,6 +618,9 @@ A Helm chart for Kubernetes to install DefectDojo | django.extraInitContainers | list | `[]` | A list of additional initContainers to run before the uwsgi and nginx containers. | | django.extraVolumeMounts | list | `[]` | Array of additional volume mount points common to all containers and initContainers. | | django.extraVolumes | list | `[]` | A list of extra volumes to mount. | +| django.httpRoute | object | `{"annotations":{},"enabled":false,"parentRefs":[]}` | Expose the Django service via Gateway API HTTPRoute | +| django.httpRoute.annotations | object | `{}` | Annotations for the HTTPRoute resource | +| django.httpRoute.parentRefs | list | `[]` | Parent gateway references for the HTTPRoute parentRefs: - name: my-gateway namespace: default | | django.ingress.activateTLS | bool | `true` | | | django.ingress.annotations | object | `{}` | Restricts the type of ingress controller that can interact with our chart (nginx, traefik, ...) `kubernetes.io/ingress.class: nginx` Depending on the size and complexity of your scans, you might want to increase the default ingress timeouts if you see repeated 504 Gateway Timeouts `nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"` `nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"` | | django.ingress.enabled | bool | `true` | | diff --git a/helm/defectdojo/templates/django-httproute.yaml b/helm/defectdojo/templates/django-httproute.yaml new file mode 100644 index 00000000000..e5f11c6ca80 --- /dev/null +++ b/helm/defectdojo/templates/django-httproute.yaml @@ -0,0 +1,53 @@ +{{- if .Values.django.httpRoute.enabled -}} +{{- $fullName := include "defectdojo.fullname" . -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + {{- if or .Values.extraAnnotations .Values.django.httpRoute.annotations }} + annotations: + {{- range $key, $value := .Values.extraAnnotations }} + {{ $key }}: {{ quote $value }} + {{- end }} + {{- range $key, $value := .Values.django.httpRoute.annotations }} + {{ $key }}: {{ quote $value }} + {{- end }} + {{- end }} + labels: + defectdojo.org/component: django + app.kubernetes.io/name: {{ include "defectdojo.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ quote $value }} + {{- end }} + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} +spec: + parentRefs: + {{- range .Values.django.httpRoute.parentRefs }} + - group: {{ .group | default "gateway.networking.k8s.io" }} + kind: {{ .kind | default "Gateway" }} + name: {{ .name }} + {{- if .namespace }} + namespace: {{ .namespace }} + {{- end }} + {{- if .sectionName }} + sectionName: {{ .sectionName }} + {{- end }} + {{- end }} + hostnames: + - {{ .Values.host | quote }} + rules: + - matches: + - path: + type: PathPrefix + {{- if .Values.django.httpRoute.path }} + value: {{ .Values.django.httpRoute.path }} + {{- else }} + value: "/" + {{- end }} + backendRefs: + - name: {{ $fullName }}-django + port: {{ .Values.django.nginx.tls.enabled | ternary 443 80 }} +{{- end }} diff --git a/helm/defectdojo/values.schema.json b/helm/defectdojo/values.schema.json index 54120f850bf..74f1be413f2 100644 --- a/helm/defectdojo/values.schema.json +++ b/helm/defectdojo/values.schema.json @@ -532,6 +532,23 @@ } } }, + "httpRoute": { + "description": "Expose the Django service via Gateway API HTTPRoute. For more info follow https://gateway-api.sigs.k8s.io/guides/http-routing/", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "annotations": { + "description": "Annotations for the HTTPRoute resource", + "type": "object" + }, + "parentRefs": { + "description": "Parent gateway references for the HTTPRoute", + "type": "array" + } + } + }, "mediaPersistentVolume": { "description": "This feature needs more preparation before can be enabled, please visit KUBERNETES.md#media-persistent-volume", "type": "object", diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml index 792930707e4..4303dd54f14 100644 --- a/helm/defectdojo/values.yaml +++ b/helm/defectdojo/values.yaml @@ -372,6 +372,16 @@ django: # `nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"` # `nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"` annotations: {} + # -- Expose the Django service via Gateway API HTTPRoute + httpRoute: + enabled: false + # -- Annotations for the HTTPRoute resource + annotations: {} + # -- Parent gateway references for the HTTPRoute + # parentRefs: + # - name: my-gateway + # namespace: default + parentRefs: [] nginx: # -- If empty, uses values from images.nginx.image image: