Ingress Changes

[danielscholl]

This pull request introduces significant updates to the Helm charts for Istio and OSDU services, transitioning from Istio's native configuration to Gateway API for improved infrastructure management and flexibility. Key changes include updating DNS and certificate provisioning processes, enabling Gateway API support for HTTPRoute and ReferenceGrant resources, and removing legacy VirtualService configurations.

Transition to Gateway API:

• DNS and Certificate Provisioning Updates:

  • Updated charts/istio-certs/README.md to reflect the use of Gateway API gateways for DNS labels and Let's Encrypt certificate provisioning.
  • Modified charts/istio-certs/values.yaml to replace istioServiceName with gatewayServiceName and updated associated namespace parameters.
  • Enhanced charts/istio-certs/templates/configmap.yaml with Gateway API-specific configurations for DNS annotations and HTTP-01 challenge routing. [1] [2]

• Gateway API Resource Integration:

  • Added Gateway API permissions for managing gateways and httproutes in charts/istio-certs/templates/access_control.yaml.
  • Transitioned charts/istio-ingress/templates/gateways.yaml to use Gateway API's Gateway resource, replacing Istio's native configuration.
  • Introduced HTTPRoute resources for OSDU services in charts/osdu-developer-auth/templates/http-route.yaml and charts/osdu-developer-service/templates/http-route.yaml. [1] [2]

Removal of Legacy Istio Configurations:

• VirtualService Removal:
  • Removed VirtualService definitions from OSDU service charts (charts/osdu-developer-auth/templates/virtual-service.yaml and charts/osdu-developer-service/templates/virtual-service.yaml) in favor of Gateway API's HTTPRoute resources. [1] [2]

Improved Namespace Dependency Handling:

• ReferenceGrant Updates:
  • Added ReferenceGrant resources to OSDU service charts for managing cross-namespace access permissions without circular dependencies. [1] [2]
  • Documented the transition to application-managed ReferenceGrants in charts/istio-ingress/templates/referencegrants.yaml.

These changes streamline the configuration process, enhance compatibility with Gateway API, and improve scalability for OSDU services.

[Copilot]

Pull Request Overview

This PR migrates the ingress configuration from legacy Istio VirtualServices to the Gateway API, improving DNS/certificate provisioning, cross-namespace routing with ReferenceGrants, and overall infrastructure flexibility.

• Migrates VirtualService definitions to HTTPRoute and ReferenceGrant resources.
• Updates certificate configuration and DNS annotations to align with Gateway API requirements.
• Revises documentation, Helm chart values, and post-provisioning scripts to support the new configuration model.

Reviewed Changes

Copilot reviewed 28 out of 28 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
software/applications/web-site/referencegrant.yaml	Adds a ReferenceGrant for cross-namespace HTTPRoute access for the web-site application.
software/applications/web-site/ingress.yaml	Replaces the legacy VirtualService with comments referring to the new HTTPRoute resource.
software/applications/web-site/httproute.yaml	Introduces an HTTPRoute resource for the web-site application.
scripts/post-provision.ps1	Revises public IP retrieval and DNS annotation to target the new Gateway API service.
docs/gateway-migration-summary.md	Documents the migration process and updated configuration details.
charts/osdu-developer-service/templates/virtual-service.yaml	Removes legacy VirtualService definitions in favor of Gateway API templates.
charts/osdu-developer-service/templates/reference-grant.yaml	Adds a templated ReferenceGrant for the service chart.
charts/osdu-developer-service/templates/http-route.yaml	Provides an HTTPRoute template for the developer service with CORS filters.
charts/osdu-developer-auth/templates/virtual-service.yaml	Removes legacy VirtualService configuration for authentication services.
charts/osdu-developer-auth/templates/reference-grant.yaml	Introduces ReferenceGrant templates for authentication services.
charts/osdu-developer-auth/templates/http-route.yaml	Adds an HTTPRoute template for routing to authentication services.
charts/istio-ingress/values.yaml	Updates TLS credential names to match Gateway API configurations.
charts/istio-ingress/templates/referencegrants.yaml	Provides informational comments on managing ReferenceGrants.
charts/istio-ingress/templates/httproutes.yaml	Adds documentation regarding ACME challenge handling with HTTPRoutes.
charts/istio-ingress/templates/gateways.yaml	Transitions the Gateway resources to use the Gateway API instead of Istio’s native configuration.
charts/istio-ingress/templates/certificate.yaml	Documents the certificate provisioning process triggered by the istio-certs chart.
charts/istio-certs/values.yaml	Switches configuration keys from Istio to Gateway API service names.
charts/istio-certs/templates/configmap.yaml	Updates service names in bash scripts for DNS annotation and load balancer IP retrieval.
charts/istio-certs/templates/access_control.yaml	Adds RBAC permissions for managing Gateway API resources.
charts/istio-certs/README.md	Revises the chart documentation to reflect Gateway API integration for DNS and certificate provisioning.

Comments suppressed due to low confidence (2)

charts/osdu-developer-service/templates/http-route.yaml:11

• It appears that the 'spec' block is written in a single line with 'parentRefs:'. For improved readability and maintainability, please reformat this section so that 'parentRefs:' is placed on a new indented line under 'spec:'.

spec:  parentRefs:

charts/osdu-developer-auth/templates/http-route.yaml:9

• For consistency and clarity, please reformat the 'spec' block so that 'parentRefs:' is on its own indented line under 'spec:'. This will improve readability of the HTTPRoute definition.

spec:  parentRefs: