Add HealthCheckPolicy support for GKE Gateway API

[alfador2]

What happened?

When using the Goldilocks dashboard with GKE Gateway API (dashboard.httpRoute.enabled: true), the GKE load balancer marks the backend as unhealthy and returns 503 Service Unavailable.

This happens because:

1. GKE Gateway controller creates a health check on the backend service with default requestPath: /
2. The Goldilocks dashboard returns 301 Moved Permanently on / (redirects to /namespaces)
3. The GKE LB treats any non-200 response as unhealthy
4. All traffic gets 503 - no healthy upstream

Health check config — defaults to /

$ gcloud compute health-checks describe --region=europe-west3
httpHealthCheck:
requestPath: /
type: HTTP

Backend health — all pods UNHEALTHY

$ gcloud compute backend-services get-health --region=europe-west3
healthState: UNHEALTHY

App returns 301 on /, 200 on /health

$ curl -so /dev/null -w "%{http_code}" http://localhost:8080/
301
$ curl -so /dev/null -w "%{http_code}" http://localhost:8080/health
200

What did you expect to happen?

The dashboard should be reachable when exposed via GKE Gateway API HTTPRoute. Either:

1. The chart should include an optional HealthCheckPolicy resource to override the default health check path to /health, or
2. The dashboard should return 200 on / instead of 301

Suggested values addition:

  dashboard:
    healthCheckPolicy:
      enabled: false
      requestPath: /health

How can we reproduce this?

1. Deploy Goldilocks on GKE with Gateway API enabled
2. Enable dashboard.httpRoute with a parentRef pointing to a GKE Gateway (gke-l7-regional-external-managed)
3. Access the dashboard hostname — returns 503
4. Check the GKE LB health: gcloud compute backend-services get-health --region= — shows UNHEALTHY

Workaround: apply a HealthCheckPolicy manually outside the chart:

  apiVersion: networking.gke.io/v1
  kind: HealthCheckPolicy
  metadata:
    name: goldilocks-dashboard
    namespace: goldilocks
  spec:
    default:
      config:
        type: HTTP
        httpHealthCheck:
          requestPath: /health
    targetRef:
      group: ""
      kind: Service
      name: goldilocks-dashboard

Version:
Goldilocks Helm chart 10.2.0 (HTTPRoute support added in PR #1720)

Version

Goldilocks Helm chart 10.2.0 (HTTPRoute support added in PR #1720)

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

• GKE Gateway class: gke-l7-regional-external-managed
• Kubernetes: GKE
• The HealthCheckPolicy is a GKE-specific CRD that cannot be managed through service annotations or HTTPRoute fields
• Managing it outside the chart breaks GitOps workflows where ArgoCD deploys the chart as a single Application