feat(dex): Add httproutes to dex subchart

Author: philiposs

deployment/chainloop/charts/dex/templates/_helpers.tpl

@@ -43,13 +43,16 @@ Figure out the external URL for Dex service
 {{- define "chainloop.dex.external_url" -}}
 {{- $service := .Values.dex.service }}
 {{- $ingress := .Values.dex.ingress }}
+{{- $httpRoute := .Values.dex.httpRoute }}
 
 {{- if (and $ingress $ingress.enabled $ingress.hostname) }}
 {{- printf "%s://%s/dex" (ternary "https" "http" $ingress.tls ) $ingress.hostname }}
+{{- else if (and $httpRoute $httpRoute.enabled $httpRoute.hostnames ) }}
+{{- printf "%s://%s/dex" (ternary "https" "http" $httpRoute.tls ) (index $httpRoute.hostnames 0) }}
 {{- else if (and (eq $service.type "NodePort") $service.nodePorts (not (empty $service.nodePorts.http))) }}
 {{- printf "http://localhost:%s" $service.nodePorts.http }}
 {{- else -}}
-{{- printf "http://%s-dex:%d/dex" ( include "chainloop.dex.fullname" . ) ( int $service.ports.http ) }}
+{{- printf "http://%s:%d/dex" ( include "chainloop.dex.fullname" . ) ( int $service.ports.http ) }}
 {{- end -}}
 {{- end -}}
 

deployment/chainloop/charts/dex/templates/httproute.yaml

@@ -0,0 +1,40 @@
+{{- if or .Values.dex.httpRoute.enabled}}
+{{- /*
+Copyright Chainloop, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+{{- $fullName := include "chainloop.dex.fullname" . -}}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "chainloop.dex.labels" . | nindent 4 }}
+  {{- if or .Values.dex.httpRoute.annotations }}
+  annotations:
+    {{- include "common.tplvalues.render" ( dict "value" .Values.dex.httpRoute.annotations "context" $) | nindent 4 }}
+  {{- end }}
+spec:
+  parentRefs:
+  {{- if .Values.dex.httpRoute.parentRefs }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.dex.httpRoute.parentRefs "context" .) | nindent 4 }}
+  {{- else }}
+    - name: gateway
+      namespace: {{ include "common.names.namespace" . | quote }}
+  {{- end }}
+  hostnames: {{- include "common.tplvalues.render" (dict "value" .Values.dex.httpRoute.hostnames "context" .) | nindent 4 }}
+  rules:
+    {{- $port := coalesce .Values.dex.service.port .Values.dex.service.ports.http }}
+    - backendRefs:
+        - name: {{ include "chainloop.dex.fullname" . }}
+          port: {{ $port }}
+      {{- if .Values.dex.httpRoute.matches }}
+      matches: {{- include "common.tplvalues.render" (dict "value" .Values.dex.httpRoute.matches "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.dex.httpRoute.filters }}
+      filters: {{- include "common.tplvalues.render" (dict "value" .Values.dex.httpRoute.filters "context" .) | nindent 8 }}
+      {{- end }}
+  {{- if .Values.dex.httpRoute.extraRules }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.dex.httpRoute.extraRules "context" .) | nindent 4 }}
+  {{- end }}
+{{- end }}

deployment/chainloop/charts/dex/values.yaml

@@ -674,4 +674,60 @@ dex:
     ##           port:
     ##             name: http
     ##
+    extraRules: []
+  ## Gateway API HTTP routing parameters
+  ## ref: https://gateway-api.sigs.k8s.io/guides/http-routing/
+  ##
+  httpRoute:
+    ## @param dex.httpRoute.enabled Enable HTTPRoute generation for dex
+    ##
+    enabled: false
+    ## @param controlplane.httpRoute.tls Indicate if tls is active for this route
+    tls: false
+    ## @param dex.httpRoute.annotations Additional annotations for the HTTPRoute resource
+    ##
+    annotations: {}
+    ## @param dex.httpRoute.labels Additional labels for the HTTPRoute resource
+    ##
+    labels: {}
+    ## @param dex.httpRoute.parentRefs Gateways the HTTPRoute is attached to. If unspecified, it'll be attached to Gateway named 'gateway' in the same namespace.
+    ## e.g:
+    ## parentRefs:
+    ##   - name: my-gateway
+    ##     sectionName: http
+    ##     namespace: default
+    ##
+    parentRefs: []
+    ## @param dex.httpRoute.hostnames [array] List of hostnames matching HTTP header
+    ##
+    hostnames:
+      - dex.dev.local
+    ## @param dex.httpRoute.matches [array] List of match rules applied to the HTTPRoute for the default svc backend reference
+    ##
+    matches:
+      - path:
+          type: PathPrefix
+          value: /
+    ## @param dex.httpRoute.filters List of filter rules applied to the HTTPRoute for the default svc backend reference
+    ##
+    filters: []
+    ## @param dex.httpRoute.extraRules List of extra rules applied to the HTTPRoute
+    ## e.g:
+    ## extraRules:
+    ##   - matches:
+    ##       - path:
+    ##           type: PathPrefix
+    ##           value: /login
+    ##     filters:
+    ##       - type: RequestHeaderModifier
+    ##         requestHeaderModifier:
+    ##           set:
+    ##             - name: My-Overwrite-Header
+    ##               value: this-is-the-only-value
+    ##           remove:
+    ##             - User-Agent
+    ##     backendRefs:
+    ##       - name: chainloop-dex
+    ##         port: 80
+    ##
     extraRules: []