Added HttpRoute and Gateway to Helm Chart

CHANGELOG.md

@@ -60,6 +60,7 @@ request adding CHANGELOG notes for breaking (!) changes and possibly other secti
 - Enhanced catalog federation with SigV4 authentication support, additional authentication types for credential vending, and location-based access restrictions to block credential vending for remote tables outside allowed location lists.
 - Added `topologySpreadConstraints` support in Helm chart.
 - Added support for including principal name in subscoped credentials. `INCLUDE_PRINCIPAL_NAME_IN_SUBSCOPED_CREDENTIAL` (default: false) can be used to toggle this feature. If enabled, cached credentials issued to one principal will no longer be available for others.
+- Added support for [Kubernetes Gateway API](https://gateway-api.sigs.k8s.io/) to the Helm Chart. 
 
 ### Changes
 

helm/polaris/README.md

@@ -30,7 +30,7 @@ weight: 675
   helm-docs --chart-search-root=helm
 -->
 
-![Version: 1.2.0-incubating-SNAPSHOT](https://img.shields.io/badge/Version-1.2.0--incubating--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0-incubating-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.2.0--incubating--SNAPSHOT-informational?style=flat-square)
+![Version: 1.4.0-incubating-SNAPSHOT](https://img.shields.io/badge/Version-1.4.0--incubating--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.0-incubating-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.4.0--incubating--SNAPSHOT-informational?style=flat-square)
 
 A Helm chart for Apache Polaris (incubating).
 
@@ -189,6 +189,18 @@ export QUARKUS_DATASOURCE_JDBC_URL=$(echo "$container_envs" | grep quarkus.datas
 java -jar runtime/admin/build/quarkus-app/quarkus-run.jar bootstrap -c POLARIS,root,pass -r POLARIS
 ```
 
+### Using the Gateway API (Advanced)
+
+You may want to use the [Kubernetes Gateway API](https://gateway-api.sigs.k8s.io/) for more advanced network routing. In most cases this would already be installed by your cluster admins. The following is an example set of commands to run to install the gateway:
+```bash
+# ref: https://gateway-api.sigs.k8s.io/guides/getting-started/#install-standard-channel
+kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/latest/download/standard-install.yaml
+```
+
+With that installed, you can enable and configure the `gateway` values. This will make it possible to use the HTTPRoute resource, enable and configure the `httproute` values.
+[!NOTE]
+Only one of HTTPRoute or Ingress can be defined. Defining both will result in errors.
+
 ### Uninstalling
 
 ```bash
@@ -299,6 +311,17 @@ ct install --namespace polaris --charts ./helm/polaris
 | features.realmOverrides | object | `{}` | Features to enable or disable per realm. This field is a map of maps. The realm name is the key, and the value is a map of feature names to values. If a feature is not present in the map, the default value from the 'defaults' field is used. |
 | fileIo | object | `{"type":"default"}` | Polaris FileIO configuration. |
 | fileIo.type | string | `"default"` | The type of file IO to use. Two built-in types are supported: default and wasb. The wasb one translates WASB paths to ABFS ones. |
+| gateway.addresses | list | `[]` | Optional addresses to request for the Gateway. |
+| gateway.annotations | object | `{}` | Annotations to add to the Gateway. |
+| gateway.className | string | `""` | The name of the GatewayClass to use. |
+| gateway.enabled | bool | `false` | Specifies whether a Gateway should be created. |
+| gateway.listeners | list | `[{"name":"http","port":80,"protocol":"HTTP"}]` | Gateway listeners configuration. |
+| httproute.annotations | object | `{}` | Annotations to add to the HTTPRoute. |
+| httproute.enabled | bool | `false` | Specifies whether an HTTPRoute should be created. |
+| httproute.gatewayName | string | `""` | Name of the Gateway resource to attach to. |
+| httproute.gatewayNamespace | string | `"default"` | Namespace where the Gateway is deployed. |
+| httproute.hosts | list | `["chart-example.local"]` | A list of hostnames that the HTTPRoute should match. |
+| httproute.sectionName | string | `""` | Section name within the gateway to use (optional). |
 | image.configDir | string | `"/deployments/config"` | The path to the directory where the application.properties file, and other configuration files, if any, should be mounted. |
 | image.pullPolicy | string | `"IfNotPresent"` | The image pull policy. |
 | image.repository | string | `"apache/polaris"` | The image repository to pull from. |

helm/polaris/README.md.gotmpl

@@ -192,6 +192,18 @@ export QUARKUS_DATASOURCE_JDBC_URL=$(echo "$container_envs" | grep quarkus.datas
 java -jar runtime/admin/build/quarkus-app/quarkus-run.jar bootstrap -c POLARIS,root,pass -r POLARIS
 ```
 
+### Using the Gateway API (Advanced) 
+
+You may want to use the [Kubernetes Gateway API](https://gateway-api.sigs.k8s.io/) for more advanced network routing. In most cases this would already be installed by your cluster admins. The following is an example set of commands to run to install the gateway:
+```bash
+# ref: https://gateway-api.sigs.k8s.io/guides/getting-started/#install-standard-channel
+kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/latest/download/standard-install.yaml
+```
+
+With that installed, you can enable and configure the `gateway` values. This will make it possible to use the HTTPRoute resource, enable and configure the `httproute` values. 
+[!NOTE]
+Only one of HTTPRoute or Ingress can be defined. Defining both will result in errors. 
+
 ### Uninstalling
 
 ```bash

helm/polaris/templates/_helpers.tpl

@@ -89,6 +89,18 @@ app.kubernetes.io/name: {{ include "polaris.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
+{{/*
+Validate that only one of ingress or httproute is enabled
+*/}}
+{{- define "polaris.validateRouting" -}}
+{{- if and .Values.ingress.enabled .Values.httproute.enabled }}
+{{- fail "Cannot enable both ingress and httproute. Please enable only one." }}
+{{- end }}
+{{- if and (not .Values.httproute.enabled) .Values.gateway.enabled }}
+{{- fail "In order to use the gateway please enable the httproute and disable the ingress."}}
+{{- end }}
+{{- end }}
+
 {{/*
   Create the name of the service account to use
 */}}

helm/polaris/templates/gateway.yaml

@@ -0,0 +1,58 @@
+{{/*
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied.  See the License for the
+  specific language governing permissions and limitations
+  under the License.
+*/}}
+
+{{- if .Values.gateway.enabled }}
+{{- $fullName := include "polaris.fullname" . }}
+
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "polaris.labels" . | nindent 4 }}
+  {{- with .Values.gateway.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  gatewayClassName: {{ .Values.gateway.className }}
+  listeners:
+    {{- range .Values.gateway.listeners }}
+    - name: {{ .name }}
+      protocol: {{ .protocol }}
+      port: {{ .port }}
+      {{- if .hostname }}
+      hostname: {{ .hostname | quote }}
+      {{- end }}
+      {{- if .allowedRoutes }}
+      allowedRoutes:
+        {{- toYaml .allowedRoutes | nindent 8 }}
+      {{- end }}
+      {{- if and (eq .protocol "HTTPS") .tls }}
+      tls:
+        {{- toYaml .tls | nindent 8 }}
+      {{- end }}
+    {{- end }}
+  {{- with .Values.gateway.addresses }}
+  addresses:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+
+{{- end }}

helm/polaris/templates/httproute.yaml

@@ -0,0 +1,50 @@
+{{/*
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied.  See the License for the
+  specific language governing permissions and limitations
+  under the License.
+*/}}
+
+{{- include "polaris.validateRouting" . }}
+{{- if .Values.httproute.enabled }}
+{{- $fullName := include "polaris.fullname" . }}
+
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "polaris.labels" . | nindent 4 }}
+  {{- with .Values.httproute.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  hostnames: {{ .Values.httproute.hosts }}
+  parentRefs:
+    - name: {{ .Values.httproute.gatewayName}}
+      namespace: {{ .Values.httproute.gatewayNamespace }}
+      {{- if .Values.httproute.sectionName }}
+      sectionName: {{ .Values.httproute.sectionName }}
+      {{- end }}
+  rules:
+    # We don't specify a matches block here, so the default is a prefix path match on "/" (match every HTTP request)
+    # The backend (Service) to send matching requests to
+    - backendRefs:
+        - name: {{ $fullName }}
+          port: {{ get (first .Values.service.ports) "port" }}
+
+{{- end }}

helm/polaris/templates/ingress.yaml

@@ -17,6 +17,7 @@
   under the License.
 */}}
 
+{{- include "polaris.validateRouting" . }}
 {{- if .Values.ingress.enabled }}
 {{- $fullName := include "polaris.fullname" . }}
 {{- $svcPort := get (first .Values.service.ports) "port" }}