feat: migrate to Envoy Gateway from Nginx ingress#798
Merged
Conversation
Closed
gmlexx
force-pushed
the
envoy-gateway
branch
from
0218c71 to
7e204dd
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Migrates KOF’s north-south exposure from NGINX Ingress resources to Kubernetes Gateway API (HTTPRoute) and switches regional installation to Envoy Gateway, aligning with issue #775.
Changes:
- Replace Ingress-based exposure (Grafana/Promxy/Dex/UI, VMAuth) with Gateway API HTTPRoute configuration across charts and demos.
- Install Envoy Gateway (instead of ingress-nginx) in regional MultiClusterService flow and update dev/CI kind cloud provider versions.
- Remove cluster-api-visualizer dependency/config and refresh related chart READMEs/locks.
Reviewed changes
Copilot reviewed 37 out of 40 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/kcm-region.md | Update adopted kind steps for gateway. |
| docs/dev.md | Update local dev flow + kind CCM. |
| demo/cluster/gateway.yaml | Add demo Gateway object. |
| demo/cluster/adopted-cluster-regional.yaml | Remove Grafana ingress override. |
| demo/cluster/adopted-cluster-kcm-region.yaml | Remove Grafana ingress override. |
| charts/kof/values.yaml | Switch grafana ingress→gateway; add regional gateway/cert values; remove cluster-api-visualizer. |
| charts/kof/values-local.yaml | Enable gateway-based access in local values. |
| charts/kof/templates/helmcharts.yaml | Add Flux reconcile annotations to HelmChart CRs. |
| charts/kof/README.md | Regenerate values docs for gateway changes. |
| charts/kof-storage/values.yaml | Add gateway/gatewayClass + HTTPRoute options; cert-manager solver via Gateway; enable VM gateway API. |
| charts/kof-storage/templates/victoria/vmauth.yaml | Simplify VMAuth spec rendering for HTTPRoute. |
| charts/kof-storage/templates/grafana/grafana.yaml | Switch Grafana exposure to httpRoute field. |
| charts/kof-storage/templates/gateway/gateway.yaml | Add GatewayClass/Gateway templates. |
| charts/kof-storage/templates/dex/ingress.yaml | Remove Dex Ingress template. |
| charts/kof-storage/templates/dex/gateway-route.yaml | Add Dex HTTPRoute template. |
| charts/kof-storage/templates/cert-manager/clusterissuer.yaml | Switch ACME solver config to values-driven solvers. |
| charts/kof-storage/Chart.lock | Refresh lock metadata. |
| charts/kof-regional/values.yaml | Replace ingress-nginx with envoy-gateway template config. |
| charts/kof-regional/templates/regional-multi-cluster-service.yaml | Install envoy-gateway; generate storage values with gateway/httpRoute. |
| charts/kof-operators/Chart.yaml | Bump grafana-operator chart version. |
| charts/kof-operators/Chart.lock | Refresh dependency lock for grafana-operator bump. |
| charts/kof-mothership/values.yaml | Replace ingress configs with gateway/httpRoute configs; remove cluster-api-visualizer. |
| charts/kof-mothership/templates/promxy/ingress.yaml | Remove Promxy Ingress template. |
| charts/kof-mothership/templates/promxy/gateway-route.yaml | Add Promxy HTTPRoute template. |
| charts/kof-mothership/templates/prometheus/rules/cluster-api.yaml | Update Grafana URL source to gateway config. |
| charts/kof-mothership/templates/kof-operator/ingress-ui.yaml | Remove UI Ingress template. |
| charts/kof-mothership/templates/kof-operator/gateway-route.yaml | Add UI HTTPRoute template. |
| charts/kof-mothership/templates/grafana/grafana.yaml | Switch Grafana exposure to httpRoute field. |
| charts/kof-mothership/README.md | Regenerate values/deps docs for gateway changes. |
| charts/kof-mothership/Chart.yaml | Remove cluster-api-visualizer dep; rename service-template alias to envoy-gateway. |
| charts/kof-mothership/Chart.lock | Refresh dependency lock after dep removal/alias change. |
| charts/kof-collectors/templates/opentelemetry/clusterroles/ta-daemon.yaml | Add gateway resource access (RBAC). |
| charts/kof-collectors/templates/opentelemetry/clusterroles/ta-daemon-extra.yaml | Add gateway resource access (RBAC). |
| charts/kof-collectors/templates/opentelemetry/clusterroles/daemon.yaml | Add gateway resource access (RBAC). |
| charts/kof-collectors/templates/opentelemetry/clusterroles/cluster-stats.yaml | Add gateway resource access (RBAC). |
| Makefile | Update adopted regional wait deps + CoreDNS patching for Gateway/HTTPRoute. |
| .github/workflows/pr_test_tenant_isolation_test.yaml | Bump kind cloud-provider image version. |
| .github/workflows/pr_test_kof_installation.yaml | Bump kind cloud-provider image version. |
| .github/workflows/pr_test_kcm_region_with_kof.yaml | Bump kind cloud-provider image version. |
| .github/workflows/pr_test_adopted_upgrade.yml | Bump kind cloud-provider image version. |
gmlexx
force-pushed
the
envoy-gateway
branch
17 times, most recently
from
f9522bd to
3a792c3
Compare
gmlexx
force-pushed
the
envoy-gateway
branch
4 times, most recently
from
30e554f to
5673763
Compare
gmlexx
force-pushed
the
envoy-gateway
branch
3 times, most recently
from
5563fd0 to
9cf48b7
Compare
denis-ryzhkov
requested changes
Mar 9, 2026
Collaborator
denis-ryzhkov
left a comment
denis-ryzhkov
left a comment
There was a problem hiding this comment.
Great PR, thanks!
Please check few suggestions.
denis-ryzhkov
approved these changes
Mar 10, 2026
Co-authored-by: Denis Ryzhkov <denisr@denisr.com>
Co-authored-by: Denis Ryzhkov <denisr@denisr.com>
Co-authored-by: Denis Ryzhkov <denisr@denisr.com>
Co-authored-by: Denis Ryzhkov <denisr@denisr.com>
Co-authored-by: Denis Ryzhkov <denisr@denisr.com>
denis-ryzhkov
requested changes
Mar 11, 2026
Co-authored-by: Denis Ryzhkov <denisr@denisr.com>
denis-ryzhkov
approved these changes
Mar 11, 2026
gmlexx
added a commit
that referenced
this pull request
Mar 27, 2026
* chore: upgrade grafana-operator * feat: add Gateway API support * Update kgst service templates, remove capi visualizer * Fix support-bundle order * Use helm post-install/upgrade hooks for servicetemplatechains * Disable cert-manager installation if istio is enabled --------- Co-authored-by: Denis Ryzhkov <denisr@denisr.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #775