add gateway api support due to ingress nginx retirement (#1432)

Co-authored-by: houseme <housemecn@gmail.com>

helm/README.md

@@ -110,6 +110,10 @@ RustFS helm chart supports **standalone and distributed mode**. For standalone m
 | storageclass.logStorageSize | string | `"256Mi"` | The storage size for logs PVC. |
 | storageclass.name | string | `"local-path"` | The name for StorageClass. |
 | tolerations | list | `[]` |  |
+| gatewayApi.enabled | bool | `false` | To enable/disable gateway api support. |
+| gatewayApi.gatewayClass | string | `traefik` | Gateway class implementation. |
+| gatewayApi.hostname | string | Hostname to access RustFS via gateway api. |
+| gatewayApi.secretName | string | Secret tls to via RustFS using HTTPS. |
 
 ---
 
@@ -207,6 +211,22 @@ You should use `--set-file` parameter when running `helm install` command, for e
 helm install rustfs rustfs/rustfs -n rustfs --set tls.enabled=true,--set-file tls.crt=./tls.crt,--set-file tls.key=./tls.key
 ```
 
+# Gateway API support (alpha)
+
+Due to [ingress nginx retirement](https://kubernetes.io/blog/2025/11/11/ingress-nginx-retirement/) in March 2026, so RustFS adds support for [gateway api](https://gateway-api.sigs.k8s.io/). Currently, RustFS only supports traefik as gateway class, more and more gateway class support will be added in the future after those classes are tested. If you want to enable gateway api, specify `gatewayApi.enabled` to `true` while specify `ingress.enabled` to `false`. After installation, you can find the `Gateway` and `HttpRoute` resources,
+
+```
+$ kubectl -n rustfs get gateway
+NAME             CLASS     ADDRESS   PROGRAMMED   AGE
+rustfs-gateway   traefik             True         169m
+
+$ kubectl -n rustfs get httproute
+NAME           HOSTNAMES            AGE
+rustfs-route   ["example.rustfs.com"]   172m
+```
+
+Then, via RustFS instance via `https://example.rustfs.com` or `http://example.rustfs.com`.
+
 # Uninstall
 
 Uninstalling the rustfs installation with command,

helm/rustfs/templates/gateway-api/gateway.yml

@@ -0,0 +1,23 @@
+{{- if .Values.gatewayApi.enabled }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: {{ include "rustfs.fullname" . }}-gateway
+spec:
+  gatewayClassName: {{ .Values.gatewayApi.gatewayClass }}
+  listeners:
+    - name: http
+      port: 80
+      protocol: HTTP
+      allowedRoutes:
+        namespaces:
+          from: Same
+    - name: https
+      port: 443
+      protocol: HTTPS
+      tls:
+        mode: Terminate
+        certificateRefs:
+          - name: {{ .Values.gatewayApi.secretName }}
+            kind: Secret
+{{- end }}

helm/rustfs/templates/gateway-api/httproute.yml

@@ -0,0 +1,19 @@
+{{- if .Values.gatewayApi.enabled -}}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ include "rustfs.fullname" . }}-route
+spec:
+  parentRefs:
+    - name: {{ include "rustfs.fullname" . }}-gateway
+  hostnames:
+    - {{ .Values.gatewayApi.hostname }}
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - name: rustfs-svc
+          port: 9001
+{{- end }}

helm/rustfs/templates/secret-tls.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.ingress.tls.enabled (not .Values.ingress.tls.certManager.enabled) }}
+{{- if and (or .Values.gatewayApi.enabled .Values.ingress.tls.enabled) (not .Values.ingress.tls.certManager.enabled) }}
 apiVersion: v1
 kind: Secret
 metadata:

helm/rustfs/values.yaml

@@ -135,6 +135,12 @@ ingress:
     crt: tls.crt
     key: tls.key
 
+gatewayApi:
+  enabled: false
+  gatewayClass: traefik
+  hostname: example.rustfs.com
+  secretName: secret-tls
+
 resources:
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little