diff --git a/helm/README.md b/helm/README.md index 3a1ae7b0..2d635767 100644 --- a/helm/README.md +++ b/helm/README.md @@ -110,6 +110,10 @@ RustFS helm chart supports **standalone and distributed mode**. For standalone m | storageclass.logStorageSize | string | `"256Mi"` | The storage size for logs PVC. | | storageclass.name | string | `"local-path"` | The name for StorageClass. | | tolerations | list | `[]` | | +| gatewayApi.enabled | bool | `false` | To enable/disable gateway api support. | +| gatewayApi.gatewayClass | string | `traefik` | Gateway class implementation. | +| gatewayApi.hostname | string | Hostname to access RustFS via gateway api. | +| gatewayApi.secretName | string | Secret tls to via RustFS using HTTPS. | --- @@ -207,6 +211,22 @@ You should use `--set-file` parameter when running `helm install` command, for e helm install rustfs rustfs/rustfs -n rustfs --set tls.enabled=true,--set-file tls.crt=./tls.crt,--set-file tls.key=./tls.key ``` +# Gateway API support (alpha) + +Due to [ingress nginx retirement](https://kubernetes.io/blog/2025/11/11/ingress-nginx-retirement/) in March 2026, so RustFS adds support for [gateway api](https://gateway-api.sigs.k8s.io/). Currently, RustFS only supports traefik as gateway class, more and more gateway class support will be added in the future after those classes are tested. If you want to enable gateway api, specify `gatewayApi.enabled` to `true` while specify `ingress.enabled` to `false`. After installation, you can find the `Gateway` and `HttpRoute` resources, + +``` +$ kubectl -n rustfs get gateway +NAME CLASS ADDRESS PROGRAMMED AGE +rustfs-gateway traefik True 169m + +$ kubectl -n rustfs get httproute +NAME HOSTNAMES AGE +rustfs-route ["example.rustfs.com"] 172m +``` + +Then, via RustFS instance via `https://example.rustfs.com` or `http://example.rustfs.com`. + # Uninstall Uninstalling the rustfs installation with command, diff --git a/helm/rustfs/templates/gateway-api/gateway.yml b/helm/rustfs/templates/gateway-api/gateway.yml new file mode 100644 index 00000000..8b50f5ae --- /dev/null +++ b/helm/rustfs/templates/gateway-api/gateway.yml @@ -0,0 +1,23 @@ +{{- if .Values.gatewayApi.enabled }} +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: {{ include "rustfs.fullname" . }}-gateway +spec: + gatewayClassName: {{ .Values.gatewayApi.gatewayClass }} + listeners: + - name: http + port: 80 + protocol: HTTP + allowedRoutes: + namespaces: + from: Same + - name: https + port: 443 + protocol: HTTPS + tls: + mode: Terminate + certificateRefs: + - name: {{ .Values.gatewayApi.secretName }} + kind: Secret +{{- end }} diff --git a/helm/rustfs/templates/gateway-api/httproute.yml b/helm/rustfs/templates/gateway-api/httproute.yml new file mode 100644 index 00000000..9ac5d968 --- /dev/null +++ b/helm/rustfs/templates/gateway-api/httproute.yml @@ -0,0 +1,19 @@ +{{- if .Values.gatewayApi.enabled -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ include "rustfs.fullname" . }}-route +spec: + parentRefs: + - name: {{ include "rustfs.fullname" . }}-gateway + hostnames: + - {{ .Values.gatewayApi.hostname }} + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: rustfs-svc + port: 9001 +{{- end }} diff --git a/helm/rustfs/templates/secret-tls.yaml b/helm/rustfs/templates/secret-tls.yaml index 28b50600..fea2cf58 100644 --- a/helm/rustfs/templates/secret-tls.yaml +++ b/helm/rustfs/templates/secret-tls.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.ingress.tls.enabled (not .Values.ingress.tls.certManager.enabled) }} +{{- if and (or .Values.gatewayApi.enabled .Values.ingress.tls.enabled) (not .Values.ingress.tls.certManager.enabled) }} apiVersion: v1 kind: Secret metadata: diff --git a/helm/rustfs/values.yaml b/helm/rustfs/values.yaml index f59260b1..66b9f006 100644 --- a/helm/rustfs/values.yaml +++ b/helm/rustfs/values.yaml @@ -135,6 +135,12 @@ ingress: crt: tls.crt key: tls.key +gatewayApi: + enabled: false + gatewayClass: traefik + hostname: example.rustfs.com + secretName: secret-tls + resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little