Skip to content

feat: add HTTPS support via Gateway sectionName #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
bdchatham wants to merge 2 commits into from
Closed

feat: add HTTPS support via Gateway sectionName #70

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4f0ce15
feat: add HTTPS support via Gateway sectionName
bdchatham Apr 9, 2026
6b59070
fix: make SEI_GATEWAY_SECTION_NAME required in platform config
bdchatham Apr 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 9 additions & 7 deletions cmd/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,7 @@ func main() {
GatewayName: os.Getenv("SEI_GATEWAY_NAME"),
GatewayNamespace: os.Getenv("SEI_GATEWAY_NAMESPACE"),
GatewayDomain: os.Getenv("SEI_GATEWAY_DOMAIN"),
GatewaySectionName: os.Getenv("SEI_GATEWAY_SECTION_NAME"),
Copy link
Copy Markdown
Collaborator Author

@bdchatham bdchatham Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we make this required?

}

if err := platformCfg.Validate(); err != nil {
Expand Down Expand Up @@ -180,13 +181,14 @@ func main() {
//nolint:staticcheck // migrating to events.EventRecorder API is a separate effort
recorder := mgr.GetEventRecorderFor("seinodedeployment-controller")
if err := (&nodedeploymentcontroller.SeiNodeDeploymentReconciler{
Client: kc,
Scheme: mgr.GetScheme(),
Recorder: recorder,
ControllerSA: controllerSA,
GatewayName: platformCfg.GatewayName,
GatewayNamespace: platformCfg.GatewayNamespace,
GatewayDomain: platformCfg.GatewayDomain,
Client: kc,
Scheme: mgr.GetScheme(),
Recorder: recorder,
ControllerSA: controllerSA,
GatewayName: platformCfg.GatewayName,
GatewayNamespace: platformCfg.GatewayNamespace,
GatewayDomain: platformCfg.GatewayDomain,
GatewaySectionName: platformCfg.GatewaySectionName,
PlanExecutor: &planner.Executor[*seiv1alpha1.SeiNodeDeployment]{
Client: kc,
ConfigFor: func(ctx context.Context, group *seiv1alpha1.SeiNodeDeployment) task.ExecutionConfig {
Expand Down
12 changes: 6 additions & 6 deletions internal/controller/nodedeployment/controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,12 +40,12 @@ type SeiNodeDeploymentReconciler struct {
// controller can always reach the seictl sidecar.
ControllerSA string

// GatewayName, GatewayNamespace, and GatewayDomain identify the platform
// Gateway for HTTPRoute parentRefs and hostname derivation.
// Read from SEI_GATEWAY_NAME / SEI_GATEWAY_NAMESPACE / SEI_GATEWAY_DOMAIN.
GatewayName string
GatewayNamespace string
GatewayDomain string
// GatewayName, GatewayNamespace, GatewayDomain, and GatewaySectionName
// identify the platform Gateway for HTTPRoute parentRefs and hostname derivation.
GatewayName string
GatewayNamespace string
GatewayDomain string
GatewaySectionName string

// PlanExecutor drives group-level task plans (e.g. genesis assembly).
PlanExecutor planner.PlanExecutor[*seiv1alpha1.SeiNodeDeployment]
Expand Down
7 changes: 5 additions & 2 deletions internal/controller/nodedeployment/networking.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -265,7 +265,7 @@ func (r *SeiNodeDeploymentReconciler) reconcileHTTPRoutes(ctx context.Context, g
}

for _, er := range routes {
desired := generateHTTPRoute(group, er, r.GatewayName, r.GatewayNamespace)
desired := generateHTTPRoute(group, er, r.GatewayName, r.GatewayNamespace, r.GatewaySectionName)
if err := ctrl.SetControllerReference(group, desired, r.Scheme); err != nil {
return fmt.Errorf("setting owner reference on HTTPRoute %s: %w", er.Name, err)
}
Expand Down Expand Up @@ -318,7 +318,7 @@ func (r *SeiNodeDeploymentReconciler) deleteOrphanedHTTPRoutes(ctx context.Conte
return nil
}

func generateHTTPRoute(group *seiv1alpha1.SeiNodeDeployment, er effectiveRoute, gatewayName, gatewayNamespace string) *unstructured.Unstructured {
func generateHTTPRoute(group *seiv1alpha1.SeiNodeDeployment, er effectiveRoute, gatewayName, gatewayNamespace, gatewaySectionName string) *unstructured.Unstructured {
svcName := externalServiceName(group)

hostnames := make([]any, len(er.Hostnames))
Expand All @@ -330,6 +330,9 @@ func generateHTTPRoute(group *seiv1alpha1.SeiNodeDeployment, er effectiveRoute,
"name": gatewayName,
"namespace": gatewayNamespace,
}
if gatewaySectionName != "" {
parentRef["sectionName"] = gatewaySectionName
}

route := &unstructured.Unstructured{
Object: map[string]any{
Expand Down
43 changes: 38 additions & 5 deletions internal/controller/nodedeployment/networking_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ func TestGenerateHTTPRoute_HostnamePattern(t *testing.T) {
g.Expect(routes).NotTo(BeEmpty())

for _, er := range routes {
route := generateHTTPRoute(group, er, "sei-gateway", "istio-system")
route := generateHTTPRoute(group, er, "sei-gateway", "istio-system", "")
spec := route.Object["spec"].(map[string]any)
hostnames := spec["hostnames"].([]any)
g.Expect(hostnames).To(HaveLen(1))
Expand Down Expand Up @@ -229,7 +229,7 @@ func TestGenerateHTTPRoute_BasicFields(t *testing.T) {

routes := resolveEffectiveRoutes(group, "prod.platform.sei.io")
g.Expect(routes).NotTo(BeEmpty())
route := generateHTTPRoute(group, routes[0], "sei-gateway", "istio-system")
route := generateHTTPRoute(group, routes[0], "sei-gateway", "istio-system", "")

g.Expect(route.GetNamespace()).To(Equal("sei"))

Expand All @@ -251,7 +251,7 @@ func TestGenerateHTTPRoute_ManagedByAnnotation(t *testing.T) {
}

routes := resolveEffectiveRoutes(group, "prod.platform.sei.io")
route := generateHTTPRoute(group, routes[0], "sei-gateway", "istio-system")
route := generateHTTPRoute(group, routes[0], "sei-gateway", "istio-system", "")
g.Expect(route.GetAnnotations()).To(HaveKeyWithValue("sei.io/managed-by", "seinodedeployment"))
}

Expand All @@ -264,7 +264,7 @@ func TestGenerateHTTPRoute_BackendRef(t *testing.T) {
}

routes := resolveEffectiveRoutes(group, "prod.platform.sei.io")
route := generateHTTPRoute(group, routes[0], "sei-gateway", "istio-system")
route := generateHTTPRoute(group, routes[0], "sei-gateway", "istio-system", "")

spec := route.Object["spec"].(map[string]any)
rules := spec["rules"].([]any)
Expand Down Expand Up @@ -297,7 +297,7 @@ func TestGenerateHTTPRoute_GRPCRoutePort(t *testing.T) {
}
g.Expect(grpcRoute.Name).NotTo(BeEmpty(), "grpc route should exist")

httpRoute := generateHTTPRoute(group, grpcRoute, "sei-gateway", "istio-system")
httpRoute := generateHTTPRoute(group, grpcRoute, "sei-gateway", "istio-system", "")
spec := httpRoute.Object["spec"].(map[string]any)
hostnames := spec["hostnames"].([]any)
g.Expect(hostnames).To(ConsistOf("pacific-1-rpc.grpc.prod.platform.sei.io"))
Expand All @@ -319,6 +319,39 @@ func TestIsProtocolActiveForMode_EVMMapping(t *testing.T) {
g.Expect(isProtocolActiveForMode("grpc", activePorts)).To(BeFalse())
}

// --- Gateway sectionName ---

func TestGenerateHTTPRoute_SectionName_IncludedWhenSet(t *testing.T) {
g := NewWithT(t)
group := newTestGroup("pacific-1", "sei")
group.Spec.Networking = &seiv1alpha1.NetworkingConfig{
Service: &seiv1alpha1.ExternalServiceConfig{},
}
routes := resolveEffectiveRoutes(group, "test.platform.sei.io")
route := generateHTTPRoute(group, routes[0], "sei-gateway", "gateway", "https")

spec := route.Object["spec"].(map[string]any)
parentRefs := spec["parentRefs"].([]any)
ref := parentRefs[0].(map[string]any)
g.Expect(ref["sectionName"]).To(Equal("https"))
}

func TestGenerateHTTPRoute_SectionName_OmittedWhenEmpty(t *testing.T) {
g := NewWithT(t)
group := newTestGroup("pacific-1", "sei")
group.Spec.Networking = &seiv1alpha1.NetworkingConfig{
Service: &seiv1alpha1.ExternalServiceConfig{},
}
routes := resolveEffectiveRoutes(group, "test.platform.sei.io")
route := generateHTTPRoute(group, routes[0], "sei-gateway", "gateway", "")

spec := route.Object["spec"].(map[string]any)
parentRefs := spec["parentRefs"].([]any)
ref := parentRefs[0].(map[string]any)
_, hasSectionName := ref["sectionName"]
g.Expect(hasSectionName).To(BeFalse())
}

// --- AuthorizationPolicy ---

func TestGenerateAuthorizationPolicy_BasicStructure(t *testing.T) {
Expand Down
8 changes: 5 additions & 3 deletions internal/platform/platform.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,10 @@ type Config struct {
GenesisBucket string
GenesisRegion string

GatewayName string
GatewayNamespace string
GatewayDomain string
GatewayName string
GatewayNamespace string
GatewayDomain string
GatewaySectionName string
}

// Validate returns an error if required fields are missing.
Expand Down Expand Up @@ -67,6 +68,7 @@ func (c Config) Validate() error {
"SEI_GATEWAY_NAME": c.GatewayName,
"SEI_GATEWAY_NAMESPACE": c.GatewayNamespace,
"SEI_GATEWAY_DOMAIN": c.GatewayDomain,
"SEI_GATEWAY_SECTION_NAME": c.GatewaySectionName,
}
for name, val := range required {
if val == "" {
Expand Down
1 change: 1 addition & 0 deletions internal/platform/platformtest/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,5 +29,6 @@ func Config() platform.Config {
GatewayName: "sei-gateway",
GatewayNamespace: "istio-system",
GatewayDomain: "test.platform.sei.io",
GatewaySectionName: "https",
}
}
Loading