feat: integrate Gateway API, CORS config, and CNPG database for sandbox#507
Open
TineoC wants to merge 25 commits intoCodeForPhilly:developfrom
Open
feat: integrate Gateway API, CORS config, and CNPG database for sandbox#507TineoC wants to merge 25 commits intoCodeForPhilly:developfrom
TineoC wants to merge 25 commits intoCodeForPhilly:developfrom
Conversation
This change migrates the Gateway API configuration to use ListenerSets instead of attaching HTTPRoutes directly to the Gateway. This enables the self-service TLS model where the application manages its own listeners and certificates.
This updates the sandbox and production overlays to correctly patch the hostnames on both the ListenerSet and the HTTPRoute.
This adds a redirect HTTPRoute targeting the port 80 listener of the ListenerSet, ensuring all HTTP traffic is upgraded to HTTPS. The main HTTPRoute is now pinned to the port 443 listener.
Updates the sandbox and production overlays to ensure the hostname is also patched on the new balancer-redirect HTTPRoute.
# Conflicts: # deploy/manifests/balancer/base/kustomization.yaml # deploy/manifests/balancer/overlays/production/kustomization.yaml # deploy/manifests/balancer/overlays/sandbox/kustomization.yaml
# Conflicts: # deploy/manifests/balancer/base/kustomization.yaml # deploy/manifests/balancer/overlays/sandbox/kustomization.yaml
This was referenced May 7, 2026
database.yaml already has namespace: cloudnative-pg hardcoded. The kustomize patch was a no-op replacing the same value.
The Database resource must live in the cloudnative-pg namespace alongside the Cluster CRD. Kustomize's namespace field overrides all resources, making it impossible to keep a cross-namespace resource in the app overlay. Moved to infra/cloudnative-pg/balancer-database.yaml in cfp-sandbox-cluster.
Kustomize's namespace field overrides ALL resources, making it impossible to keep the Database in cloudnative-pg namespace within the main overlay. Created a separate kustomization at overlays/sandbox/cnpg/ without the namespace field, so the Database stays in cloudnative-pg namespace. This keeps sandbox and production databases separate - production overlay has no CNPG resources.
TineoC
added a commit
to TineoC/cfp-sandbox-cluster
that referenced
this pull request
May 7, 2026
- Update balancer source to track CodeForPhilly/balancer-main develop branch - Add balancer-cnpg.toml lens for the CNPG Database kustomization (separate lens needed because kustomize namespace override prevents including it as a resource in the main overlay) Depends on CodeForPhilly/balancer-main#507 merging into develop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Integrates three migration changes into a single branch for sandbox deployment:
IngresswithHTTPRoute+ListenerSetfor Envoy Gateway supportDatabaseCRD resource and sandbox overlay with shared PostgreSQL cluster connectionChanges:
Ingress→HTTPRoute+ListenerSet, addeddatabase.yamlandconfigMapGeneratorbalancer-db-configConfigMap + deployment patchesenvFromnow includes bothbalancer-config(secret + CORS configmap) andbalancer-db-config(DB connection)Depends on:
Closes:
Test plan:
kustomize build deploy/manifests/balancer/overlays/sandboxrenders correctlysandbox.balancerproject.org