openova/openova
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity
73ae746637
openova/platform/cilium/chart/Chart.yaml
e3mrah 73ae746637
fix(cloud-init): install Gateway API v1.1.0 CRDs before cilium so operator registers gateway controller (#581) 
Root cause (otech22 2026-05-02): Cilium operator checks for Gateway API
CRDs at startup and disables its gateway controller if they are absent —
a static, one-shot decision. Cloud-init installs k3s+Cilium first, then
Flux reconciles bp-gateway-api minutes later, so the operator always
starts without CRDs and never recovers. All 8 HTTPRoutes orphaned.

Three-part permanent fix:

1. cloud-init: apply Gateway API v1.1.0 experimental CRDs (incl.
   TLSRoute) BEFORE the Cilium helm install. Cilium 1.16.x requires
   TLSRoute CRD to be present; without it the operator's capability
   check fails entirely and disables the gateway controller.

2. bp-cilium (1.1.2 → 1.1.3): add gatewayAPI.gatewayClass.create: "true"
   to force GatewayClass creation regardless of CRD presence at Helm
   render time. Upstream default "auto" skips GatewayClass when the
   gateway API CRDs are absent at install time (Capabilities check).

3. bp-gateway-api (1.0.0 → 1.1.0): downgrade CRDs from v1.2.0 to v1.1.0
   and ship experimental channel (TLSRoute, TCPRoute, UDPRoute,
   BackendLBPolicy, BackendTLSPolicy). Gateway API v1.2.0 changed
   status.supportedFeatures from string[] to object[]; Cilium 1.16.5
   writes the old string format and the v1.2.0 CRD rejects the status
   patch with "must be of type object: string", leaving GatewayClass
   permanently Unknown/Pending. v1.1.0 retains string schema.

Upgrade path: bump bp-gateway-api + bp-cilium together when Cilium ≥ 1.17
adopts the v1.2.0 object schema for supportedFeatures.

Closes #503

Co-authored-by: hatiyildiz <hatiyildiz@openova.io>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-02 13:23:32 +04:00

27 lines
1.1 KiB
YAML
Raw Blame History

apiVersion: v2
name: bp-cilium
version: 1.1.3
description: |
Catalyst-curated Blueprint umbrella chart for Cilium. Depends on the
upstream `cilium` chart as a Helm subchart so `helm dependency build`
pulls the upstream payload into this artifact; the Catalyst overlay
templates in templates/ (NetworkPolicy, ExternalSecret, ServiceMonitor)
sit alongside the upstream subchart and Helm renders both at install
time. Catalyst-curated values flow into the upstream subchart under the
`cilium:` key in values.yaml.
type: application
keywords: [catalyst, blueprint, cilium]
maintainers:
- name: OpenOva Catalyst
email: catalyst@openova.io
# Upstream chart pulled in as a Helm subchart so `helm dependency build`
# bundles it into the OCI artifact. Pinned to cilium/cilium 1.16.5 (matches
# platform/cilium/blueprint.yaml + values.yaml `catalystBlueprint.upstream
# .version`). Per docs/INVIOLABLE-PRINCIPLES.md #4 (never hardcode) the
# version is operator-bumpable via PR + Blueprint release.
dependencies:
- name: cilium
version: "1.16.5"
repository: "https://helm.cilium.io"
Reference in New Issue View Git Blame Copy Permalink