atlassian · pbhardwaj6 · Apr 3, 2026 · Feb 5, 2026 · Feb 5, 2026 · Feb 18, 2026
@@ -71,7 +71,7 @@ jobs:
       - name: Verify ${{inputs.dc_app}} status
         run: |
           source src/test/scripts/kind/deploy_app.sh
-          verify_ingress
+          verify_gateway_ingress
 
       - name: Verify ${{inputs.dc_app}} grafana dashboards
         run: |
@@ -90,6 +90,12 @@ jobs:
           source src/test/scripts/kind/deploy_app.sh
           verify_metrics
 
+      - name: Verify Gateway API integration
+        run: |
+          export TEST_GATEWAY=true
+          source src/test/scripts/kind/deploy_app.sh
+          verify_gateway
+
       - name: Get debug info
         if: always()
         run: |

@@ -97,6 +97,67 @@ jobs:
         run: |
            oc apply -f src/test/config/openshift/shared-home-pvc.yaml
 
+      - name: Install Gateway API + Envoy Gateway
+        run: |
+          # Gateway API CRDs
+          oc apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/standard-install.yaml
+          oc wait --for condition=established --timeout=60s crd/gateways.gateway.networking.k8s.io
+          oc wait --for condition=established --timeout=60s crd/httproutes.gateway.networking.k8s.io
+          oc wait --for condition=established --timeout=60s crd/gatewayclasses.gateway.networking.k8s.io
+
+          # Envoy Gateway (installs into envoy-gateway-system)
+          # OpenShift admission can reject fixed runAsUser/seccomp settings unless the
+          # service accounts are allowed to use a more permissive SCC.
+          oc create namespace envoy-gateway-system --dry-run=client -o yaml | oc apply -f -
+          # Pre-grant SCCs to all service accounts in the namespace so Helm hooks can run
+          # even before the chart-created ServiceAccounts exist.
+          oc adm policy add-scc-to-group anyuid system:serviceaccounts:envoy-gateway-system || true
+          oc adm policy add-scc-to-group privileged system:serviceaccounts:envoy-gateway-system || true
+
+          helm install eg oci://docker.io/envoyproxy/gateway-helm \
+            --version v1.2.5 \
+            --namespace envoy-gateway-system \
+            --set deployment.envoyGateway.resources.requests.cpu=50m \
+            --set deployment.envoyGateway.resources.requests.memory=100Mi \
+            --skip-crds \
+            --timeout=600s \
+            --wait || { \
+              oc get all -n envoy-gateway-system || true; \
+              oc get events -n envoy-gateway-system --sort-by='.lastTimestamp' | tail -n 200 || true; \
+              exit 1; \
+            }
+
+          oc wait --for=condition=available deployment/envoy-gateway \
+            --namespace envoy-gateway-system \
+            --timeout=300s
+
+          # Ensure GatewayClass exists/accepted
+          cat << EOF | oc apply -f -
+          apiVersion: gateway.networking.k8s.io/v1
+          kind: GatewayClass
+          metadata:
+            name: eg
+          spec:
+            controllerName: gateway.envoyproxy.io/gatewayclass-controller
+          EOF
+          oc wait --for=condition=Accepted gatewayclass/eg --timeout=180s || { oc get gatewayclass/eg -o yaml; oc get pods -n envoy-gateway-system -o wide || true; exit 1; }
+
+          # Create test Gateway
+          oc apply -f src/test/config/openshift/gateway.yaml
+          oc wait --for=condition=Accepted gateway/atlassian-gateway -n atlassian --timeout=300s || { oc describe gateway/atlassian-gateway -n atlassian; oc get events -n atlassian --sort-by='.lastTimestamp' | tail -n 200 || true; exit 1; }
+
+          # Wait for data-plane
+          oc wait --for=condition=Available deployment \
+            -n envoy-gateway-system \
+            -l gateway.envoyproxy.io/owning-gateway-name=atlassian-gateway \
+            --timeout=300s || { \
+              oc get deployments -n envoy-gateway-system -o wide; \
+              oc get pods -n envoy-gateway-system -o wide; \
+              oc describe deployment -n envoy-gateway-system -l gateway.envoyproxy.io/owning-gateway-name=atlassian-gateway || true; \
+              oc get events -n envoy-gateway-system --sort-by='.lastTimestamp' | tail -n 200 || true; \
+              exit 1; \
+            }
+
       - name: Deploy postgres database
         run: |
           source src/test/scripts/kind/deploy_app.sh
@@ -117,7 +178,7 @@ jobs:
         run: |
           export OPENSHIFT_VALUES="1"
           source src/test/scripts/kind/deploy_app.sh
-          verify_ingress
+          verify_gateway_ingress
 
       - name: Verify ${{inputs.dc_app}} metrics availability
         run: |
@@ -129,6 +190,12 @@ jobs:
           source src/test/scripts/kind/deploy_app.sh
           verify_openshift_analytics
 
+      - name: Verify Gateway API integration
+        run: |
+          export TEST_GATEWAY=true
+          source src/test/scripts/kind/deploy_app.sh
+          verify_gateway
+
       - name: Get debug info
         if: always()
         run: |

@@ -2,7 +2,7 @@ apiVersion: v2
 name: bamboo
 description: A chart for installing Bamboo Data Center on Kubernetes
 type: application
-version: '2.0.9'
+version: '2.0.10'
 appVersion: 12.1.1
 kubeVersion: ">=1.21.x-0"
 keywords:
@@ -20,7 +20,8 @@ deprecated: false
 annotations:
   artifacthub.io/containsSecurityUpdates: "false"
   artifacthub.io/changes: |-
-    - "Update appVersions for DC apps (#1074)"
+    - "Add Gateway API support via HTTPRoute resources"
+    - "Gateway API provides modern alternative to Ingress"
 dependencies:
 - name: common
   version: 1.2.7

@@ -13,8 +13,8 @@ To see the custom values you used for this release:
 
   $ helm get values {{ .Release.Name }} -n {{ .Release.Namespace }}
 
-{{ if .Values.ingress.create -}}
-{{ title .Chart.Name }} service URL: {{ ternary "https" "http" .Values.ingress.https -}}://{{ .Values.ingress.host }}{{ include "bamboo.ingressPath" . }}
+{{ if or .Values.ingress.create .Values.gateway.create -}}
+{{ title .Chart.Name }} service URL: {{ if .Values.gateway.create }}{{ ternary "https" "http" .Values.gateway.https }}{{ else }}{{ ternary "https" "http" .Values.ingress.https }}{{ end -}}://{{ include "bamboo.hostname" . }}{{ include "bamboo.ingressPath" . }}
 {{- else }}
 Get the {{ title .Chart.Name }} URL by running these commands in the same shell:
 {{- if contains "NodePort" .Values.bamboo.service.type }}

@@ -62,17 +62,21 @@
 Deduce the base URL for bamboo.
 */}}
 {{- define "bamboo.baseUrl" -}}
-    {{- if .Values.ingress.host -}}
-        {{ ternary "https" "http" .Values.ingress.https -}}
-        ://
-        {{- if .Values.ingress.path -}}
-            {{ .Values.ingress.host}}{{.Values.ingress.path }}
-        {{- else -}}
-            {{ .Values.ingress.host}}
-        {{- end }}
-    {{- else -}}
-        {{- print  "http://localhost:8085/" }}
-    {{- end }}
+{{- if or .Values.ingress.host .Values.gateway.create -}}
+{{- $https := eq (include "bamboo.https" . | trim) "true" -}}
+{{- $scheme := ternary "https" "http" $https -}}
+{{- $host := include "bamboo.hostname" . -}}
+{{- $path := "" -}}
+{{- if .Values.gateway.create -}}
+{{- $path = .Values.gateway.path | default "" -}}
+{{- if eq $path "/" -}}{{- $path = "" -}}{{- end -}}
+{{- else -}}
+{{- $path = .Values.ingress.path | default "" -}}
+{{- end -}}
+{{- printf "%s://%s%s" $scheme $host $path -}}
+{{- else -}}
+{{- print "http://localhost:8085/" -}}
+{{- end -}}
 {{- end }}
 
 {{/*
@@ -447,3 +451,52 @@ Define additional hosts here to allow template overrides when used as a sub char
 set -e; cp $JAVA_HOME/lib/security/cacerts /var/ssl/cacerts; chmod 664 /var/ssl/cacerts; for crt in /tmp/crt/*.*; do echo "Adding $crt to keystore"; keytool -import -keystore /var/ssl/cacerts -storepass changeit -noprompt -alias $(echo $(basename $crt)) -file $crt; done;
 {{- end }}
 {{- end }}
+
+{{/*
+Validate Gateway API configuration
+*/}}
+{{- define "bamboo.validateGatewayConfig" -}}
+{{- if and .Values.gateway.create .Values.ingress.create -}}
+{{- fail "ERROR: Cannot enable both gateway.create and ingress.create" -}}
+{{- end -}}
+{{- if and .Values.gateway.create (not .Values.gateway.gatewayName) -}}
+{{- fail "ERROR: gateway.gatewayName is required when gateway.create is true" -}}
+{{- end -}}
+{{- if and .Values.gateway.create (not .Values.gateway.hostnames) -}}
+{{- fail "ERROR: gateway.hostnames must contain at least one hostname when gateway.create is true" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the hostname for the service - works with both Ingress and Gateway API
+Returns the first hostname from gateway.hostnames if gateway is enabled, otherwise ingress.host
+*/}}
+{{- define "bamboo.hostname" -}}
+{{- if .Values.gateway.create -}}
+{{- index .Values.gateway.hostnames 0 -}}
+{{- else -}}
+{{- .Values.ingress.host -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns true if HTTPS is enabled (gateway.https if gateway is enabled, otherwise ingress.https)
+*/}}
+{{- define "bamboo.https" -}}
+{{- if .Values.gateway.create -}}
+{{- .Values.gateway.https -}}
+{{- else -}}
+{{- .Values.ingress.https -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns the proxy port (gateway or ingress-based)
+*/}}
+{{- define "bamboo.proxyPort" -}}
+{{- if .Values.gateway.create -}}
+{{- ternary "443" "80" .Values.gateway.https -}}
+{{- else -}}
+{{- default (ternary "443" "80" .Values.ingress.https) .Values.ingress.port -}}
+{{- end -}}
+{{- end -}}
@@ -32,10 +32,10 @@ data:
                    protocol="{{ .Values.bamboo.tomcatConfig.protocol | default "HTTP/1.1" }}"
                    redirectPort="{{ .Values.bamboo.tomcatConfig.redirectPort | default "8443" }}"
                    acceptCount="{{ .Values.bamboo.tomcatConfig.acceptCount | default "100" }}"
-                   secure="{{ default (ternary "true" "false" .Values.ingress.https) .Values.bamboo.tomcatConfig.secure }}"
-                   scheme="{{ default (ternary "https" "http" .Values.ingress.https) .Values.bamboo.tomcatConfig.scheme }}"
-                   proxyName="{{ .Values.bamboo.tomcatConfig.proxyName | default .Values.ingress.host  }}"
-                   proxyPort="{{ .Values.bamboo.tomcatConfig.proxyPort | default (ternary "443" "80" .Values.ingress.https)  }}"
+                   secure="{{ default (ternary "true" "false" (eq (include "bamboo.https" . | trim) "true")) .Values.bamboo.tomcatConfig.secure }}"
+                   scheme="{{ default (ternary "https" "http" (eq (include "bamboo.https" . | trim) "true")) .Values.bamboo.tomcatConfig.scheme }}"
+                   proxyName="{{ .Values.bamboo.tomcatConfig.proxyName | default (include "bamboo.hostname" .)  }}"
+                   proxyPort="{{ .Values.bamboo.tomcatConfig.proxyPort | default (include "bamboo.proxyPort" .)  }}"
 
                    {{- if .Values.bamboo.tomcatConfig.address }}
                    address="{{ .Values.bamboo.tomcatConfig.address }}"

@@ -0,0 +1,60 @@
+{{- if .Values.gateway.create }}
+{{- if .Values.ingress.create }}
+{{- fail "Cannot enable both gateway.create and ingress.create. Please set one to false." }}
+{{- end }}
+{{- if not .Values.gateway.gatewayName }}
+{{- fail "gateway.gatewayName is required when gateway.create is true" }}
+{{- end }}
+{{- if not .Values.gateway.hostnames }}
+{{- fail "gateway.hostnames is required when gateway.create is true. Provide at least one hostname." }}
+{{- end }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  labels:
+    {{- include "common.labels.commonLabels" . | nindent 4 }}
+    {{- with .Values.gateway.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.gateway.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  # Reference to the Gateway
+  parentRefs:
+  - name: {{ .Values.gateway.gatewayName }}
+    {{- if .Values.gateway.gatewayNamespace }}
+    namespace: {{ .Values.gateway.gatewayNamespace }}
+    {{- end }}
+
+  # Hostnames to match
+  hostnames:
+  {{- range .Values.gateway.hostnames }}
+  - {{ . | quote }}
+  {{- end }}
+
+  # Routing rules
+  rules:
+  # Default rule - routes to Bamboo service
+  - matches:
+    - path:
+        type: {{ .Values.gateway.pathType }}
+        value: {{ .Values.gateway.path }}
+
+    {{- if .Values.gateway.filters }}
+    filters:
+    {{- toYaml .Values.gateway.filters | nindent 4 }}
+    {{- end }}
+
+    backendRefs:
+    - name: {{ include "common.names.fullname" . }}
+      port: {{ .Values.bamboo.service.port }}
+      weight: 100
+
+  {{- if .Values.gateway.additionalRules }}
+  # Additional custom rules
+  {{- toYaml .Values.gateway.additionalRules | nindent 2 }}
+  {{- end }}
+{{- end }}
@@ -117,7 +117,7 @@ spec:
           image: {{ include "bamboo.image" . | quote }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           env:
-            {{ if .Values.ingress.https }}
+            {{ if eq (include "bamboo.https" . | trim) "true" }}
             - name: ATL_TOMCAT_SCHEME
               value: "https"
             - name: ATL_TOMCAT_SECURE
@@ -131,11 +131,11 @@ spec:
             {{ end }}
             - name: ATL_TOMCAT_PORT
               value: {{ .Values.bamboo.ports.http | quote }}
-            {{ if .Values.ingress.host }}
+            {{ if or .Values.ingress.host .Values.gateway.create }}
             - name: ATL_PROXY_NAME
-              value: {{ .Values.ingress.host | quote }}
+              value: {{ include "bamboo.hostname" . | quote }}
             - name: ATL_PROXY_PORT
-              value: {{ include "bamboo.ingressPort" . | quote }}
+              value: {{ include "bamboo.proxyPort" . | quote }}
             {{ end }}
             {{- include "bamboo.databaseEnvVars" . | nindent 12 }}
             - name: SET_PERMISSIONS