Remove Ingress from chart

CHANGELOG.md

@@ -5,6 +5,10 @@ Package specific changes (for packages from `packages/*` and `plugins/*`) can be
 
 ## [Unreleased]
 
+### Removed
+
+- Remove the Ingress template from the helm chart. Gateway API (HTTPRoute) is now the only way to expose the service, and the `route.enabled` toggle has been removed along with the `ingress` values block.
+
 ## [0.124.4] - 2026-04-28
 
 ### Added

helm/backstage/README.md

@@ -14,15 +14,15 @@ Backstage app provided by Giant Swarm
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| name | string | `"backstage"` | Name used for all Kubernetes resources (Deployment, Service, Ingress, etc.) |
+| name | string | `"backstage"` | Name used for all Kubernetes resources (Deployment, Service, etc.) |
 | backstageDiscovery | object | `{"kubernetesId":"backstage"}` | Backstage service discovery settings |
 | backstageDiscovery.kubernetesId | string | `"backstage"` | Value to set for the backstage.io/kubernetes-id label on all resources, used for entity discovery in Backstage |
 | userID | int | `1000` | User ID for the pod security context (runAsUser) |
 | groupID | int | `1000` | Group ID for the pod security context (runAsGroup) |
 | image | object | `{"name":"backstage","repository":"giantswarm/backstage"}` | Container image settings |
 | image.name | string | `"backstage"` | Container name in the pod spec |
 | image.repository | string | `"giantswarm/backstage"` | Image repository path (prepended with registry.domain to form the full image reference) |
-| port | int | `7007` | Container port for the Backstage backend, also used for the Service and Ingress backend |
+| port | int | `7007` | Container port for the Backstage backend, also used for the Service and route backend |
 | registry | object | `{"domain":"gsoci.azurecr.io"}` | Container image registry settings |
 | registry.domain | string | `"gsoci.azurecr.io"` | Container image registry domain prepended to image.repository |
 | resources | object | `{"limits":{"cpu":"500m","memory":"600Mi"},"requests":{"cpu":"20m","memory":"250Mi"},"verticalPodAutoscaler":{"enabled":true}}` | Resource requests, limits, and autoscaler settings for the Backstage container |
@@ -91,13 +91,7 @@ Backstage app provided by Giant Swarm
 | backstage.extraEnvVarsSecrets | list | `[]` | Names of existing Secrets to mount as envFrom sources in the Backstage container |
 | backstage.extraVolumeMounts | list | `[]` | Additional volume mounts for the Backstage container |
 | backstage.extraVolumes | list | `[]` | Additional volumes for the Backstage pod |
-| ingress | object | `{"annotations":{"cert-manager.io/cluster-issuer":"letsencrypt-giantswarm","kubernetes.io/tls-acme":"true","nginx.ingress.kubernetes.io/force-ssl-redirect":"true"},"className":"nginx","enabled":true,"hostnames":["default-hostname"]}` | Traditional Ingress configuration |
-| ingress.enabled | bool | `true` | Enable the Kubernetes Ingress resource for external HTTP access |
-| ingress.className | string | `"nginx"` | Ingress class name |
-| ingress.annotations | object | `{"cert-manager.io/cluster-issuer":"letsencrypt-giantswarm","kubernetes.io/tls-acme":"true","nginx.ingress.kubernetes.io/force-ssl-redirect":"true"}` | Annotations applied to the Ingress resource |
-| ingress.hostnames | list | `["default-hostname"]` | Hostnames for the Ingress rules and TLS configuration |
-| route | object | `{"additionalRules":[],"annotations":{},"backendTrafficPolicy":{"annotations":{},"enabled":false,"labels":{},"spec":{}},"enabled":false,"filters":[],"hostnames":[],"kind":"HTTPRoute","labels":{},"matches":[{"path":{"type":"PathPrefix","value":"/"}}],"name":"","parentRefs":[],"securityPolicy":{"annotations":{},"authorization":{},"basicAuth":{},"cors":{},"enabled":false,"extAuth":{},"jwt":{},"labels":{},"oidc":{}}}` | Gateway API route configuration |
-| route.enabled | bool | `false` | Enable the Gateway API HTTPRoute resource |
+| route | object | `{"additionalRules":[],"annotations":{},"backendTrafficPolicy":{"annotations":{},"enabled":false,"labels":{},"spec":{}},"filters":[],"hostnames":[],"kind":"HTTPRoute","labels":{},"matches":[{"path":{"type":"PathPrefix","value":"/"}}],"name":"","parentRefs":[],"securityPolicy":{"annotations":{},"authorization":{},"basicAuth":{},"cors":{},"enabled":false,"extAuth":{},"jwt":{},"labels":{},"oidc":{}}}` | Gateway API route configuration |
 | route.kind | string | `"HTTPRoute"` | Route resource kind |
 | route.name | string | `""` | Route name (defaults to .Values.name) |
 | route.annotations | object | `{}` | Annotations applied to the route resource |

helm/backstage/ci/ci-values-case1.yaml

@@ -8,7 +8,6 @@ image:
   name: backstage
   repository: giantswarm/backstage
 port: 7007
-hostnames: ['test']
 registry:
   domain: gsoci.azurecr.io
 authSessionSecret: fooBar
@@ -66,17 +65,13 @@ database:
     image: postgresql:15
     storageSize: 10Gi
 
-# Explicitly enable traditional Ingress (default)
-ingress:
-  enabled: true
-  className: nginx
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-giantswarm
-    kubernetes.io/tls-acme: 'true'
-    nginx.ingress.kubernetes.io/force-ssl-redirect: 'true'
+# Gateway API HTTPRoute configuration
+route:
+  kind: HTTPRoute
   hostnames:
     - backstage.example.com
-
-# Explicitly disable Gateway API route
-route:
-  enabled: false
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: giantswarm-default
+      namespace: envoy-gateway-system

helm/backstage/ci/ci-values-case2-gateway.yaml

@@ -55,13 +55,8 @@ resources:
 database:
   engine: sqlite
 
-# Disable traditional Ingress
-ingress:
-  enabled: false
-
-# Enable Gateway API HTTPRoute
+# Gateway API HTTPRoute configuration
 route:
-  enabled: true
   kind: HTTPRoute
   hostnames:
     - backstage.example.com

helm/backstage/templates/route.yaml

@@ -1,6 +1,4 @@
-{{- if .Values.route.enabled -}}
 {{- $route := .Values.route }}
----
 apiVersion: gateway.networking.k8s.io/v1
 kind: {{ $route.kind | default "HTTPRoute" }}
 metadata:
@@ -115,4 +113,3 @@ spec:
   {{- toYaml . | nindent 2 }}
   {{- end }}
 {{- end }}
-{{- end }}

helm/backstage/values.schema.json

@@ -317,48 +317,8 @@
             },
             "additionalProperties": false
         },
-        "ingress": {
-            "description": "Traditional Ingress configuration",
-            "type": "object",
-            "properties": {
-                "annotations": {
-                    "description": "Annotations applied to the Ingress resource",
-                    "type": "object",
-                    "properties": {
-                        "cert-manager.io/cluster-issuer": {
-                            "type": "string"
-                        },
-                        "kubernetes.io/tls-acme": {
-                            "type": "string"
-                        },
-                        "nginx.ingress.kubernetes.io/force-ssl-redirect": {
-                            "type": "string"
-                        }
-                    },
-                    "additionalProperties": {
-                        "type": "string"
-                    }
-                },
-                "className": {
-                    "description": "Ingress class name",
-                    "type": "string"
-                },
-                "enabled": {
-                    "description": "Enable the Kubernetes Ingress resource for external HTTP access",
-                    "type": "boolean"
-                },
-                "hostnames": {
-                    "description": "Hostnames for the Ingress rules and TLS configuration",
-                    "type": "array",
-                    "items": {
-                        "type": "string"
-                    }
-                }
-            },
-            "additionalProperties": false
-        },
         "name": {
-            "description": "Name used for all Kubernetes resources (Deployment, Service, Ingress, etc.)",
+            "description": "Name used for all Kubernetes resources (Deployment, Service, etc.)",
             "type": "string"
         },
         "nodeSelector": {
@@ -417,7 +377,7 @@
             }
         },
         "port": {
-            "description": "Container port for the Backstage backend, also used for the Service and Ingress backend",
+            "description": "Container port for the Backstage backend, also used for the Service and route backend",
             "type": "integer",
             "maximum": 65535,
             "minimum": 1
@@ -526,10 +486,6 @@
                     },
                     "additionalProperties": false
                 },
-                "enabled": {
-                    "description": "Enable the Gateway API HTTPRoute resource",
-                    "type": "boolean"
-                },
                 "filters": {
                     "description": "Request/Response filters applied to the route",
                     "type": "array"

helm/backstage/values.yaml

@@ -1,7 +1,7 @@
 # yaml-language-server: $schema=values.schema.json
 
 # @schema type:string
-# -- Name used for all Kubernetes resources (Deployment, Service, Ingress, etc.)
+# -- Name used for all Kubernetes resources (Deployment, Service, etc.)
 name: backstage
 
 # -- Backstage service discovery settings
@@ -27,7 +27,7 @@ image:
   repository: giantswarm/backstage
 
 # @schema type:integer;minimum:1;maximum:65535
-# -- Container port for the Backstage backend, also used for the Service and Ingress backend
+# -- Container port for the Backstage backend, also used for the Service and route backend
 port: 7007
 
 # -- Container image registry settings
@@ -248,29 +248,8 @@ backstage:
   # -- Additional volumes for the Backstage pod
   extraVolumes: []
 
-# -- Traditional Ingress configuration
-ingress:
-  # @schema type:boolean
-  # -- Enable the Kubernetes Ingress resource for external HTTP access
-  enabled: true
-  # @schema type:string
-  # -- Ingress class name
-  className: nginx
-  # @schema additionalProperties:{"type":"string"}
-  # -- Annotations applied to the Ingress resource
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-giantswarm
-    kubernetes.io/tls-acme: 'true'
-    nginx.ingress.kubernetes.io/force-ssl-redirect: 'true'
-  # @schema item:string
-  # -- Hostnames for the Ingress rules and TLS configuration
-  hostnames: ['default-hostname']
-
 # -- Gateway API route configuration
 route:
-  # @schema type:boolean
-  # -- Enable the Gateway API HTTPRoute resource
-  enabled: false
   # @schema enum:[HTTPRoute, GRPCRoute, TCPRoute, TLSRoute, UDPRoute]
   # -- Route resource kind
   kind: HTTPRoute