Feature Request: Support Gateway API

[coryschwartz]

There's a new-ish way to define HTTP routing that is not yet supported in this helm chart.

https://gateway-api.sigs.k8s.io

It's a similar (although not 1:1) idea to an Ingress, which is supported in this helm chart.

My thinking is that if Ingress is supported, then GatewayAPI HTTPRoute's should be also, but disabled by default so users can turn it on if they want to.

On my cluster, we are using a single gateway shared by the entire cluster and there is no Ingress controller configured.

Without this feature, I just need to make sure the Ingress is disabled and write my own HTTPRoute.

[rissson]

#326

[rissson]

Actually, if you are able to try out that PR, I'd love to get your feedback on it

[coryschwartz]

I'll have to give that a shot tomorrow.

The way I did it right now, I have the HTTPRoute in the additionalObjects array, which just feels a little hackish, but it works.

I have authentik.web.path set to a /auth path
in the HttpRoute, a rule matches the same path.

Other providers might be different, but on GKE, the gateway refuses by default to route to backednd services that fail health checks, and by default the health check it's expecting is a 200OK on /. This does not work by default, so I created a HealthCheckPolicy (networking.gke.io/v1) that looks at the path '/auth/-/health/live'.
That might not be necessary for all providers.