Description
The gateway-helm-chart does not expose several pod-, service-, and resource-level customization knobs that customer setups commonly require, and it has two correctness bugs in how labels and annotations are rendered.
Bugs
- Duplicate label keys: setting the same key in
commonLabels and a component's deployment.labels/podLabels renders duplicate YAML map keys, which strict parsers and GitOps tools (ArgoCD, kubeconform) reject. Labels should be merged with a clear precedence instead of appended.
- Inconsistent annotation precedence: at resource level
commonAnnotations silently wins over per-resource annotations, while at pod level the per-resource value wins. Per-resource annotations should win consistently everywhere.
Missing configuration support (controller + gateway-runtime)
topologySpreadConstraints, deployment strategy, terminationGracePeriodSeconds, hostAliases, dnsPolicy/dnsConfig, and pod-level automountServiceAccountToken.- Optional
startupProbe (controller template has no support; runtime value is undocumented).
- Service tunables:
clusterIP, externalTrafficPolicy, loadBalancerClass, loadBalancerSourceRanges, ipFamilyPolicy/ipFamilies, and static nodePorts.* (type-gated so they only render on capable Service types).
app.kubernetes.io/name in the standard label set.- PVC
labels/annotations (e.g. helm.sh/resource-policy: keep).
commonLabels/commonAnnotations applied to every resource the chart renders (ServiceAccount, HPAs, PDBs, PVC, Certificate, Issuer, and the ConfigMaps are currently missed), with per-resource values winning on key conflicts.
Out of scope: extraContainers/sidecar injection on the gateway-runtime pod (tracked separately).
Version
No response
Related Issue
Equivalent APK chart change: wso2/apk#3324.
Description
The
gateway-helm-chartdoes not expose several pod-, service-, and resource-level customization knobs that customer setups commonly require, and it has two correctness bugs in how labels and annotations are rendered.Bugs
commonLabelsand a component'sdeployment.labels/podLabelsrenders duplicate YAML map keys, which strict parsers and GitOps tools (ArgoCD, kubeconform) reject. Labels should be merged with a clear precedence instead of appended.commonAnnotationssilently wins over per-resource annotations, while at pod level the per-resource value wins. Per-resource annotations should win consistently everywhere.Missing configuration support (controller + gateway-runtime)
topologySpreadConstraints, deploymentstrategy,terminationGracePeriodSeconds,hostAliases,dnsPolicy/dnsConfig, and pod-levelautomountServiceAccountToken.startupProbe(controller template has no support; runtime value is undocumented).clusterIP,externalTrafficPolicy,loadBalancerClass,loadBalancerSourceRanges,ipFamilyPolicy/ipFamilies, and staticnodePorts.*(type-gated so they only render on capable Service types).app.kubernetes.io/namein the standard label set.labels/annotations(e.g.helm.sh/resource-policy: keep).commonLabels/commonAnnotationsapplied to every resource the chart renders (ServiceAccount, HPAs, PDBs, PVC, Certificate, Issuer, and the ConfigMaps are currently missed), with per-resource values winning on key conflicts.Out of scope:
extraContainers/sidecar injection on the gateway-runtime pod (tracked separately).Version
No response
Related Issue
Equivalent APK chart change: wso2/apk#3324.