From e3a0dcd6fcb44e3d02b8c0a7c56e462b5a6cd0cd Mon Sep 17 00:00:00 2001
From: Carlo Field <carlo@swiss.dev>
Date: Wed, 8 Apr 2026 21:59:17 +0200
Subject: [PATCH] feat: add httproute for K8s Gateway API (#23501)

<!--

If you have used AI to produce some or all of this PR, please ensure you
have read our [AI Contribution
guidelines](https://coder.com/docs/about/contributing/AI_CONTRIBUTING)
before submitting.

-->
No AI was used to generate this PR.

Adds support for [Gateway API
HTTPRoutes](https://gateway-api.sigs.k8s.io/api-types/httproute/) as an
alternative to Ingress.

---------

Signed-off-by: Carlo Field <carlo@swiss.dev>
Co-authored-by: bpmct <bpmct@users.noreply.github.com>
Co-authored-by: Ben Potter <ben@coder.com>
---
 helm/coder/templates/httproute.yaml | 27 +++++++++++++++++++++++++++
 helm/coder/values.yaml              | 25 +++++++++++++++++++++++++
 2 files changed, 52 insertions(+)
 create mode 100644 helm/coder/templates/httproute.yaml

diff --git a/helm/coder/templates/httproute.yaml b/helm/coder/templates/httproute.yaml
new file mode 100644
index 0000000000..fb4c967c41
--- /dev/null
+++ b/helm/coder/templates/httproute.yaml
@@ -0,0 +1,27 @@
+{{- if .Values.coder.httproute.enable }}
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: coder
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "coder.labels" . | nindent 4 }}
+  annotations:
+    {{- toYaml .Values.coder.httproute.annotations | nindent 4 }}
+spec:
+  parentRefs:
+  {{- with .Values.coder.httproute.parentRefs }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  rules:
+    - backendRefs:
+        - name: coder
+          # gateway api does not support named ports
+          port: 80
+  hostnames:
+    - {{ .Values.coder.httproute.host | quote }}
+    {{- with .Values.coder.httproute.wildcardHost }}
+    - {{ . | quote }}
+    {{- end }}
+{{- end }}
diff --git a/helm/coder/values.yaml b/helm/coder/values.yaml
index a994db1157..8c3c58b3ff 100644
--- a/helm/coder/values.yaml
+++ b/helm/coder/values.yaml
@@ -429,6 +429,31 @@ coder:
       # use for the wildcard host.
       wildcardSecretName: ""
 
+  # coder.httproute -- The HTTPRoute object to expose for Coder.
+  httproute:
+    # coder.httproute.enable -- Whether to create the HTTPRoute object. If using a
+    # Gateway, we recommend not specifying coder.tls.secretNames as the Gateway
+    # will handle TLS termination.
+    enable: false
+    # coder.httproute.parentRefs -- the parentRefs to bind the route to
+    # - name: my-gw
+    #   namespace: gateway-namespace
+    #   # sectionName is optional to fix to a specific listener
+    #   sectionName: listener-name
+    parentRefs: []
+    # coder.httproute.host -- The hostname to match on.
+    # Be sure to also set CODER_ACCESS_URL within coder.env[]
+    host: ""
+    # coder.httproute.wildcardHost -- The wildcard hostname to match on. Should be
+    # in the form "*.example.com" or "*-suffix.example.com". If you are using a
+    # suffix after the wildcard, the suffix will be stripped from the created
+    # ingress to ensure that it is a legal ingress host. Optional if not using
+    # applications over subdomains.
+    # Be sure to also set CODER_WILDCARD_ACCESS_URL within coder.env[]
+    wildcardHost: ""
+    # coder.httproute.annotations -- The HTTPRoute annotations.
+    annotations: {}
+
   # coder.command -- The command to use when running the Coder container. Used
   # for customizing the location of the `coder` binary in your image.
   command: