Skip to content

feat(gateway): support multiple hosts in ingress #392

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sylr merged 3 commits into from
Feb 27, 2026
Merged

feat(gateway): support multiple hosts in ingress #392

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
afb1f71
feat(gateway): support multiple hosts in ingress
sylr Feb 17, 2026
92cb678
refactor(gateway): extract DedupHosts helper, compute hosts once, add…
sylr Feb 17, 2026
2c68232
feat(gateway): support {stack} placeholder in gateway.ingress.hosts s…
sylr Feb 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions api/formance.com/v1beta1/gateway_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,15 @@ type GatewayIngressTLS struct {
SecretName string `json:"secretName"`
}

// GatewayIngress represents the ingress configuration for the gateway.
type GatewayIngress struct {
// Indicates the hostname on which the stack will be served.
// Example : `formance.example.com`
//+required
Host string `json:"host"`
// Additional hosts for the ingress. Combined with Host.
//+optional
Hosts []string `json:"hosts,omitempty"`
// Indicate the scheme.
//
// Actually, It should be `https` unless you know what you are doing.
Expand All @@ -47,6 +51,28 @@ type GatewayIngress struct {
TLS *GatewayIngressTLS `json:"tls,omitempty"`
}

// DedupHosts returns the given hosts deduplicated, preserving order and skipping empty strings.
func DedupHosts(input []string) []string {
seen := map[string]struct{}{}
var hosts []string
for _, h := range input {
if h == "" {
continue
}
if _, ok := seen[h]; ok {
continue
}
seen[h] = struct{}{}
hosts = append(hosts, h)
}
return hosts
}

// GetHosts returns the deduplicated union of Host and Hosts.
func (in *GatewayIngress) GetHosts() []string {
return DedupHosts(append([]string{in.Host}, in.Hosts...))
}

type GatewaySpec struct {
StackDependency `json:",inline"`
ModuleProperties `json:",inline"`
Expand Down
5 changes: 5 additions & 0 deletions api/formance.com/v1beta1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions config/crd/bases/formance.com_gateways.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,11 @@ spec:
Indicates the hostname on which the stack will be served.
Example : `formance.example.com`
type: string
hosts:
description: Additional hosts for the ingress. Combined with Host.
items:
type: string
type: array
ingressClassName:
description: Ingress class to use
type: string
Expand Down
33 changes: 33 additions & 0 deletions docs/04-Modules/02-Gateway.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,4 +28,37 @@ spec:
ingress:
host: YOUR_DOMAIN
scheme: http|https
```

### Serving on Multiple Hosts

You can serve a stack on multiple hostnames by adding the `hosts` field alongside `host`. The ingress will contain a rule for each host, and TLS will cover all of them.

```yaml
apiVersion: formance.com/v1beta1
kind: Gateway
metadata:
name: formance-dev
spec:
stack: formance-dev
ingress:
host: app.example.com
hosts:
- app.example.org
- app.example.net
scheme: https
```

Additional hosts can also be provided via a [Settings](../09-Configuration%20reference/01-Settings.md) resource using the `gateway.ingress.hosts` key. Hosts from the setting are merged with those defined on the Gateway CRD. The `{stack}` placeholder is replaced with the stack name.

```yaml
apiVersion: formance.com/v1beta1
kind: Settings
metadata:
name: gateway-extra-hosts
spec:
key: gateway.ingress.hosts
stacks:
- '*'
value: "{stack}.example.com, {stack}.example.org"
```
7 changes: 4 additions & 3 deletions docs/09-Configuration reference/01-Settings.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ While we have some basic types (string, number, bool ...), we also have some com
| ledger.experimental-numscript-flags | Array | experimental-overdraft-function experimental-get-asset-function experimental-get-amount-function experimental-oneof experimental-account-interpolation experimental-mid-script-function-call experimental-asset-colors | Enable numscript interpreter flags |
| ledger.experimental-exporters | Bool | true | Enable new exporters feature |
| ledger.worker.async-block-hasher | Map | max-block-size=1000, schedule="0 * * * * *" | Configure async block hasher for the Ledger worker (v2.3+). Fields: `max-block-size`, `schedule` |
| ledger.worker.pipelines | Map | pull-interval=5s, push-retry-period=10s, sync-period=1m, logs-page-size=100 | Configure pipelines for the Ledger worker (v2.3+). Fields: `pull-interval`, `push-retry-period`, `sync-period`, `logs-page-size` |
| ledger.worker.pipelines | Map | pull-interval=5s, push-retry-period=10s, sync-period=1m, logs-page-size=100 | Configure pipelines for the Ledger worker (v2.3+). Fields: `pull-interval`, `push-retry-period`, `sync-period`, `logs-page-size` |
| payments.encryption-key | string | | Payments data encryption key |
| payments.worker.temporal-max-concurrent-workflow-task-pollers | Int | | Payments worker max concurrent workflow task pollers configuration |
| payments.worker.temporal-max-concurrent-activity-task-pollers | Int | | Payments worker max concurrent activity task pollers configuration |
Expand All @@ -53,11 +53,12 @@ While we have some basic types (string, number, bool ...), we also have some com
| services.`<service-name>`.annotations | Map | | Allow to specify custom annotations to apply on created k8s services |
| services.`<service-name>`.traffic-distribution | string | PreferSameZone, PreferSameNode, PreferClose | Configure traffic distribution for Kubernetes services (requires Kubernetes 1.34+). See [Kubernetes documentation](https://kubernetes.io/docs/reference/networking/virtual-ips) |
| gateway.ingress.annotations | Map | | Allow to specify custom annotations to apply on the gateway ingress |
| gateway.ingress.hosts | string | {stack}.example.com,{stack}.example.org | Comma-separated list of additional hosts for the gateway ingress. Combined with hosts defined on the Gateway CRD. Supports `{stack}` placeholder |
| gateway.ingress.labels | Map | | Allow to specify custom labels to apply on the gateways ingress |
| logging.json | bool | | Configure services to log as json |
| modules.`<module-name>`.database.connection-pool | Map | max-idle=10, max-idle-time=10s, max-open=10, max-lifetime=5m | Configure database connection pool for each module. See [Golang documentation](https://go.dev/doc/database/manage-connections) |
| orchestration.max-parallel-activities | Int | 10 | Configure max parallel temporal activities on orchestration workers |
| transactionplane.worker-enabled | bool | false | Enable the embedded worker inside the transactionplane server to run a single service instead of separate API and worker processes |
| transactionplane.worker-enabled | bool | false | Enable the embedded worker inside the transactionplane server to run a single service instead of separate API and worker processes |
| modules.`<module-name>`.grace-period | string | 5s | Defer application shutdown |
| namespace.labels | Map | somelabel=somevalue,anotherlabel=anothervalue | Add static labels to namespace |
| namespace.annotations | Map | someannotation=somevalue,anotherannotation=anothervalue | Add static annotations to namespace |
Expand All @@ -77,7 +78,7 @@ While we have some basic types (string, number, bool ...), we also have some com
| gateway.dns.public.record-type | string | CNAME | DNS record type (e.g., CNAME, A, AAAA) |
| gateway.dns.public.provider-specific | Map | alias=true,aws/target-hosted-zone=same-zone | Provider-specific DNS settings for public endpoints |
| gateway.dns.public.annotations | Map | | Annotations to add to the public DNSEndpoint resource |
| networkpolicies.enabled | bool | true | Enable network micro-segmentation within a Stack namespace. When enabled, only the Gateway can reach other services |
| networkpolicies.enabled | bool | true | Enable network micro-segmentation within a Stack namespace. When enabled, only the Gateway can reach other services |

### Postgres URI format

Expand Down
5 changes: 5 additions & 0 deletions ...emplates/crds/apiextensions.k8s.io_v1_customresourcedefinition_gateways.formance.com.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,11 @@ spec:
Indicates the hostname on which the stack will be served.
Example : `formance.example.com`
type: string
hosts:
description: Additional hosts for the ingress. Combined with Host.
items:
type: string
type: array
ingressClassName:
description: Ingress class to use
type: string
Expand Down
Loading