Skip to content

[Helm chart] Adding support for multi hosts and backends #7832

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

[Helm chart] Adding support for multi hosts and backends #7832

wants to merge 7 commits into from

Conversation

@sledress
Copy link

@sledress sledress commented Nov 3, 2025

Description

This PR adds support for multiple hosts in the Helm ingress template (templates/ingress.yaml), allowing SkyPilot to route traffic for several backend services (e.g. SkyPilot API, MLflow, Grafana) through a shared HTTPS Load Balancer and common TLS certificate.

🔧 Implementation details

  • Updated templates/ingress.yaml to replace the single ingress.host key with a new ingress.hosts list.

  • Introduced nested loops to iterate over multiple hosts and paths:

    hosts:
  - host: skypilot.domain.com
    paths:
      - path: /
        serviceName: skypilot-api-service
        servicePort: 80
      - path: /grafana
        serviceName: skypilot-grafana
        servicePort: 80
  - host: mlflow.domain.com
    paths:
      - path: /
        serviceName: mlflow-tracking
        servicePort: 5000

  • Retained the original single-host logic (commented out at the end of the file) to show backward compatibility.

  • No logic was modified outside of templates/ingress.yaml.

🧾 Example rendered ingress

spec:
  rules:
  - host: skypilot.domain.com
    http:
      paths:
      - pathType: Prefix
        path: /
        backend:
          service:
            name: skypilot-api-service
            port:
              number: 80
      - pathType: Prefix
        path: /grafana
        backend:
          service:
            name: skypilot-grafana
            port:
              number: 80
  - host: mlflow.domain.com
    http:
      paths:
      - pathType: Prefix
        path: /
        backend:
          service:
            name: mlflow-tracking
            port:
              number: 5000

🧩 Values example (to document in values.yaml)

# Adding support for multi-host ingress routing
hosts:
  - host: skypilot.domain.com
    paths:
      - path: /
        serviceName: skypilot-api-service
        servicePort: 80

This enables multi-service ingress deployments while keeping compatibility with existing single-host setups.

Describe the tests ran

Environment:

  • GKE internal load balancer (private IP) with pre-shared TLS cert (mlops-gke-gcp)
  • NGINX ingress (K3s on-prem)
  • OAuth2 proxy with HTTPS enabled
  • Multiple backend services under distinct hostnames

Scenarios tested:

  • Single-host (legacy) deployment — ✅ no regression
  • Multi-host ingress with 3 services — ✅ OK
  • TLS certificate reuse (wildcard cert) — ✅ OK
  • Service path routing correctness — ✅ OK
  • No change to other Helm chart components — ✅ OK

Checklist

Tested (run the relevant ones):

  • Code formatting: install pre-commit or run bash format.sh
  • Manual validation on GKE and K3s environments
  • All smoke tests: /smoke-test or pytest tests/test_smoke.py
  • Backward compatibility: /quicktest-core or pytest tests/smoke_tests/test_backward_compat.py

@concretevitamin
Copy link
Member

concretevitamin commented Nov 3, 2025

This is awesome @sledress! Will review soon.

@kevinmingtarja
Copy link
Collaborator

kevinmingtarja commented Nov 3, 2025
edited
Loading

Hi @sledress! Thanks for this PR, I think this would indeed be a common use case as teams using SkyPilot scale up.

However, I think we can achieve the same goal without modifying the Helm chart, by using multiple Ingress resources with the same ingress controller, i.e. by setting ingressClassName to the same ingress controller, so that they automatically share the same L7 load balancer and TLS cert with host-based routing. I am thinking we could do something like:

  1. Deploy SkyPilot normally with existing values:
ingress:
  enabled: true
  host: skypilot.domain.com
  # ... other settings
  1. Create separate Ingress resources for other services (MLflow, etc.)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: mlflow-ingress
  namespace: skypilot # Or another namespace
spec:
  ingressClassName: nginx  # Same controller as the default from our Helm chart (.Values.ingress.ingressClassName)
  rules:
  - host: mlflow.domain.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: mlflow-tracking
            port:
              number: 5000

Could you try and see whether this setup works for you?

If so, would you be interested in contributing a section explaining this pattern to our docs instead? I think this would help a lot of people in the community, as it should be a pretty common pattern!

@sledress
Copy link
Author

sledress commented Nov 4, 2025

Hi @concretevitamin
I'll prepare this test and keep you posted.
For sure, I'd love updating the doc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kevinmingtarja kevinmingtarja Awaiting requested review from kevinmingtarja

@rohansonecha rohansonecha Awaiting requested review from rohansonecha

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sledress @concretevitamin @kevinmingtarja