Chart 0.1.0: HTTPRoute template ignores httpRoute.filters

[lewisjared]

Summary

The api and flower HTTPRoute templates render parentRefs, hostnames, and annotations from values, but httpRoute.filters is never referenced. Anyone declaring a filter (e.g. a Traefik Middleware ExtensionRef for forward-auth) gets a silently filterless HTTPRoute -- a serious surprise for any deployment relying on the chart to wire auth/ratelimit/etc onto its routes.

Affected files

• helm/templates/api/httproute.yaml
• helm/templates/flower/httproute.yaml

Both rules: blocks emit only matches + backendRefs. No filters rendering, despite the chart's structure inviting users to set httpRoute.filters.

Reproduce

api:
  httpRoute:
    enabled: true
    filters:
      - type: ExtensionRef
        extensionRef:
          group: traefik.io
          kind: Middleware
          name: authelia-forwardauth

Render -> rendered HTTPRoute has no filters section. The Middleware is never attached, and the route is publicly reachable.

Impact

Found this on a home-lab deployment where Authelia was meant to gate the climate-ref portal and Flower. Both endpoints were wide open: curl -sI returned 200 from uvicorn and 405 from TornadoServer respectively, no Authelia challenge. Easy to miss if you trust the values you've written.

Suggested fix

In both templates, render filters when set:

  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    {{- with .Values.api.httpRoute.filters }}
    filters:
      {{- toYaml . | nindent 4 }}
    {{- end }}
    backendRefs:
    - name: {{ include "ref.fullname" . }}-api
      port: {{ .Values.api.service.port }}

(and analogous for flower). Happy to PR -- let me know whether filters should live per-rule or per-route, and whether sibling fields (timeouts, retries) deserve the same treatment.

Workaround

Disable {api,flower}.httpRoute.enabled and author HTTPRoutes locally with filters wired in.