From 545d2d9a89937e6ff8b0cd91175b72d0214f37b4 Mon Sep 17 00:00:00 2001
From: "christian.huth" <christian.huth@proact.eu>
Date: Tue, 16 Jun 2026 15:38:18 +0200
Subject: [PATCH] implement fix for #104

---
 charts/netbird/Chart.yaml                       | 10 ++++------
 .../netbird/templates/server-grpc-service.yaml  | 17 +++++++++++++++++
 charts/netbird/templates/server-grpcroute.yaml  |  2 +-
 .../templates/server-relay-httproute.yaml       |  2 +-
 .../netbird/templates/server-relay-service.yaml | 17 +++++++++++++++++
 5 files changed, 40 insertions(+), 8 deletions(-)
 create mode 100644 charts/netbird/templates/server-grpc-service.yaml
 create mode 100644 charts/netbird/templates/server-relay-service.yaml

diff --git a/charts/netbird/Chart.yaml b/charts/netbird/Chart.yaml
index ff8b23c..b873efb 100644
--- a/charts/netbird/Chart.yaml
+++ b/charts/netbird/Chart.yaml
@@ -31,12 +31,10 @@ annotations:
       url: https://github.com/KitStream/initium
   artifacthub.io/changes: |
     - kind: added
-      description: Gateway API support (HTTPRoute, GRPCRoute, TCPRoute) as an alternative to Ingress, with fail-fast validation rejecting ingressGrpc without TLS
+      description: Add dedicated server-grpc Service with appProtocol kubernetes.io/h2c for Envoy-based Gateway API controllers (Cilium, Envoy Gateway)
     - kind: added
-      description: External relay configuration via server.config.relays with dedicated relay credential secret
-    - kind: added
-      description: server.stunService.nodePort value for a fixed STUN NodePort
+      description: Add dedicated server-relay Service with appProtocol kubernetes.io/ws for Envoy-based Gateway API controllers (Cilium, Envoy Gateway)
     - kind: changed
-      description: Bump NetBird from 0.68.3 to 0.72.3
+      description: GRPCRoute default backendRef now points to the server-grpc Service when backendRefs is not specified
     - kind: changed
-      description: Bump dashboard image from v2.32.4 to v2.39.0
+      description: Relay HTTPRoute default backendRef now points to the server-relay Service when backendRefs is not specified
diff --git a/charts/netbird/templates/server-grpc-service.yaml b/charts/netbird/templates/server-grpc-service.yaml
new file mode 100644
index 0000000..870e4e6
--- /dev/null
+++ b/charts/netbird/templates/server-grpc-service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "netbird.server.fullname" . }}-grpc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "netbird.server.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.server.service.type }}
+  ports:
+    - appProtocol: kubernetes.io/h2c
+      name: http
+      port: {{ .Values.server.service.port }}
+      targetPort: http
+      protocol: TCP
+  selector:
+    {{- include "netbird.server.selectorLabels" . | nindent 4 }}
diff --git a/charts/netbird/templates/server-grpcroute.yaml b/charts/netbird/templates/server-grpcroute.yaml
index d85b795..22740cc 100644
--- a/charts/netbird/templates/server-grpcroute.yaml
+++ b/charts/netbird/templates/server-grpcroute.yaml
@@ -4,7 +4,7 @@
 {{- range .Values.server.grpcRoute.rules }}
   {{- $rule := deepCopy . }}
   {{- if not (hasKey $rule "backendRefs") }}
-    {{- $_ := set $rule "backendRefs" (list (dict "name" $serviceName "port" 80)) }}
+    {{- $_ := set $rule "backendRefs" (list (dict "name" (printf "%s-grpc" $serviceName) "port" 80)) }}
   {{- end }}
   {{- $rules = append $rules $rule }}
 {{- end }}
diff --git a/charts/netbird/templates/server-relay-httproute.yaml b/charts/netbird/templates/server-relay-httproute.yaml
index 415df79..a4f9868 100644
--- a/charts/netbird/templates/server-relay-httproute.yaml
+++ b/charts/netbird/templates/server-relay-httproute.yaml
@@ -4,7 +4,7 @@
 {{- range .Values.server.relayHttpRoute.rules }}
   {{- $rule := deepCopy . }}
   {{- if not (hasKey $rule "backendRefs") }}
-    {{- $_ := set $rule "backendRefs" (list (dict "name" $serviceName "port" 80)) }}
+    {{- $_ := set $rule "backendRefs" (list (dict "name" (printf "%s-relay" $serviceName) "port" 80)) }}
   {{- end }}
   {{- $rules = append $rules $rule }}
 {{- end }}
diff --git a/charts/netbird/templates/server-relay-service.yaml b/charts/netbird/templates/server-relay-service.yaml
new file mode 100644
index 0000000..bc4c178
--- /dev/null
+++ b/charts/netbird/templates/server-relay-service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "netbird.server.fullname" . }}-relay
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "netbird.server.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.server.service.type }}
+  ports:
+    - appProtocol: kubernetes.io/ws
+      name: http
+      port: {{ .Values.server.service.port }}
+      targetPort: http
+      protocol: TCP
+  selector:
+    {{- include "netbird.server.selectorLabels" . | nindent 4 }}