Istio-learning-note-About-Gateway API（一）

Polished Notes on New Kubernetes Gateway API

I. Understanding Gateway API in Istio

1. Gateway Class: This resource defines the provider of the Gateway control plane pod.

   • Think of it as a template specifying which implementation (e.g., Istio, Nginx) will handle gateway functionality.

2. Gateway: This resource configures network traffic listener aspects.

   • It defines which port and protocol (e.g., port 80, protocol HTTP) the gateway should listen on.

3. HTTPRoute: This resource associates with a specific Gateway and defines routing rules for incoming HTTP traffic.

   • It specifies how to route requests based on paths (e.g., /productpage) to backend services.

II. FAQ

A. Difference between Ingress Controller and Gateway API/Istio Ingress Gateway

• Ingress Controller: Manages ingress for the entire Kubernetes cluster. It's often used with a single host network for multiple services.
• Gateway API/Istio Ingress Gateway: Provides fine-grained control for individual applications and microservices. Each application can have its own Gateway and each microservice can have its own HTTPRoute for routing. They offer more separation of concerns.

B. Work and Contact Surface

• Ingress Controller:

  • Infrastructure engineers typically manage the ingress controller itself (e.g., Nginx).
  • Application developers configure ingress resources to define how to expose services externally.

• Gateway API:

  • Infrastructure engineers create GatewayClass resources specifying gateway implementations.
  • Cluster managers configure Gateway resources with details like domain, port, and allowed namespaces.
  • Application developers define HTTPRoute resources to specify routing rules for their microservices.

Example: Bookinfo Gateway Configuration

Gateway (bookinfo-gateway.yaml):

YAML

apiVersion: v1
items:
- apiVersion: gateway.networking.k8s.io/v1
  kind: Gateway
  name: bookinfo-gateway
  namespace: bookinfo
  spec:
    gatewayClassName: istio  # Uses the "istio" GatewayClass
    listeners:
    - allowedRoutes:
        namespaces:
          from: All  # Allows traffic from any namespace
      name: http
      port: 80
      protocol: HTTP

HTTPRoute (bookinfo.yaml):

YAML

apiVersion: v1
items:
- apiVersion: gateway.networking.k8s.io/v1
  kind: HTTPRoute
  name: bookinfo
  namespace: bookinfo
  spec:
    parentRefs:
    - group: gateway.networking.k8s.io
      kind: Gateway
      name: bookinfo-gateway  # Attaches to the bookinfo-gateway
    rules:
    - backendRefs:
        - group: ""  # Refers to a Service resource
          kind: Service
          name: productpage
          port: 9080
          weight: 1  # Weight for load balancing
      matches:
      - path:
          type: Exact
          value: /productpage  # Route for /productpage path
        - path:
          type: PathPrefix
          value: /static  # Route for paths starting with /static
        - path:  # Additional route examples
          type: Exact
          value: /login
        - path:
          type: Exact
          value: /logout
        - path:
          type: PathPrefix
          value: /api/v1/products

Key Points:

• Gateway API offers more granular control over traffic management compared to a single ingress controller.
• HTTPRoutes enable flexible routing based on path prefixes or exact paths.
• You can configure weights for backend services in HTTPRoutes for load balancing.