Polished Notes on New Kubernetes Gateway API
I. Understanding Gateway API in Istio
-
Gateway Class: This resource defines the provider of the Gateway control plane pod.
- Think of it as a template specifying which implementation (e.g., Istio, Nginx) will handle gateway functionality.
-
Gateway: This resource configures network traffic listener aspects.
- It defines which port and protocol (e.g., port 80, protocol HTTP) the gateway should listen on.
-
HTTPRoute: This resource associates with a specific Gateway and defines routing rules for incoming HTTP traffic.
- It specifies how to route requests based on paths (e.g.,
/productpage) to backend services.
- It specifies how to route requests based on paths (e.g.,
II. FAQ
A. Difference between Ingress Controller and Gateway API/Istio Ingress Gateway
- Ingress Controller: Manages ingress for the entire Kubernetes cluster. It's often used with a single host network for multiple services.
- Gateway API/Istio Ingress Gateway: Provides fine-grained control for individual applications and microservices. Each application can have its own Gateway and each microservice can have its own HTTPRoute for routing. They offer more separation of concerns.
B. Work and Contact Surface
-
Ingress Controller:
- Infrastructure engineers typically manage the ingress controller itself (e.g., Nginx).
- Application developers configure ingress resources to define how to expose services externally.
-
Gateway API:
- Infrastructure engineers create GatewayClass resources specifying gateway implementations.
- Cluster managers configure Gateway resources with details like domain, port, and allowed namespaces.
- Application developers define HTTPRoute resources to specify routing rules for their microservices.
Example: Bookinfo Gateway Configuration
Gateway (bookinfo-gateway.yaml):
YAML
apiVersion: v1
items:
- apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
name: bookinfo-gateway
namespace: bookinfo
spec:
gatewayClassName: istio # Uses the "istio" GatewayClass
listeners:
- allowedRoutes:
namespaces:
from: All # Allows traffic from any namespace
name: http
port: 80
protocol: HTTPHTTPRoute (bookinfo.yaml):
YAML
apiVersion: v1
items:
- apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
name: bookinfo
namespace: bookinfo
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: bookinfo-gateway # Attaches to the bookinfo-gateway
rules:
- backendRefs:
- group: "" # Refers to a Service resource
kind: Service
name: productpage
port: 9080
weight: 1 # Weight for load balancing
matches:
- path:
type: Exact
value: /productpage # Route for /productpage path
- path:
type: PathPrefix
value: /static # Route for paths starting with /static
- path: # Additional route examples
type: Exact
value: /login
- path:
type: Exact
value: /logout
- path:
type: PathPrefix
value: /api/v1/productsKey Points:
- Gateway API offers more granular control over traffic management compared to a single ingress controller.
- HTTPRoutes enable flexible routing based on path prefixes or exact paths.
- You can configure weights for backend services in HTTPRoutes for load balancing.