feat: gateway api support

Author: cloud-j-luna

.github/actions/setup-ubuntu/action.yaml

@@ -15,7 +15,10 @@ runs:
     - name: Install dependencies
       # Shell must explicitly specify the shell for each step. https://github.com/orgs/community/discussions/18597
       shell: bash
-      run: sudo apt install -y pkg-config make direnv unzip lz4 wget curl npm jq pv coreutils libudev-dev
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y \
+          pkg-config make direnv unzip lz4 wget curl npm jq pv coreutils libudev-dev
     - name: Setup npm
       uses: actions/setup-node@v4
       with:

.github/workflows/integration-tests.yaml

@@ -35,7 +35,10 @@ jobs:
       - name: Install dependencies
         # Shell must explicitly specify the shell for each step. https://github.com/orgs/community/discussions/18597
         shell: bash
-        run: sudo apt install -y pkg-config make direnv unzip lz4 wget curl jq pv coreutils libudev-dev
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y \
+            pkg-config make direnv unzip lz4 wget curl jq pv coreutils libudev-dev
       - name: Detect required Go version
         working-directory: "${{ env.GOPATH }}/src/github.com/akash-network/provider"
         run: |

_docs/kustomize/akash-operator-hostname/cluster-roles.yaml

@@ -21,6 +21,19 @@ rules:
       - delete
       - deletecollection
       - watch
+  - apiGroups:
+      - gateway.networking.k8s.io
+    resources:
+      - httproutes
+      - gateways
+    verbs:
+      - get
+      - list
+      - create
+      - update
+      - delete
+      - deletecollection
+      - watch
   - apiGroups:
       - ""
     resources:

_docs/kustomize/akash-operator-hostname/configmap.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: operator-hostname
+data:
+  k8s-manifest-ns: lease
+  prune-interval: 600s
+  ignore-list-entry-limit: "131072"
+  web-refresh-interval: 5s
+  retry-delay: 3s
+  ignore-list-age-limit: 2613600s
+  event-failure-limit: "3"
+  ingress-mode: ingress
+  gateway-name: akash-gateway
+  gateway-namespace: akash-gateway
+
+

_docs/kustomize/akash-operator-hostname/deployment.yaml

@@ -70,6 +70,21 @@ spec:
                 configMapKeyRef:
                   name: operator-hostname
                   key: event-failure-limit
+            - name: AP_INGRESS_MODE
+              valueFrom:
+                configMapKeyRef:
+                  name: operator-hostname
+                  key: ingress-mode
+            - name: AP_GATEWAY_NAME
+              valueFrom:
+                configMapKeyRef:
+                  name: operator-hostname
+                  key: gateway-name
+            - name: AP_GATEWAY_NAMESPACE
+              valueFrom:
+                configMapKeyRef:
+                  name: operator-hostname
+                  key: gateway-namespace
             - name: AP_POD_NAME
               valueFrom:
                 fieldRef:

_docs/kustomize/akash-operator-hostname/kustomization.yaml

@@ -3,19 +3,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: akash-services
 resources:
+  - configmap.yaml
   - deployment.yaml
   - service.yaml
   - ingress.yaml
   - role-bindings.yaml
   - service-accounts.yaml
   - cluster-roles.yaml
-configMapGenerator:
-  - name: operator-hostname
-    literals:
-      - k8s-manifest-ns=lease
-      - prune-interval=600s
-      - ignore-list-entry-limit=131072
-      - web-refresh-interval=5s
-      - retry-delay=3s
-      - ignore-list-age-limit=2613600s
-      - event-failure-limit=3

_run/kube/Makefile

@@ -46,5 +46,83 @@ clean-kube:
 .PHONY: kube-deployments-rollout
 kube-deployments-rollout: #$(patsubst %, kube-deployment-rollout-%,$(KUSTOMIZE_INSTALLS))
 
+.PHONY: kube-setup-hostname-operator-ingress
+kube-setup-hostname-operator-ingress:
+	@echo "Configuring hostname operator for NGINX Ingress mode..."
+	kubectl wait --for=condition=available deployment/operator-hostname -n akash-services --timeout=90s
+	kubectl patch configmap operator-hostname -n akash-services --type=strategic --patch-file hostname-operator-ingress-patch.yaml
+	kubectl rollout restart deployment/operator-hostname -n akash-services
+	kubectl rollout status deployment/operator-hostname -n akash-services --timeout=60s
+
 .PHONY: kube-setup-kube
-kube-setup-kube:
+kube-setup-kube: kube-setup-hostname-operator-ingress
+
+.INTERMEDIATE: kube-cluster-create-kind-gateway
+kube-cluster-create-kind-gateway: $(KIND)
+	$(KIND) create cluster --config kind-config-gateway.yaml --name "$(KIND_NAME)" --image "$(KIND_IMG)"
+
+KUBE_CREATE_GATEWAY := $(AP_RUN_DIR)/.kube-create-gateway
+
+$(KUBE_CREATE_GATEWAY): $(AP_RUN_DIR) kube-cluster-create-kind-gateway
+	$(SETUP_KUBE) --crd=$(CRD_FILE) kind init "$(KUBE_SSH_NODES)"
+	touch $@
+
+.PHONY: kube-setup-ingress-gateway
+kube-setup-ingress-gateway:
+	kubectl kustomize "https://github.com/nginx/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v2.3.0" | kubectl apply -f -
+	helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric \
+		--create-namespace \
+		-n nginx-gateway \
+		--set nginx.service.type=NodePort \
+		--set-json 'nginx.service.nodePorts=[{"port":31437,"listenerPort":80},{"port":31438,"listenerPort":443}]'
+	kubectl apply -f "$(METALLB_CONFIG_PATH)"
+	kubectl apply -f "$(METALLB_IP_CONFIG_PATH)"
+	kubectl apply -f "$(METALLB_SERVICE_PATH)"
+	kubectl apply -f gateway-resources.yaml
+	@echo "Waiting for Gateway to be ready..."
+	@kubectl wait --for=condition=Programmed gateway/akash-gateway -n akash-gateway --timeout=120s || true
+
+.PHONY: kube-setup-hostname-operator-gateway
+kube-setup-hostname-operator-gateway:
+	@echo "Configuring hostname operator for Gateway API mode..."
+	kubectl wait --for=condition=available deployment/operator-hostname -n akash-services --timeout=90s
+	kubectl patch configmap operator-hostname -n akash-services --type=strategic --patch-file hostname-operator-gateway-patch.yaml
+	kubectl rollout restart deployment/operator-hostname -n akash-services
+	kubectl rollout status deployment/operator-hostname -n akash-services --timeout=60s
+
+.PHONY: kube-cluster-setup-gateway
+kube-cluster-setup-gateway: init \
+	kube-prepare-images \
+	$(KUBE_CREATE_GATEWAY) \
+	kube-cluster-check-info \
+	kube-setup-ingress-gateway \
+	kube-upload-images \
+	kustomize-init \
+	kustomize-deploy-services \
+	kube-deployments-rollout \
+	kube-install-helm-charts \
+	kube-setup-$(AP_RUN_NAME) \
+	kube-setup-hostname-operator-gateway
+
+.PHONY: provider-run-gateway
+provider-run-gateway:
+	$(PROVIDER_SERVICES) run \
+		--from "$(PROVIDER_KEY_NAME)" \
+		--cluster-k8s \
+		--gateway-listen-address "$(GATEWAY_HOST)" \
+		--deployment-ingress-static-hosts true \
+		--deployment-ingress-domain "$(GATEWAY_HOSTNAME)" \
+		--cluster-node-port-quantity 100 \
+		--cluster-public-hostname "$(GATEWAY_HOSTNAME)" \
+		--bid-price-strategy "randomRange" \
+		--deployment-runtime-class "none" \
+		--ip-operator=true \
+		--ingress-mode=gateway-api \
+		--gateway-name=akash-gateway \
+		--gateway-namespace=akash-gateway
+
+# Override the standard kube-cluster-delete-kind to handle both marker files
+.PHONY: kube-cluster-delete
+kube-cluster-delete: $(KIND)
+	$(KIND) delete cluster --name "$(KIND_NAME)"
+	rm -rf $(KUBE_CREATE) $(KUBE_CREATE_GATEWAY)

_run/kube/README.md

@@ -53,10 +53,12 @@ If at any time you'd like to start over with a fresh chain, simply run:
 
 __t1 run__
 ```sh
-make clean kind-cluster-clean
+make clean kube-cluster-delete
 make init
 ```
 
+Note: The same cleanup command works for both NGINX Ingress and Gateway API modes.
+
 ## Initialize
 
 Start and initialize kind.
@@ -73,9 +75,37 @@ there may be a problem.
 
 | Option                                            | __t1 Step: 1__                                             | Explanation                                                                                                                                                        |
 |---------------------------------------------------|------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Map random local port to port 80 of your workload | `make kind-cluster-setup`                                  | This is less error-prone, but makes it difficult to access your app through the browser.                                                                           |
+| Map random local port to port 80 of your workload | `make kind-cluster-setup`                                  | This is less error-prone, but makes it difficult to access your app through the browser. Configures hostname operator for NGINX Ingress mode.                      |
 | Map localhost port 80 to workload                 | `KIND_CONFIG=kind-config-80.yaml make kind-cluster-create` | If anything else is listening on port 80 (any other web server), this method will fail.  If it does succeed, you will be able to browse your app from the browser. |
 
+### Gateway API Setup (Optional)
+
+As an alternative to NGINX Ingress, you can use Kubernetes Gateway API. NGINX Ingress will be EOL by March 2026, so Gateway API is the recommended approach for new deployments.
+
+| Option                                   | __t1 Step: 1 (Gateway API)__     | Explanation                                                                                      |
+|------------------------------------------|----------------------------------|--------------------------------------------------------------------------------------------------|
+| Gateway API with NGINX Gateway Fabric    | `make kube-cluster-setup-gateway`| Creates kind cluster with Gateway API support, installs NGINX Gateway Fabric, and sets up all resources. Configures hostname operator for Gateway API mode. Maps ports 8080 (HTTP) and 8443 (HTTPS). |
+
+This comprehensive setup target:
+- Creates a kind cluster with port mappings for HTTP (8080) and HTTPS (8443)
+- Installs Gateway API CRDs (v1)
+- Installs NGINX Gateway Fabric controller
+- Configures NodePort service for ports 31437 (HTTP) and 31438 (HTTPS)
+- Creates the Gateway resource (`akash-gateway`)
+- Configures the hostname operator for Gateway API mode
+- Sets up all necessary Akash operators and services
+
+You can verify the Gateway is ready:
+```sh
+kubectl get gateway akash-gateway -n akash-gateway
+```
+
+Expected output:
+```
+NAME            CLASS   CLUSTER-IP      ADDRESS        PROGRAMMED   AGE
+akash-gateway   nginx   10.96.x.x       10.96.x.x      True         1m
+```
+
 ## Build Akash binaries and initialize network
 
 Initialize keys and accounts:
@@ -131,17 +161,35 @@ make query-provider
 To run Provider as a simple binary connecting to the cluster, in a third terminal, run the command:
 
 ### __t3 Step: 5__
+
+**With NGINX Ingress (default):**
 ```sh
 make provider-run
 ```
 
+**With Gateway API:**
+```sh
+make provider-run-gateway
+```
+
+The Gateway API mode uses the following flags:
+- `--ingress-mode=gateway-api` - Enable Gateway API instead of NGINX Ingress
+- `--gateway-name=akash-gateway` - Name of the Gateway resource to use
+- `--gateway-namespace=akash-gateway` - Namespace where the Gateway exists
+
 Query the provider service gateway for its status:
 
 __t1 status__
 ```sh
 make provider-status
 ```
 
+When using Gateway API mode, deployments will create `HTTPRoute` resources instead of `Ingress` resources. You can verify this with:
+
+```sh
+kubectl get httproutes -A
+```
+
 ## Create a deployment
 
 Create a deployment from the `main` account with:
@@ -250,6 +298,36 @@ Between the first and second step, the prior deployment's containers will contin
 
 Akash Groups are translated into Kubernetes Deployments, this means that only a few fields from the Akash SDL are mutable. For example `image`, `command`, `args`, `env` and exposed ports can be modified, but compute resources and placement criteria cannot.
 
+## Gateway API vs NGINX Ingress
+
+### Comparison
+
+| Feature | NGINX Ingress (default) | Gateway API |
+|---------|------------------------|-------------|
+| Resource Type | `Ingress` | `HTTPRoute` |
+| Class/Reference | `IngressClass: akash-ingress-class` | `Gateway: akash-gateway` |
+| Annotations | `nginx.ingress.kubernetes.io/*` | `nginx.org/*` |
+| EOL Status | March 2026 | Current standard |
+
+### HTTP Options Translation
+
+The provider automatically translates HTTP options from the SDL to the appropriate annotations:
+
+| SDL Option | NGINX Ingress Annotation | Gateway API Annotation |
+|------------|-------------------------|------------------------|
+| Read Timeout | `nginx.ingress.kubernetes.io/proxy-read-timeout` | `nginx.org/proxy-read-timeout` |
+| Send Timeout | `nginx.ingress.kubernetes.io/proxy-send-timeout` | `nginx.org/proxy-send-timeout` |
+| Max Body Size | `nginx.ingress.kubernetes.io/proxy-body-size` | `nginx.org/client-max-body-size` |
+| Next Upstream Tries | `nginx.ingress.kubernetes.io/proxy-next-upstream-tries` | `nginx.org/proxy-next-upstream-tries` |
+
+### Cleanup
+
+To remove the cluster (works for both NGINX Ingress and Gateway API):
+
+```sh
+make kube-cluster-delete
+```
+
 ## Terminate lease
 
 There are a number of ways that a lease can be terminated.

_run/kube/gateway-resources.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: akash-gateway
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: akash-gateway
+  namespace: akash-gateway
+spec:
+  gatewayClassName: nginx
+  listeners:
+  - name: http
+    port: 80
+    protocol: HTTP
+    allowedRoutes:
+      namespaces:
+        from: All

_run/kube/hostname-operator-gateway-patch.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: operator-hostname
+data:
+  ingress-mode: gateway-api
+  gateway-name: akash-gateway
+  gateway-namespace: akash-gateway
+
+