@@ -119,37 +119,70 @@ Ian, the Gateway is a first-class thing that they think about regularly, while
119119to Ana, it's an implementation detail that she doesn't care about. Neither
120120point of view is wrong, but they are in tension with each other.
121121
122+ In practice, the trick is to find a usable balance between explicitness and
123+ simplicity, while managing ambiguity. A good example is the humble URL, where
124+ the port number is not always explicit, but it _ is_ always unambiguous.
125+ Requiring everyone to type ` :80 ` or ` :443 ` at the end of the host portion of
126+ every URL wouldn't actually help anyone, though allowing it to be specified
127+ explicitly when needed definitely does help people.
128+
122129### Prior Art
123130
124- This is very much not a new problem: there are many other systems out there
125- where being unambiguous is crucial, but where being completely explicit is a
126- burden. One of the simplest examples is the humble URL, where the port number
127- is not always explicit, but it _ is_ always unambiguous. Requiring everyone to
128- type ` :80 ` or ` :443 ` at the end of the host portion of every URL wouldn't
129- actually help anyone, though allowing it to be specified explicitly when
130- needed definitely does help people.
131-
132- The Ingress resource, of course, is another example of prior art: it permitted
133- specifying a default IngressClass, allowing users to create Ingress resources
134- that didn't specify the IngressClass explicitly. As with a great many things
135- in the Ingress API, this caused problems:
136-
137- 1 . Ingress never defined how conflicts between multiple Ingress resources
138- should be handled. Many (most?) implementations merged conflicting
139- resources, which is arguably the worst possible choice.
140-
141- 2 . Ingress also never defined a way to allow users to see which IngressClass
142- was being used by a given Ingress resource, which made it difficult for
143- users to understand what was going on if they were using the default
144- IngressClass.
145-
146- (Oddly enough, Ingress' general lack of attention to separation of concerns
147- wasn't really one of the problems here, since IngressClass was a separate
148- resource.)
149-
150- It's rare to find systems that are completely explicit or completely implicit:
151- in practice, the trick is to find a usable balance between explicitness and
152- simplicity, while managing ambiguity.
131+ - ** Ingress**
132+
133+ The Ingress resource is the most obvious example of prior art: it permitted
134+ specifying a default IngressClass, allowing users to create Ingress
135+ resources that didn't specify the IngressClass explicitly. As with a great
136+ many things in the Ingress API, this caused problems:
137+
138+ 1 . Ingress never defined how conflicts between multiple Ingress resources
139+ should be handled. Many (most?) implementations merged conflicting
140+ resources, which is arguably the worst possible choice.
141+
142+ 2 . Ingress also never defined a way to allow users to see which IngressClass
143+ was being used by a given Ingress resource, which made it difficult for
144+ users to understand what was going on if they were using the default
145+ IngressClass.
146+
147+ (Oddly enough, Ingress' general lack of attention to separation of concerns
148+ wasn't really one of the problems here, since IngressClass was a separate
149+ resource.)
150+
151+ - ** Emissary Mapping**
152+
153+ Emissary-ingress turns this idea on its head: it assumes that app developers
154+ will almost never care about which specific Emissary they're using, and will
155+ instead only care about the hostnames and ports involved.
156+
157+ In Emissary:
158+
159+ - a Listener resource defines which ports and protocols are in play;
160+ - a Host resource defines hostnames, TLS certificates, etc.;
161+ - a Mapping resource is roughly analogous to a Route.
162+
163+ The Listener resource has selectors to control which Hosts it will claim;
164+ Mappings, though, are claimed by Hosts based on the hostname that the
165+ Mapping specifies. In other words, Mappings are not bound to a Listener
166+ explicitly, but rather are bound to a Listener implicitly based on the
167+ hostname that the Mapping specifies. There is no way to _ explicitly_ specify
168+ which Listener a Mapping wants to be claimed by.
169+
170+ This is obviously a very different model from Gateway API, shifting almost
171+ all the work of controlling route binding away from the application
172+ developer onto the cluster operator.
173+
174+ - ** Service**
175+
176+ We could also consider a Service of ` type: LoadBalancer ` as a kind of prior
177+ art: in many cases, Ana can directly create these Services and use them to
178+ provide direct, completely unmediated access to a workload, without
179+ worrying about the specifics of how her cluster provider implements them.
180+
181+ Service's major disadvantages here are that it doesn't support Layer 7
182+ functionality, and that each Service of type ` LoadBalancer ` has direct
183+ costs in many cases. In other words, Service allows Ana to rely on the
184+ cluster provider to create the load balancer, while forcing Ana to shoulder
185+ the burden of basically everything else.
153186
154187### Debugging and Visibility
155188
0 commit comments