From 72e56618cb4120acaf70c75b58ccccad01152bec Mon Sep 17 00:00:00 2001 From: Flynn Date: Wed, 23 Jul 2025 15:34:48 -0400 Subject: [PATCH 1/4] Links for personas Signed-off-by: Flynn --- geps/gep-3792/index.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/geps/gep-3792/index.md b/geps/gep-3792/index.md index 802d729c97..c9955326fd 100644 --- a/geps/gep-3792/index.md +++ b/geps/gep-3792/index.md @@ -15,12 +15,13 @@ using a Service of type LoadBalancer fronting a Kubernetes pod running a proxy. This is simple to reason about, easy to manage for sidecar meshes, and will presumably be an important implementation mechanism for the foreseeable future. Some cloud providers, though, are moving the proxy outside of the -cluster, for various reasons which are out of the scope of this GEP. Chihiro -and Ian want to be able to use these out-of-cluster proxies effectively and +cluster, for various reasons which are out of the scope of this GEP. [Chihiro] +and [Ian] want to be able to use these out-of-cluster proxies effectively and safely, though they recognize that this may require additional configuration. [Chihiro]: https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#chihiro [Ian]: https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#ian +[Ana]: https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#ana ### Nomenclature and Background @@ -74,7 +75,7 @@ In this GEP: ## Goals -- Allow Chihiro and Ian to configure an OCG and a mesh such that the OCG can +- Allow [Chihiro] and [Ian] to configure an OCG and a mesh such that the OCG can usefully participate in the mesh, including: - The OCG must be able to securely communicate with meshed workloads in @@ -91,7 +92,7 @@ In this GEP: - The OCG must be able to distinguish meshed workloads from non-meshed workloads, so that it can communicate appropriately with each. -- Allow Ana to develop and operate meshed applications without needing to know +- Allow [Ana] to develop and operate meshed applications without needing to know whether the Gateway she's using is an OCG or an in-cluster Gateway. - Define a basic set of requirements for OCGs and meshes that want to @@ -162,7 +163,7 @@ configuration. To allow the OCG to _usefully_ participate in the mesh, we need to solve at least four significant problems. Thankfully, these are mostly problems for -Chihiro -- if we do our jobs correctly, Ana will never need to know. +[Chihiro] -- if we do our jobs correctly, [Ana] will never need to know. #### 1. The Trust Problem From 9255ee4cb62a6d71812c803c533cf20b553e724c Mon Sep 17 00:00:00 2001 From: Flynn Date: Wed, 23 Jul 2025 15:45:52 -0400 Subject: [PATCH 2/4] Switch to Memorandum rather than Provisional. Link to GEP-3949 for the Mesh resource, and define that the API will be different GEPs. Signed-off-by: Flynn --- geps/gep-3792/index.md | 55 +++++++++++++++++-------------------- geps/gep-3792/metadata.yaml | 8 ++++-- 2 files changed, 31 insertions(+), 32 deletions(-) diff --git a/geps/gep-3792/index.md b/geps/gep-3792/index.md index c9955326fd..ec08b22cd8 100644 --- a/geps/gep-3792/index.md +++ b/geps/gep-3792/index.md @@ -1,10 +1,17 @@ # GEP-3792: Out-of-Cluster Gateways * Issue: [#3792](https://github.com/kubernetes-sigs/gateway-api/issues/3792) -* Status: Provisional +* Status: Memorandum (See [status definitions](../overview.md#gep-states).) +The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", +"SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this +document are to be interpreted as described in BCP 14 ([RFC8174]) when, and +only when, they appear in all capitals, as shown here. + +[RFC8174]: https://www.rfc-editor.org/rfc/rfc8174 + ## User Story **[Chihiro] and [Ian] want a way for out-of-cluster Gateways to be able to @@ -19,6 +26,10 @@ cluster, for various reasons which are out of the scope of this GEP. [Chihiro] and [Ian] want to be able to use these out-of-cluster proxies effectively and safely, though they recognize that this may require additional configuration. +This GEP defines the problems that need to be solved to allow out-of-cluster +Gateways (OCGs) to usefully participate in a GAMMA-compliant in-cluster mesh. +The API to actually solve these problems will be defined in a future GEP. + [Chihiro]: https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#chihiro [Ian]: https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#ian [Ana]: https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#ana @@ -227,39 +238,23 @@ the same configuration, or you'll need to provide a single Route with multiple ## API -Most of the API work for this GEP is TBD at this point, but there are two +The API for OCG support will be defined in future GEPs, but there are a two important points to note: -First, Gateway API has never defined a Mesh resource because, to date, it's -never been clear what would go into it. This may be the first configuration -item that causes us to need a Mesh resource. +1. Gateway API has never defined a Mesh resource because, to date, it's never + been clear what would go into it. With the conformance work in progress and + with OCG support desired, we clearly will need a Mesh resource. The Mesh + resource is defined in [GEP-3949](../gep-3949/index.md). -Second, since the API should affect only Gateway API resources, it is not a -good candidate for policy attachment. It is likely to be much more reasonable -to simply provide whatever extra configuration we need inline in the Gateway -or Mesh resources. +2. Since the API should affect only Gateway API resources, it is not a good + candidate for policy attachment. It is likely to be much more reasonable to + simply provide whatever extra configuration we need inline in the Gateway + or Mesh resources. ## Graduation Criteria In addition to the [general graduation -criteria](../concepts/versioning.md#graduation-criteria), this GEP must also -guarantee that **all four** of the problems listed above need resolutions, and -must have implementation from at least two different Gateways and two -different meshes. - -### Gateway for Ingress (North/South) - -### Gateway For Mesh (East/West) - -## Conformance Details - -#### Feature Names - -This GEP will use the feature name `MeshOffClusterGateway`, under the -assumption that we will indeed need a Mesh resource. - -### Conformance tests - -## Alternatives - -## References +criteria](../concepts/versioning.md#graduation-criteria), before any GEP +defining an API for OCG support graduates to Standard it MUST also demonstrate +a resolution to **all four** of the problems listed, and it MUST have +implementation from at least two different Gateways and two different meshes. diff --git a/geps/gep-3792/metadata.yaml b/geps/gep-3792/metadata.yaml index 4478b32b1e..e1edc3a31a 100644 --- a/geps/gep-3792/metadata.yaml +++ b/geps/gep-3792/metadata.yaml @@ -20,10 +20,14 @@ relationships: extendedBy: {} # seeAlso indicates other GEPs that are relevant in some way without being # covered by an existing relationship. - seeAlso: {} + seeAlso: + - number: 3949 + name: Mesh Resource + description: Defines the Mesh resource for managing service mesh configurations. # references is a list of hyperlinks to relevant external references. # It's intended to be used for storing GitHub discussions, Google docs, etc. -references: {} +references: + - https://www.rfc-editor.org/rfc/rfc8174 # featureNames is a list of the feature names introduced by the GEP, if there # are any. This will allow us to track which feature was introduced by which GEP. # This is the value added to supportedFeatures and the conformance tests, in string form. From 310905f8d02c3415f1ada59f6a55d0fb67875c12 Mon Sep 17 00:00:00 2001 From: Flynn Date: Wed, 23 Jul 2025 15:52:10 -0400 Subject: [PATCH 3/4] Minor wordsmithing Signed-off-by: Flynn --- geps/gep-3792/index.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/geps/gep-3792/index.md b/geps/gep-3792/index.md index ec08b22cd8..b3a7994071 100644 --- a/geps/gep-3792/index.md +++ b/geps/gep-3792/index.md @@ -28,7 +28,8 @@ safely, though they recognize that this may require additional configuration. This GEP defines the problems that need to be solved to allow out-of-cluster Gateways (OCGs) to usefully participate in a GAMMA-compliant in-cluster mesh. -The API to actually solve these problems will be defined in a future GEP. +The API to actually solve these problems will be defined in one or more future +GEPs. [Chihiro]: https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#chihiro [Ian]: https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/#ian From 9c215ace64c4ec724170233a0c75e89944de07fb Mon Sep 17 00:00:00 2001 From: Flynn Date: Fri, 25 Jul 2025 17:25:06 -0400 Subject: [PATCH 4/4] Correctly switch to Memorandum Signed-off-by: Flynn --- geps/gep-3792/metadata.yaml | 2 +- mkdocs.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/geps/gep-3792/metadata.yaml b/geps/gep-3792/metadata.yaml index e1edc3a31a..b586a440cc 100644 --- a/geps/gep-3792/metadata.yaml +++ b/geps/gep-3792/metadata.yaml @@ -2,7 +2,7 @@ apiVersion: internal.gateway.networking.k8s.io/v1alpha1 kind: GEPDetails number: 3792 name: Out-of-Cluster Gateways -status: Provisional +status: Memorandum # Any authors who contribute to the GEP in any way should be listed here using # their GitHub handle. authors: diff --git a/mkdocs.yml b/mkdocs.yml index d29e212746..d915a4f479 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -131,7 +131,6 @@ nav: - geps/gep-1651/index.md - geps/gep-2648/index.md - geps/gep-3779/index.md - - geps/gep-3792/index.md - Implementable: - geps/gep-91/index.md - geps/gep-3567/index.md @@ -178,6 +177,7 @@ nav: - geps/gep-2659/index.md - geps/gep-2722/index.md - geps/gep-2907/index.md + - geps/gep-3792/index.md - Declined: - geps/gep-735/index.md - geps/gep-1282/index.md