|
| 1 | +--- |
| 2 | +layout: blog |
| 3 | +title: "TBD" |
| 4 | +date: 2023-10-18T10:00:00-08:00 |
| 5 | +slug: <What is it?> |
| 6 | +--- |
| 7 | + |
| 8 | +***Authors:*** Lior Lieberman (Google), Kobi Levi (independent) |
| 9 | + |
| 10 | +In the ever-evolving world of Kubernetes, networking plays a pivotal role. As more applications are deployed in Kubernetes clusters, effectively exposing these services to clients outside the cluster becomes a critical concern. If you've been working with Kubernetes, you're likely familiar with the Ingress API, which has been the go-to solution for managing external access to services. |
| 11 | + |
| 12 | +The Ingress API provides a way to route external traffic to your applications within the cluster, making it an indispensable tool for many Kubernetes users. However, Ingress has its limitations, and as applications become more complex and the demands on your Kubernetes clusters increase, these limitations can become bottlenecks. |
| 13 | + |
| 14 | +Some of the limitations are; |
| 15 | + |
| 16 | +- **Insufficient common denominator** - by attempting to establish a common denominator for various HTTP proxies, Ingress can only accommodate fundamental HTTP routing, forcing more features of contemporary proxies like traffic splitting, header matching and sticky sessions into provider-specific, non-transferable annotations. |
| 17 | +- **Inadequate permission model** - Ingress spec configures both infrastructure and application configuration in one object. With Ingress, the cluster operator and application developer operate on the same Ingress object without being aware of each other’s roles. This creates an insufficient role-based access control and has high potential for setup errors. |
| 18 | +- **Lack of protocol diversity** - Ingress primarily focuses on HTTP(S) routing and does not provide native support for other protocols, such as TCP, UDP and GRPc. This limitation makes it less suitable for handling non-HTTP workloads. |
| 19 | + |
| 20 | +To overcome this, the Gateway API, ingress’ successor, is designed to provide a more flexible, extensible, and powerful way to manage external traffic to your services. It's not just a replacement for Ingress; it's a leap forward in Kubernetes networking. |
| 21 | + |
| 22 | +## Introducing Gateway API |
| 23 | +Gateway API, with its official General Availability (GA) planned for late October, provides a standard Kubernetes API for ingress traffic control. It offers extended functionality, improved customization, and greater flexibility. By focusing on modular and expressive API resources, Gateway API makes it possible to describe a wider array of routing configurations and models. |
| 24 | + |
| 25 | +The transition from Ingress API to Gateway API in Kubernetes is driven by advantages and advanced functionalities that the Gateway API offers, with its foundation built on four core principles: a role-oriented approach, portability, expressiveness and extensibility. |
| 26 | + |
| 27 | +### A Role-Oriented Approach |
| 28 | + |
| 29 | +The Gateway API employs a role-oriented approach that aligns with the conventional roles within organizations involved in configuring Kubernetes service networking. This approach enables infrastructure engineers, cluster operators, and application developers to collectively address different aspects of the Gateway API. |
| 30 | + |
| 31 | +For instance, infrastructure engineers play a pivotal role in deploying GatewayClasses, cluster-scoped resources that act as templates to explicitly define behavior for Gateways derived from them, laying the groundwork for robust service networking. |
| 32 | + |
| 33 | +<!-- TODO(liorlieberman) --> |
| 34 | +<!-- Subsequently, cluster operators utilize these GatewayClasses to deploy gateways, brief whats gateways> --> |
| 35 | + |
| 36 | +<!-- Lastly, application developers … --> |
| 37 | + |
| 38 | + |
| 39 | + |
| 40 | +### Portability |
| 41 | +Gateway API is designed to be more portable across different implementations, clusters and environments. It helps reduce Ingress' reliance on non-portable, provider-specific annotations, making your configurations more consistent and easier to manage across multiple clusters. |
| 42 | + |
| 43 | +### Expressiveness |
| 44 | +The Gateway API sets Kuberentes standard support of a wide range of features, such as header-based matching, traffic splitting, weight-based routing, request mirroring and more. With Ingress, these features need custom provider-specific annotations. |
| 45 | + |
| 46 | +### Extensibility |
| 47 | +Gateway API allows for custom resources to be linked at various layers of the API. This makes granular customization possible at the appropriate places within the API structure. |
| 48 | + |
| 49 | +## Getting Started |
| 50 | + |
| 51 | +### Gateway API Quick Start |
| 52 | + |
| 53 | +<!-- TODO(liorlieberman) - either put it here or provide links to reference on how to install and deploy a service exposed with a Gateway and HTTPRoute. --> |
| 54 | + |
| 55 | +### Migrating from Ingress to Gateway API using Ingress2Gateway |
| 56 | +Migrating from Ingress to the Gateway API may seem intimidating, but luckily Kubernetes SIG-Network provides a tool to simplify the process. Ingress2Gateway assists in the migration by converting your existing Ingress resources into Gateway API resources. To get started with ingress2gateway, you need to first install the tool. |
| 57 | + |
| 58 | +``` |
| 59 | +go install github.com/kubernetes-sigs/ingress2gateway@latest |
| 60 | +``` |
| 61 | +This will install ingress2gateway to $(go env GOPATH)/bin/ingress2gateway |
| 62 | + |
| 63 | +<!-- TODO(liorlieberman) --> |
| 64 | +To install it using a different way refer to <link>. |
| 65 | + |
| 66 | +Once the tool is installed, you can use it to convert the ingress resources in your cluster to GatewayAPI resources. |
| 67 | + |
| 68 | +``` |
| 69 | +ingress2gateway print |
| 70 | +``` |
| 71 | + |
| 72 | +This above command will: |
| 73 | + |
| 74 | +1. Read your Kube config file to extract the cluster credentials and the current active namespace. |
| 75 | +1. Search for ingresses and provider-specific resources in that namespace. |
| 76 | +1. Convert them to Gateway-API resources (Currently only Gateways and HTTPRoutes). |
| 77 | +For other options refer run the tool with `-h` or refer to https://github.com/kubernetes-sigs/ingress2gateway#options |
| 78 | + |
| 79 | +Review the converted Gateway API resources, validate them, and then apply them to your cluster. |
| 80 | + |
| 81 | +## Wrapping up |
| 82 | +Achieving reliable, scalable and extensible networking has always been a challenging objective. |
| 83 | +The Gateway API is designed to improve the current Kubernetes networking standards like ingress and/or implementation specific annotations and CRDs. |
| 84 | +By focusing on modular and expressive API resources, and a role-oriented approach, the Gateway API makes it possible to describe a wider array of routing configurations and models while improving security and ensuring smooth collaboration across different teams (infrastructure and application teams). |
| 85 | + |
| 86 | +It is a Kubernetes standard API, consistent across different platforms and implementations and most importantly it is future proof. The Gateway API is considered the Ingress’ successor, it has a sub team under SIG-Network that actively work on it and manage the ecosystem and it is likely to receive more updates and community support. |
| 87 | + |
| 88 | +To ease the migration process, you should definitely check Ingress2gateway. This tool will help you convert your ingresses to Gateway API resources. It has recently added support for extending it with provider-specific logic, meaning it can also translate implementations specific CRDs or ingress annotations to the relevant Gateway API configurations. |
| 89 | + |
| 90 | + |
| 91 | +### Try it out and get involved |
| 92 | +There are many resources to check out to learn more. |
| 93 | + |
| 94 | +<!-- TODO(liorlieberman) --> |
| 95 | +<!-- - Ingress2gateway readme link |
| 96 | +- <Gateway api usage links> |
| 97 | +- <gateway API implementations support> --> |
0 commit comments