Ingress vs Gateway API

Ingress supports the following

  • HTTP host matching
  • HTTP path matching
  • TLS termination
  • Routing to service:port
  • For many different load balancer implementations

Gateway adds

  • HTTP header-based matching
  • HTTP header manipulation
  • Weighted traffic splitting
  • Traffic mirroring
  • Role-oriented resource model

and has extensibility for

  • Arbitrary backend CRD references (buckets, functions, etc)
  • Routing for other protocols(gRPC)
  • Custom parameters or configuration (LB algos, custom match types, etc)

Gateway controller manage the network infrastructure on behalf of Gateway resources. There are one or more Gateway classes supported by a Gateway controller. Gateways are created from the Gateway classes and they model the actual network infrastructure which processes the traffic. Gateways can model many different kinds of data planes that perform routing.

Then comes the route resources. Gateway and the HTTP route resources do what the ingress resource does as a single resource. This separation allows different roles to deploy and own that resource. It allows a cluster administrator to mange the Gateway and the policies attached to that Gateway, while individual development teams manage the routing to their application on their own.

roles

Roles involved

Infrastructure Provider

ensures that each cluster is provisioned with a GatewayClass ****for external load balancers

kind: GatewayClass
metadata:
    name: external-lb
spec:
    controller: mygroup.io/gateway
    parametersRef:
        group: k8s.mygroup.io
        kind: GatewayClassParams
        name: external-lb

Cluster Operator

Creates a Gateway for the mygroup team when setting up the cluster

kind: Gateway
metadata:
    name: mygroup-external
spec:
    gatewayClassName: external-lb
    listeners:
    - protocol: HTTP
        port: 80
        routes:
            kind: HTTPRoute
            selector:
                matchLebels:
                    gateway: mygroup-external

Application Developer

creates an HTTPRoute to route external traffic to the application

kind: HTTPRoute
metadata:
    name: mygroup
    labels:
        gateway: mygroup-external
spec:
    hostnames:
    - mygroup.io
        rules:
        - matches:
            path:
                value: /groups
        forwardTo:
            serviceName: mygroup-groups
            port: 8080

Features

Canary Rollout

Application developer wants to do a canary rollout

kind: HTTPRoute
...
    rules:
        - matches:
            path:
                value: /groups
        forwardTo:
            - serviceName: mygroup-groups
                port: 8080
                weight: 90
            - serviceName: mygroup-groups-canary
                port: 8080
                weight: 10

Upgrade Load Balancer

Cluster operator wants to upgrade to the newest kind of LB

kind: Gateway
metadata:
    name: mygroup-external
spec:
    gatewayClassName: new-external-lb
    listeners:
    - protocol: HTTP
        port: 80
        routes:
            kind: HTTPRoute
            selector:
                matchLebels:
                    gateway: mygroup-external

Update Infrastructure Provider

Infrastructure provider wants to provision on a new provider

kind: GatewayClass
metadata:
    name: external-lb
spec:
    controller: new-vendor.io/gateway
    parametersRef:
        group: k8s.mygroup.io
        kind: GatewayClassParams
        name: external-lb