Skip to content

Gateway API

Gateway API is L4 and L7 layer routing project in Kubernetes. It represents next generation of k8s Ingress, LB and Service Mesh APIs. For more information on the project see: Gateway API SIG.

Genestack

For each externally exposed service, example: keystone endpoint, we have a GatewayAPI resource setup to use listeners on services with matching rules based on hostname, for example keystone.your.domain.tld. When a request comes in to the f5 vip for this the vip is setup to pass the traffic to the Metallb external vip address. Metallb then forwards the traffic to the appropriate service endpoint for the gateway controller which matches the hostname and passes the traffic onto the right service. The same applies to internal services. Anything that matches your.domain.tld hostname can be considered internal and handled accordingly.

flowchart LR
    External --> External_VIP_Address --> MetalLB_VIP_Address --> Gateway_Service

The k8s Gateway API is NOT the same an API Gateway. While both sound the same, API Gateway is a more of a general concept that defines a set of resources that exposes capabilities of a backend service but also provide other functionalities like traffic management, rate limiting, authentication and more. It is geared towards commercial API management and monetisation.

Cross Namespace Routing

Gateway API has support for multi-ns and cross namespace routing. Routes can be deployed into different Namespaces and Routes can attach to Gateways across Namespace boundaries. This allows user access control to be applied differently across Namespaces for Routes and Gateways, effectively segmenting access and control to different parts of the cluster-wide routing configuration.

More information on cross namespace routing can be found here.

Resource Models in Gateway API

Type Description
GatewayClass Represents a class of Gateway instances.
Gateway Represents a single Gateway instance.
HTTPRoute Represents a set of HTTP-specific rules for mapping traffic to a backend.
Listener Represents a network endpoint that can accept incoming traffic.

Choosing a Gateway API Implementation

Within Genestack, multiple options are available for use as Gateway API implementations. The following table provides a comparison of the available options.

Backend Options Status
Overview
Envoy Recommended Feature rich, large community, recommended for Production environments.
NGINX Stable codebase, simple implementation