Kubernetes Gateway API

    is still beta, therefore Kuma’s integration provides the same level of stability.

    Gateway API is not supported in multi-zone. To use the builtin Gateway, you need to use the MeshGateway resources.

    1. Install the Gateway API CRDs.

      The Gateway API CRDs aren’t available in Kubernetes by default yet. You must first .

    2. Enable Gateway API support.

      • With , use the --experimental-gatewayapi flag.
      • With Helm, use the experimental.gatewayAPI=true value.

    Usage

    1. Install the .

    2. Add a Gateway.

      The Gateway resource represents the proxy instance that handles traffic for a set of Gateway API routes.

      For Helm and kumactl installations, a GatewayClass named kuma is automatically installed if the Gateway API CRDs are present.

      If you’ve installed Kuma some other way, you can create your own GatewayClass using the controllerName: gateways.kuma.io/controller:

      1. echo "apiVersion: gateway.networking.k8s.io/v1beta1
      2. kind: GatewayClass
      3. metadata:
      4.   name: kuma
      5. spec:
      6.   controllerName: gateways.kuma.io/controller
      7. " | kubectl apply -f -
      1. echo "apiVersion: gateway.networking.k8s.io/v1beta1
      2. kind: Gateway
      3. metadata:
      4.   name: kuma
      5.   namespace: kuma-demo
      6. spec:
      7.   gatewayClassName: kuma
      8.   listeners:
      9.   - name: proxy
      10.     port: 8080
      11.     protocol: HTTP
      12. " | kubectl apply -f -

      When a user applies a Gateway resource, Kuma automatically creates a Deployment of built-in gateways with a corresponding Service.

      1. NAME                          READY   STATUS    RESTARTS   AGE
      2. redis-59c9d56fc-6gcbc         2/2     Running   0          2m8s
      3. demo-app-5845d6447b-v7npw     2/2     Running   0          2m8s
      4. kuma-4j6wr-58998b5576-25wl6   1/1     Running   0          30s
      6. kubectl get svc -n kuma-demo
      7. NAME         TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
      8. redis        ClusterIP      10.43.223.223   <none>        6379/TCP         3m27s
      9. demo-app     ClusterIP      10.43.216.203   <none>        5000/TCP         3m27s
      10. kuma-pfh4s   LoadBalancer   10.43.122.93    172.20.0.3    8080:30627/TCP   87s

      The is now accessible using the external address 172.20.0.3:8080.

    3. Add an HTTPRoute.

      HTTPRoute resources contain a set of matching criteria for HTTP requests and upstream Services to route those requests to.

      After creating an HTTPRoute, accessing / forwards a request to the demo app:

      1. curl 172.20.0.3:8080/ -i
      1. HTTP/1.1 200 OK
      2. x-powered-by: Express
      3. accept-ranges: bytes
      4. cache-control: public, max-age=0
      5. last-modified: Tue, 20 Oct 2020 17:16:41 GMT
      6. etag: W/"2b91-175470350a8"
      7. content-type: text/html; charset=UTF-8
      8. content-length: 11153
      9. date: Fri, 18 Mar 2022 11:33:29 GMT
      10. x-envoy-upstream-service-time: 2
      11. server: Kuma Gateway
      13. <html>
      14. <head>
      15. ...

    Gateway API supports TLS termination by using standard kubernetes.io/tls Secrets.

    1. apiVersion: v1
    2. kind: Secret
    3. metadata:
    4.   name: secret-tls
    5.   namespace: kuma-demo
    6. type: kubernetes.io/tls
    7. data:
    8.   tls.crt: "MIIEOzCCAyO..." # redacted

    Under the hood, Kuma CP copies the Secret to kuma-system namespace and converts it to . It tracks all the changes to the secret and deletes it upon deletion of the original secret.

    Customization

    Gateway API provides the parametersRef field on GatewayClass.spec to provide additional, implementation-specific configuration to Gateways. When using Gateway API with Kuma, you can refer to a MeshGatewayConfig resource:

    1. apiVersion: gateway.networking.k8s.io/v1beta1
    2. kind: GatewayClass
    3. metadata:
    4.   name: kuma
    5. spec:
    6.   controllerName: gateways.kuma.io/controller
    8.     kind: MeshGatewayConfig
    9.     group: kuma.io
    10.     name: kuma

    This resource has the same except that the tags field is optional. With a MeshGatewayConfig you can then customize the generated Service and Deployment resources.

    You can specify a Mesh for Gateway and HTTPRoute resources by setting the Note that HTTPRoutes must also have the annotation to reference a Gateway from a non-default Mesh.

    Cross-mesh

    are supported with Gateway API. You’ll just need to create a corresponding GatewayClass pointing to a MeshGatewayConfig that sets crossMesh: true:

    1. ---
    2. apiVersion: gateway.networking.k8s.io/v1beta1
    3. kind: GatewayClass
    4. metadata:
    5.   name: kuma-cross-mesh
    6. spec:
    7.   controllerName: gateways.kuma.io/controller
    8.   parametersRef:
    9.     group: kuma.io
    10.     kind: MeshGatewayConfig
    11.     name: default-cross-mesh
    12. ---
    13. apiVersion: kuma.io/v1alpha1
    14. kind: MeshGatewayConfig
    15. metadata:
    16.   name: default-cross-mesh
    17. spec:
    18.   crossMesh: true

    and then reference it in your Gateway:

    1. apiVersion: gateway.networking.k8s.io/v1beta1
    2. kind: Gateway
    3. metadata:
    4.   name: kuma
    5.   namespace: default
    6. spec:
    7.   gatewayClassName: kuma-cross-mesh

    Gateway API isn’t supported with multi-zone deployments, use Kuma’s MeshGateways/MeshGatewayRoutes instead.

    How it works

    Kuma includes controllers that reconcile Gateway API CRDs and convert them into the corresponding Kuma gateway CRDs. This is why in the GUI, Kuma /MeshGatewayRoutes are visible and not Kubernetes Gateway API resources.