Ingress? That’s So 2020! Introducing the Kubernetes Gateway API
•
1 like•261 views
SpringOne 2021: Session Title: Ingress? That’s So 2020! Introducing the Kubernetes Gateway API Speakers: Abhinav Rau, Principal Architect at Google; Madhav Sathe, Cloud Customer Engineer at Google
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Ingress? That’s So 2020! Introducing the Kubernetes Gateway API
Similar to Ingress? That’s So 2020! Introducing the Kubernetes Gateway API (20)
More from VMware Tanzu
More from VMware Tanzu (20)
Recently uploaded
Recently uploaded (20)
Ingress? That’s So 2020! Introducing the Kubernetes Gateway API
- 1. © 2020 Google LLC. All rights reserved. Ingress? That’s so 2020! Introducing the Kubernetes Gateway API Madhav Sathe @madhav_sathe Abhinav Rau @abhinavrau SpringOne 1st September 2021 https://github.com/abhinavrau/k8s-gateway-demo
- 2. Copyright 2021 Google LLC. This solution, including any related sample code or data, is made available on an “as is,” “as available,” and “with all faults” basis, solely for illustrative purposes, and without warranty or representation of any kind. This solution is experimental, unsupported and provided solely for your convenience. Your use of it is subject to your agreements with Google, as applicable, and may constitute a beta feature as defined under those agreements. To the extent that you make any data available to Google in connection with your use of the solution, you represent and warrant that you have all necessary and appropriate rights, consents and permissions to permit Google to use and process that data. By using any portion of this solution, you acknowledge, assume and accept all risks, known and unknown, associated with its usage, including with respect to your deployment of any portion of this solution in your systems, or usage in connection with your business, if at all. SAFE HARBOR
- 3. © 2020 Google LLC. All rights reserved. Ingress → Gateway API - Welcome to 2021! 1 Gateway API in Action 2 I need some GitOps! 3 Cloud Build + GitOps + Gateway API = Superpowers 4
- 4. Proprietary + Confidential © 2020 Google LLC. All rights reserved. Ingress Review apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: foo-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target:/ spec: hostnames: - "foo.com" rules: - http: paths: - path: /v2 backend: serviceName: foo-v2 servicePort: 8080 - path: / backend: serviceName: foo-v1 servicePort: 8080 Platform Admin App Owner
- 5. © 2020 Google LLC. All rights reserved. bar Namespace foo Namespace Gateway HTTPRoute GatewayClass Services HTTPRoute Services Platform Admin App Owner App Owner Platform Provider What is the Gateway API? ��🏽♀ gateway-api.sigs.k8s.io
- 6. © 2020 Google LLC. All rights reserved. foo Namespace bar Namespace infra Namespace Route Binding kind: HTTPRoute metadata: name: route-foo namespace: foo labels: gateway: external-http spec: hostnames: - "foo.com" rules: - forwardTo: - serviceName: foo-v1 port: 8080 kind: Gateway metadata: name: gateway namespace: infra spec: gatewayClassName: istio listeners: - protocol: HTTP port: 80 routes: kind: HTTPRoute selector: matchLabels: gateway: external-http Platform admin foo Developer kind: HTTPRoute metadata: name: route-bar namespace: bar labels: gateway: external-http spec: hostnames: - "bar.com" rules: - forwardTo: - serviceName: bar-v1 port: 8080 bar Developer
- 7. © 2020 Google LLC. All rights reserved. Why a new API? ● HTTP header-based matching ● HTTP header manipulation ● Weighted traffic splitting ● Traffic mirroring ● Role-oriented resource model ● Arbitrary backend CRD references (buckets, functions, etc.) ● Routing for other protocols (i.e. gRPC) ● Custom Parameters or configuration (LB algos, custom match types, etc.) “Extended” support “Custom” extensions Ingress Gateway API adds ● HTTP host matching ● HTTP path matching ● TLS ● Routing to Service:port ● Many Load Balancer Implementations
- 8. © 2020 Google LLC. All rights reserved. Ingress → Gateway API - Welcome to 2021! 1 Gateway API in Action 2 I need some GitOps! 3 Cloud Build + GitOps + Gateway API = Superpowers 4
- 9. © 2020 Google LLC. All rights reserved. Weighted Routing kind: HTTPRoute apiVersion: networking.x-k8s.io/v1alpha1 metadata: name: foo-route namespace: foo labels: gateway: external-http spec: hostnames: - "foo.com" rules: - forwardTo: - serviceName: foo-v1 port: 8080 weight: 50 - serviceName: foo-v2 port: 8080 weight: 50 50% 50%
- 10. © 2020 Google LLC. All rights reserved. Ingress → Gateway API - Welcome to 2021! 1 Gateway API in Action 2 I need some GitOps! 3 Cloud Build + GitOps + Gateway API = Superpowers 4
- 11. Config Sync Define configuration as data in a secure, version controlled repository GIT as a single source of truth for desired state Continuously match the runtime state of the cluster to the desired state in GIT
- 12. © 2020 Google LLC. All rights reserved. Anthos cluster Anthos cluster Push Config Updates Watch for Updates & Pull New Version Anthos Clusters on-prem, edge, other clouds Cloud-based Observability GKE Cluster GKE Cluster GKE Cluster Anthos cluster Anthos cluster Attached Clusters Managing thousands of clusters with GitOps/NoOps Cluster Admin
- 13. © 2020 Google LLC. All rights reserved. Separation of concerns with Multi Repo Config Sync foo Namespace Cluster Foo App Namespace foo Namespace Bar App Namespace Cluster Admin Foo App Owner Bar App Owner Root Repo Foo Repo Bar Repo Helps to take advantage of separation concerns in Gateway API
- 14. © 2020 Google LLC. All rights reserved. foo Namespace istio-system Namespace Cluster Root Repo Namespace Repo App Owner Cluster Admin Separation of concerns with Multi Repo Config Sync
- 15. © 2020 Google LLC. All rights reserved. Benefits of Multi-Repo Config Sync - Consistently manage fleet of clusters - Prevent config drifts & shadow-ops - Namespaces for platform concerns e.g. instance of Gateway or logging and monitoring agents - Namespace for each app team - Restrict the type of resources a namespace can deploy App Owner → Namespace Repo Cluster Admin → Root Repo - No more “kubectl apply -f”, no overhead of external CD pipeline - Independent ownership of the GitOps repo for apps - Consistent deployment across fleet of clusters - Freedom to deploy without dependency on cluster admin - Reduces lead-time and increases deployment frequency
- 16. © 2020 Google LLC. All rights reserved. Ingress → Gateway API - Welcome to 2021! 1 Gateway API in Action 2 I need some GitOps! 3 Cloud Build + GitOps + Gateway API = Superpowers 4
- 17. © 2020 Google LLC. All rights reserved. Continuous Integration Cloud Build Container Registry Code Repo Foo Namespace Repo Kustomize Deployment, Service & Http Route Rollout & Rollback Cloud Build Kustomize Foo App Developer DevOps Engineer New code Manual Render YAML & Git push Render YAML & Git push foo Namespace Cluster Foo Namespace triggers... pull... Cloud Build + Config Sync + Gateway API: Agility Superpowers!
- 18. © 2020 Google LLC. All rights reserved. Continuous Integration Cloud Build Container Registry Code Repo Foo Namespace Repo Kustomize Deployment, Service & Http Route Rollout & Rollback Cloud Build Kustomize Foo App Developer New code Render YAML & Git push Render YAML & Git push foo Namespace Cluster Foo Namespace triggers... pull... Observability Pub/Sub Metrics driven triggers... Cloud Build + Config Sync + Gateway API: Agility Superpowers!
- 19. Proprietary + Confidential © 2020 Google LLC. All rights reserved. Key Takeaways ● Gateway API ○ Traffic Splitting without Service Mesh ○ Separation of Concerns. Cluster Admin vs. App Owner ● Config Sync ○ Consistently manage a fleet of Clusters ○ Prevent configuration drift & shadow-ops ● Cloud Build + Gateway API + Multi Repo Config Sync ○ Superpowers!!!
- 20. © 2020 Google LLC. All rights reserved. Thank you! https://github.com/abhinavrau/k8s-gateway-demo