Manage Routing with Gateway API

Istio Gateway

References

• Manage routing with Gateway API # Gateway
• Istio / Kubernetes Gateway API # Automated deployment

apiVersion: v1
kind: ConfigMap
metadata:
  name: ingress-infrastructure
  namespace: istio-system
data:
  service: |
    spec:
      type: LoadBalancer
      externalTrafficPolicy: "Local"

  # serviceAccount: |

  deployment: |
    spec:
      replicas: 3
      template:
        spec:
          containers:
            - name: istio-proxy
              resources:
                requests:
                  cpu: 500m
                  memory: 512Mi
                limits:
                  cpu: "2"
                  memory: 1Gi
          affinity:
            nodeAffinity:
              requiredDuringSchedulingIgnoredDuringExecution:
                nodeSelectorTerms:
                  - matchExpressions:
                      - key: topology.kubernetes.io/zone
                        operator: In
                        values:
                          - ap-northeast-2a
                          - ap-northeast-2c
            podAntiAffinity:
              preferredDuringSchedulingIgnoredDuringExecution:
                - weight: 50
                  podAffinityTerm:
                    topologyKey: kubernetes.io/hostname
                    labelSelector:
                      matchExpressions: []
                    matchLabelKeys:
                      - gateway.networking.k8s.io/gateway-name
                      - pod-template-hash

  horizontalPodAutoscaler: |
    spec:
      minReplicas: 3
      maxReplicas: 5

  podDisruptionBudget: |
    spec:
      minAvailable: 1

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: ingress
  namespace: istio-system
spec:
  gatewayClassName: istio
  infrastructure:
    parametersRef:
      group: ""
      kind: ConfigMap
      name: ingress-infrastructure

Cilium Gateway with L2 Announcements

References

• Use Gateway API with Cilium
• Use Cilium Load Balancer
• Use ARP/NDP with Cilium

Use a single-address CiliumLoadBalancerIPPool when the Gateway must use one fixed address. The CiliumL2AnnouncementPolicy selects the Gateway Service by namespace and announces the assigned LoadBalancer IP on the selected interface.

apiVersion: v1
kind: Namespace
metadata:
  name: gateway
---
apiVersion: cilium.io/v2alpha1
kind: CiliumLoadBalancerIPPool
metadata:
  name: gateway-pool
spec:
  blocks:
    - start: 192.0.2.10
      stop: 192.0.2.10
  serviceSelector:
    matchLabels:
      io.kubernetes.service.namespace: gateway
---
apiVersion: cilium.io/v2alpha1
kind: CiliumL2AnnouncementPolicy
metadata:
  name: gateway-l2
spec:
  serviceSelector:
    matchLabels:
      io.kubernetes.service.namespace: gateway
  loadBalancerIPs: true
  interfaces:
    - eth0
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: gateway
  namespace: gateway
spec:
  gatewayClassName: cilium
  addresses:
    - type: IPAddress
      value: 192.0.2.10
  listeners:
    - name: http
      protocol: HTTP
      port: 80
      allowedRoutes:
        namespaces:
          from: All

Verify the generated Cilium Gateway Service and L2 leader lease:

kubectl --context <context> -n gateway get gateway gateway
kubectl --context <context> -n gateway get service
kubectl --context <context> -n kube-system get lease | grep cilium-l2announce