Wednesday, October 25, 2023

Authors: Lior Lieberman (Google), Kobi Levi (independent)

Today we are releasing ingress2gateway, a tool
that can help you migrate from Ingress to Gateway
API. Gateway API is just weeks away from graduating to GA, if you
haven’t upgraded yet, now’s the time to think about it!

Background

In the ever-evolving world of Kubernetes, networking plays a pivotal role. As more applications are
deployed in Kubernetes clusters, effective exposure of these services to clients becomes a critical
concern. If you’ve been working with Kubernetes, you’re likely familiar with the Ingress API,
which has been the go-to solution for managing external access to services.

The Ingress API provides a way to route external traffic to your applications within the cluster,
making it an indispensable tool for many Kubernetes users. Ingress has its limitations however, and
as applications become more complex and the demands on your Kubernetes clusters increase, these
limitations can become bottlenecks.

Some of the limitations are:

• Insufficient common denominator – by attempting to establish a common denominator for various
  HTTP proxies, Ingress can only accommodate basic HTTP routing, forcing more features of
  contemporary proxies like traffic splitting and header matching into provider-specific,
  non-transferable annotations.
• Inadequate permission model – Ingress spec configures both infrastructure and application
  configuration in one object. With Ingress, the cluster operator and application developer operate
  on the same Ingress object without being aware of each other’s roles. This creates an insufficient
  role-based access control and has high potential for setup errors.
• Lack of protocol diversity – Ingress primarily focuses on HTTP(S) routing and does not provide
  native support for other protocols, such as TCP, UDP and gRPC. This limitation makes it less
  suitable for handling non-HTTP workloads.

Gateway API

To overcome this, Gateway API is designed to provide a more flexible, extensible, and powerful way
to manage traffic to your services.

Gateway API is just weeks away from a GA (General Availability) release. It provides a standard
Kubernetes API for ingress traffic control. It offers extended functionality, improved
customization, and greater flexibility. By focusing on modular and expressive API resources, Gateway
API makes it possible to describe a wider array of routing configurations and models.

The transition from Ingress API to Gateway API in Kubernetes is driven by advantages and advanced
functionalities that Gateway API offers, with its foundation built on four core principles: a
role-oriented approach, portability, expressiveness and extensibility.

A role-oriented approach

Gateway API employs a role-oriented approach that aligns with the conventional roles within
organizations involved in configuring Kubernetes service networking. This approach enables
infrastructure engineers, cluster operators, and application developers to collectively address
different aspect