Careful!
You are browsing documentation for a version of Kuma that is not the latest release.
Kubernetes Gateway API
Kuma supports configuring built-in gateway using Kubernetes Gateway API.
Installation
Kubernetes Gateway API is still beta, therefore Kuma’s integration provides the same level of stability.
Gateway API is not supported in multi-zone. To use the builtin Gateway, you need to use the MeshGateway
resources.
-
Install the Gateway API CRDs.
The Gateway API CRDs aren’t available in Kubernetes by default yet. You must first install the experimental release that includes those CRDs as well as the admission webhook.
-
Enable Gateway API support.
- With
kumactl
, use the--experimental-gatewayapi
flag. - With Helm, use the
experimental.gatewayAPI=true
value.
- With
Usage
-
Install the counter demo.
-
Add a
Gateway
.The
Gateway
resource represents the proxy instance that handles traffic for a set of Gateway API routes.Every
Gateway
refers to aGatewayClass
by name.For Helm and
kumactl
installations, aGatewayClass
namedkuma
is automatically installed if the Gateway API CRDs are present.When a user applies a
Gateway
resource, Kuma automatically creates aDeployment
of built-in gateways with a correspondingService
.The
Gateway
is now accessible using the external address172.20.0.3:8080
. -
Add an
HTTPRoute
.HTTPRoute
resources contain a set of matching criteria for HTTP requests and upstreamServices
to route those requests to.After creating an
HTTPRoute
, accessing/
forwards a request to the demo app:
TLS termination
Gateway API supports TLS termination by using standard kubernetes.io/tls
Secrets.
Here is an example
Under the hood, Kuma CP copies the Secret
to kuma-system
namespace and converts it to Kuma secret.
It tracks all the changes to the secret and deletes it upon deletion of the original secret.
Customization
Gateway API provides the parametersRef
field on GatewayClass.spec
to provide additional, implementation-specific configuration to Gateways
.
When using Gateway API with Kuma, you can refer to a MeshGatewayConfig
resource:
This resource has the same structure as the MeshGatewayInstance
resource
except that the tags
field is optional.
With a MeshGatewayConfig
you can then customize
the generated Service
and Deployment
resources.
Multi-mesh
You can specify a Mesh
for Gateway
and HTTPRoute
resources
by setting the kuma.io/mesh
annotation
Note that HTTPRoutes
must also have the annotation to reference a
Gateway
from a non-default Mesh
.
Cross-mesh
Cross-mesh gateways are supported with Gateway API.
You’ll just need to create a corresponding GatewayClass
pointing to a MeshGatewayConfig
that
sets crossMesh: true
:
and then reference it in your Gateway
:
Multi-zone
Gateway API isn’t supported with multi-zone deployments, use Kuma’s MeshGateways
/MeshGatewayRoutes
instead.
How it works
Kuma includes controllers that reconcile Gateway API CRDs and convert them into the corresponding Kuma gateway CRDs.
This is why in the GUI, Kuma MeshGateways
/MeshGatewayRoutes
are visible and not Kubernetes Gateway API resources.
Kubernetes Gateway API resources serve as the source of truth for Kuma gateways and any edits to Kuma gateway resources are overwritten.