-
Notifications
You must be signed in to change notification settings - Fork 480
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GEP: Standard Mechanism to Merge Multiple Gateways #1713
Comments
+1 to this proposal.
|
FWIW how we do this in Istio is https://istio.io/latest/docs/tasks/traffic-management/ingress/gateway-api/#manual-deployment. Basically the same way to apply 1 Gateway to a manually deployed Deployment/Service instead of automatically deployed one can be used to apply N Gateways and merge them. If they want automated deployment and merging, they would make one "root" Gateway and attach all others. Actually that is another use case for #1596 |
@howardjohn conformance tests dont pass when the implementation merges the listeners, envoyproxy/gateway#349 has more context |
I don't think something implicitly deciding to collapse or not is a great idea which is the root cause of that. In the Istio way users have to explicitly opt into merging, which the conformance tests don't do, so we don't have an issue. |
yeah, Im hoping the intent to merge is defined by Gateway API, else implementations will add their own |
@shaneutt curious what does the label |
@dprotaso we're in the midst of trying to better organize things based on priority. Given that 3 people are interested in this one, |
Knative uses multiple Kubernetes Services to resolve port conflicts. Our custom Istio installation has a single k8s deployment serving public traffic and internal traffic. This is because we create one K8s Service with Thus if the Gateway resource had a apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: prod-internal
spec:
gatewayClassName: acme-lb
group: knative
scope: Internal
listeners:
- protocol: HTTP
port: 80
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: prod-web
spec:
gatewayClassName: acme-lb
group: knative
scope: Public
listeners:
- protocol: HTTP
port: 80 to be done by creating the following K8s Services apiVersion: v1
kind: Service
metadata:
name: prod-internal
spec:
type: ClusterIP
ports:
- name: http2
port: 80
targetPort: 8081 # Dynamically allocated port
---
apiVersion: v1
kind: Service
metadata:
name: prod-web
spec:
type: LoadBalancer
ports:
- name: http2
port: 80
targetPort: 80 # Dynamically allocated port Each gateway could return a unique IP in the |
@dprotaso above case helps merge K8s deployments (improving efficiency), there is also a use case where some users might want to further merge gateways within a single K8s service, reducing the number of cloud LBs needed (ratio of cloud LB to gateways is 1: N) |
@arkodg Yeah we would benefit from that as well. Curious if you have any details/issues to link about user expectations around this feature? |
@dprotaso end users prefer lesser Cloud LBs / Services to reduce the management / operational complexity for managing the IPs, security, observailibity of these components I think your proposed solution of introducing Now if |
I think my example of
I think a
I think there are two aspects to this issue
I can see 1. being a distinct property on a For 2. I think this would need to be part of the GatewayClass as it's implementation specific. |
yeah thinking more on this, I'm a +1 on either |
I'm very -1 on some sort of I think that @howardjohn's ideas in GEP-1762 (#1757) about using Address seem like a pretty viable way to handle both the manually-managed infrastructure use case, and the "how to specify a set of merged Gateways" use case. I had originally anticipated that "merge these Gateways" would be specified as a GatewayClass setting, but it seems like there may be too much shenanigans possible if we do it that way. I'm going to think more about it though. |
Related - @youngnick take a look at the discussion in the GEP - #1653 I have yet to update GEP contents will do that later tonight based on the discussion |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale /lifecycle frozen |
FYI - the GEP PR has been updated to support cross-namespace. From my comment #1863 (comment)
Some implementations have expressed interest:
|
thanks for restarting work on this GEP @dprotaso. This has been a popular ask for users in Envoy Gateway, and we finally ended up adding a knob (in our previous v0.6.0 release ) at the GatewayClass level (via the parametersRef custom resource called EnvoyProxy) called MergeGateways . This is primarily because there is a 1:1 mapping between GatewayClass and data plane infrastructure in Envoy Gateway today as all infrastructure specific fields like |
We do need this, especially as several implementations are already doing "something" in this regard. /triage accepted However we are targeting early April for |
/assign @dprotaso |
What would you like to be added:
Support for merging Gateways should have standard & documented mechanic.
Why this is needed:
Knative generates on demand per-service certificates using HTTP-01 challenges. There can be O(1000) Knative Services in the cluster which means we have O(1000) distinct certificates. The Gateway Resource is a contention point since is the only place to attach listeners to gateways with certificates.
The spec currently has language to indicate implemenations
MAY
merge Gateways resources but the mechanic isn't defined.gateway-api/apis/v1beta1/gateway_types.go
Lines 76 to 78 in 541e9fc
Secondly, given similar use-cases/needs for control planes to manage listeners it might make sense that
merging
Gateways is part ofextended
conformance.The text was updated successfully, but these errors were encountered: