Gateway API

The BIG-IP Next for Kubernetes can be set up with Gateway API CRs to balance low-latency TCP and UDP application traffic between networks using a virtual server and load-balancing pool.

Gateway API is an open-source project managed by the SIG-NETWORK community. It is an API (collection of resources) that model service networking in Kubernetes. These resources — GatewayClass, Gateway, L4Route, and others, along with the Kubernetes Service resource — aim to evolve Kubernetes service networking through expressive, extensible, and role-oriented interfaces that many vendors implement and have broad industry support.

Benefits of Gateway API

• Role-oriented: Gateway API kinds are modeled after organizational roles that are responsible for managing Kubernetes service networking:

  • Infrastructure Provider: Manages infrastructure that allows multiple isolated clusters to serve multiple tenants, for example, a cloud provider.

  • Cluster Operator: Manages clusters and is typically concerned with policies, network access, application permissions, and so on.

  • Application Developer: Manages an application running in a cluster and is typically concerned with application-level configuration and Service composition.

• Portable: Gateway API specifications are defined as custom resources and are supported by many implementations.

• Expressive: Gateway API kinds support functionality for common traffic routing use cases such as header-based matching, traffic weighting, and others that were only possible in Ingress by using custom annotations.

• Extensible: Gateway allows for custom resources to be linked at various layers of the API. This makes granular customization possible at the appropriate places within the API structure.

Introduction to roles in Gateway API

The Infrastructure Provider is responsible for defining the GatewayClass, a cluster-scoped resource that represents a class of Gateways that can be instantiated.

The Cluster Operator manages the Gateway CR which acts as the entry point for external traffic and configures how incoming requests should be processed and forwarded to the right services within the cluster.

The Application Developer leverages resources such as HTTPRoute, L4Route, and gRPCRoute to define routing rules and manage traffic flow.

Gateway API Architecture

This section explains the Gateway API and the CR types that the CNE controller monitors and processes. It also explains the Kubernetes Gateway API resources, including Gateway, HTTPRoute, and GRPCRoute.

Prerequisites

Make sure you,

• Install F5 Lifecycle Operator (FLO)

• Deploy all the CRDs

• Apply the BNKGatewayClass to the Kubernetes cluster

CNE controller

The CNE controller supports GW API CRs to align with industry standards.

Gateway API CRs

This Gateway API supports the standard features of v1.2.0. The list of CRs that are managed by the CNE controller,

F5 CRs:

• L4Route

Community CRs:

• Gateway

• GatewayClass

• HTTPRoute

• GRPCRoute

Gateway API Conformance tests

The Gateway API includes a comprehensive set of conformance tests. These tests check the implementation against the API specification by creating a series of Gateways and Routes with the specified GatewayClass. To view the tests and status, see Gateway API Conformance tests report

Using F5 IPAM Controller

You can use the F5 IPAM Controller to manage IP addresses. Refer to F5 IPAM Controller for Gateway API for more details.

Firewall policy in Gateway API

You can apply firewall policy to control traffic flow. Refer to Firewall policy in Gateway API

Ingress DDoS protection in Gateway API

You can enable DDoS policies to defend DDoS attack over protocols. Refer to Ingress DDoS protection in Gateway API

Supplemental

For more information on Gateway API and CR, refer to

• Gateway API guide

• Gateway API Specification guide

Feedback

Provide feedback to improve this document by emailing spkdocs@f5.com.