Gateway¶
In the Kubernetes Gateway API, the Gateway Custom Resource (CR) is a crucial component that defines how external traffic should be routed into a Kubernetes cluster. The F5 Gateway is built on the community’s gateway API CR. The F5 Gateway includes a listening Vlans section and the fields from the community’s gateway API CR.
Key aspects of the Gateway CR include:
- Gateway Resource: The Gateway CR specifies a network gateway that manages and configures traffic routing at the edge of a Kubernetes cluster. It acts as the entry point for external traffic.
- Configuration: It allows you to define how incoming requests should be processed and forwarded to the appropriate services within the cluster. This includes setting up listeners on specific ports and protocols.
- Integration: The Gateway CR works in conjunction with other resources such as HTTPRoute, GRPCRoute, and L4Route to define routing rules and manage traffic flow based on different criteria.
Overall, the Gateway CR provides a flexible and scalable way to handle incoming traffic and ensures that it is properly directed to the right services within the Kubernetes cluster.
CR Parameters¶
The table below describes the Gateway CR spec
parameters:
Parameter | Description |
---|---|
addresses.type |
Specifies the address type for this gateway. Note: Only IPAddress type is supported. |
addresses.value |
Specifies at least one valid IP address that has been assigned to this gateway. For example, 1.1.1.1 |
gatewayclassname |
Specifies the name of a GatewayClassName which can define specific behaviour or configurations. For example, my-tcp-gateway-class |
listeners.name |
Specifies the name of the listener associated with this Gateway to listen to the incoming traffic on a specific port. For example, foo |
listeners.protocol |
Specifies the protocol being used by the listener. For example, TCP or UDP |
listeners.port |
Specifies the port on which a listener is configured to listen to the incoming traffic. For example, 8080 |
listeners.allowedRoutes.kinds.kind |
Specifies the kind or type of route that the listener is allowed to use. For example, TCPRoute |
listeners.allowedRoutes.namespaces.from |
Specifies from where the routes will be selected for this gateway. Possible values, All or Selector or Same. |
infrastructure.listeningVlans.group |
Specifies the group of VLAN that the Gateway listens to. For example, k8s.f5net.com |
infrastructure.listeningVlans.namespace |
Specifies the namespace of VLAN that the Gateway listens to. For example, spk-1 |
infrastructure.listeningVlans.vlanlist |
Specifies a list of specific VLANs that the gateway is listening to. The list can also be disabled using disableListedVlans. |
infrastructure.listeningVlan.disableListedVlans |
Specify false to enable the listening VLAN. |
infrastructure.listeningVlan.category |
Specifies the list of VLAN category that the gateway is listening. The category can also be disabled using disableListedVlans. |
tls.certificateRefs.kind |
Specifies the kind of the referent to an object that contains a TLS Certificate and the associated private key. For example, Secret . |
tls.certificateRefs.group |
Specifies the group of the referent. For example, gateway.networking.k8s.io. When unspecified or empty string, core API group is inferred. |
tls.certificateRefs.name |
Specifies the name of the referent. |
tls.certificateRefs.namespace |
Namespace is the namespace of the referenced object. For example, spk-app-1 . When unspecified, the local namespace is inferred. |
Attaching Virtual Local Area Network (VLAN) to Gateway CRs¶
This section provides information about configuring the Gateway object that can be applied to manage the VLAN specific network traffic. The gateway can be set to either process traffic only on the specified VLANs or handle all VLAN traffic except those listed.
Sample CR¶
Gateway API with VLAN section
apiVersion: gateway.k8s.f5net.com/v1
kind: Gateway
metadata:
name: my-tcp-gateway
namespace: app-ns
spec:
addresses:
- type: "IPAddress"
value: <IP Address>
- type: "IPAddress"
value: <IP Address>
gatewayClassName: my-tcp-gateway-class
listeners:
- name: foo
protocol: TCP
port: 8080
allowedRoutes:
kinds:
- kind: TCPRoute
- name: bar
protocol: TCP
port: 8090
allowedRoutes:
kinds:
- kind: TCPRoute
infrastructure:
listeningVlans:
group: k8s.f5net.com
namespace: spk-1
vlanList:
- vlan-1
- vlan-2
disableListedVlans: false
# category reserved words: internal and external.
category: ""
Note: Currently, this Gateway CR supports and validates TCPRoute.
Support Status¶
The table below describes the support status of Gateway CR paremeters:
Parameter | Supported/Not Supported/Optional |
---|---|
addresses.type |
Supported |
addresses.value |
Supported |
gatewayclassname |
Supported |
listeners.name |
Supported |
listeners.protocol |
Partially Supported. For example, TCP, UDP, HTTP, HTTPS, GRPC |
listeners.port |
Supported |
listeners.allowedRoutes.kinds.kind |
Not Supported |
listeners.allowedRoutes.namespaces.from |
Not Supported |
infrastructure.listeningVlans.group |
Not Supported |
infrastructure.listeningVlans.namespace |
Not Supported |
infrastructure.listeningVlans.vlanlist |
Supported |
infrastructure.listeningVlan.disableListedVlans |
Supported |
infrastructure.listeningVlan.category |
Supported |
tls.certificateRefs.kind |
Supported |
tls.certificateRefs.group |
Supported |
tls.certificateRefs.name |
Supported |
tls.certificateRefs.namespace |
Supported |