Gateway

In the Kubernetes Gateway API, the Gateway Custom Resource (CR) is a crucial component that defines how external traffic should be routed into a Kubernetes cluster. The F5 Gateway is built on the community’s gateway API CR. The F5 Gateway includes a listening Vlans section and the fields from the community’s gateway API CR.

Key aspects of the Gateway CR include:

  • Gateway Resource: The Gateway CR specifies a network gateway that manages and configures traffic routing at the edge of a Kubernetes cluster. It acts as the entry point for external traffic.
  • Configuration: It allows you to define how incoming requests should be processed and forwarded to the appropriate services within the cluster. This includes setting up listeners on specific ports and protocols.
  • Integration: The Gateway CR works in conjunction with other resources such as HTTPRoute, GRPCRoute, and L4Route to define routing rules and manage traffic flow based on different criteria.

Overall, the Gateway CR provides a flexible and scalable way to handle incoming traffic and ensures that it is properly directed to the right services within the Kubernetes cluster.

CR Parameters

The table below describes the Gateway CR spec parameters:

Parameter Description
addresses.type Specifies the address type for this gateway.
Note: Only IPAddress type is supported.
addresses.value Specifies at least one valid IP address that has been assigned to this gateway. For example, 1.1.1.1
gatewayclassname Specifies the name of a GatewayClassName which can define specific behaviour or configurations. For example, my-tcp-gateway-class
listeners.name Specifies the name of the listener associated with this Gateway to listen to the incoming traffic on a specific port. For example, foo
listeners.protocol Specifies the protocol being used by the listener. For example, TCP or UDP
listeners.port Specifies the port on which a listener is configured to listen to the incoming traffic. For example, 8080
listeners.allowedRoutes.kinds.kind Specifies the kind or type of route that the listener is allowed to use. For example, TCPRoute
listeners.allowedRoutes.namespaces.from Specifies from where the routes will be selected for this gateway. Possible values, All or Selector or Same.
infrastructure.listeningVlans.group Specifies the group of VLAN that the Gateway listens to. For example, k8s.f5net.com
infrastructure.listeningVlans.namespace Specifies the namespace of VLAN that the Gateway listens to. For example, spk-1
infrastructure.listeningVlans.vlanlist Specifies a list of specific VLANs that the gateway is listening to. The list can also be disabled using disableListedVlans.
infrastructure.listeningVlan.disableListedVlans Specify false to enable the listening VLAN.
infrastructure.listeningVlan.category Specifies the list of VLAN category that the gateway is listening. The category can also be disabled using disableListedVlans.
tls.certificateRefs.kind Specifies the kind of the referent to an object that contains a TLS Certificate and the associated private key. For example, Secret.
tls.certificateRefs.group Specifies the group of the referent. For example, gateway.networking.k8s.io. When unspecified or empty string, core API group is inferred.
tls.certificateRefs.name Specifies the name of the referent.
tls.certificateRefs.namespace Namespace is the namespace of the referenced object. For example, spk-app-1. When unspecified, the local namespace is inferred.

Attaching Virtual Local Area Network (VLAN) to Gateway CRs

This section provides information about configuring the Gateway object that can be applied to manage the VLAN specific network traffic. The gateway can be set to either process traffic only on the specified VLANs or handle all VLAN traffic except those listed.

Sample CR

Gateway API with VLAN section

apiVersion: gateway.k8s.f5net.com/v1
kind: Gateway
metadata:
  name: my-tcp-gateway
  namespace: app-ns
spec:
  addresses:
  - type: "IPAddress"
    value: <IP Address>
  - type: "IPAddress"
    value: <IP Address>
  gatewayClassName: my-tcp-gateway-class
  listeners:
  - name: foo
    protocol: TCP
    port: 8080
    allowedRoutes:
      kinds:
      - kind: TCPRoute
  - name: bar
    protocol: TCP
    port: 8090
    allowedRoutes:
      kinds:
      - kind: TCPRoute
  infrastructure:
    listeningVlans:                         
       group: k8s.f5net.com
       namespace: spk-1          
       vlanList:
         - vlan-1
         - vlan-2
       disableListedVlans: false
       # category reserved words: internal and external.
       category: ""
Note: Currently, this Gateway CR supports and validates TCPRoute.

Support Status

The table below describes the support status of Gateway CR paremeters:

Parameter Supported/Not Supported/Optional
addresses.type Supported
addresses.value Supported
gatewayclassname Supported
listeners.name Supported
listeners.protocol Partially Supported. For example, TCP, UDP, HTTP, HTTPS, GRPC
listeners.port Supported
listeners.allowedRoutes.kinds.kind Not Supported
listeners.allowedRoutes.namespaces.from Not Supported
infrastructure.listeningVlans.group Not Supported
infrastructure.listeningVlans.namespace Not Supported
infrastructure.listeningVlans.vlanlist Supported
infrastructure.listeningVlan.disableListedVlans Supported
infrastructure.listeningVlan.category Supported
tls.certificateRefs.kind Supported
tls.certificateRefs.group Supported
tls.certificateRefs.name Supported
tls.certificateRefs.namespace Supported