Gateway API for Managed Service for Kubernetes
Application Load Balancer provides the Gateway API tool for creating and managing load balancers in Yandex Managed Service for Kubernetes clusters. To learn more about the Gateway API project, visit its official website.
Once you install the Gateway API, you can use it to create a Gateway and its associated HTTPRoute resources:
- The
Gatewayresource is managed by the cluster operator. It configures incoming traffic reception and route selection rules, i.e.,HTTPRouteresources. The system creates an L7 load balancer to handle traffic for theGateway. The load balancer uses HTTP routers to route incoming traffic. - The
HTTPRouteresources are managed by Kubernetes service developers and describe routes for the incoming traffic that can be routed to a Kubernetes backend service or redirected to another URI. WithHTTPRouteyou can create virtual hosts and routes in HTTP routers and backend groups.
For more detials about configuring resources via Gateway API, see the following sections:
- Gateway: Rules for receiving and routing incoming traffic using
HTTPRouteresources. - HTTPRoute: Traffic routing and redirection rules.
- Service: Kubernetes backend service description.
Route order in virtual hosts
Route order in virtual hosts is determined by the Gateway API algorithm sorting routes by the level of precision with which their match conditions align with the incoming HTTP request.
Match conditions in descending priority order:
- Exact path match.
- Longest path prefix match.
- Method match.
- Most matching headers.
- Most matching query parameters.
Routes from different HTTPRoute resources with equal precedence are prioritized first by creation timestamp (older routes first), then by name in {namespace}/{name} format.
If there remain routes with equal precedence in the same HTTPRoute resource, the system will select the first matching route from the list.
For requests matching none of the rules associated with the current parent element, the system will return 404 error.
The route order determines the request processing logic.
Sample configuration
Below you can see a sample Gateway and HTTPRoute resource configuration describing a load balancer that receives HTTPS requests and routes them to one of two service backends based on their URI paths.
Example
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: alb-gwapi-gw
spec:
gatewayClassName: yc-df-class
listeners:
- name: alb-gwapi-listener
protocol: HTTPS
port: 443
hostname: <domain_name>
allowedRoutes:
namespaces:
from: Selector
selector:
matchLabels:
gatewayName: alb-gwapi-gw
tls:
certificateRefs:
- kind: Secret
group: ""
name: alb-gwapi-cert
namespace: alb-gwapi-ns
---
apiVersion: v1
kind: Namespace
metadata:
name: alb-gwapi-apps-ns
labels:
gatewayName: alb-gwapi-gw
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: alb-gwapi-route
namespace: alb-gwapi-apps-ns
spec:
hostnames:
- "<domain_name>"
parentRefs:
- name: alb-gwapi-gw
namespace: default
rules:
- matches:
- path:
type: PathPrefix
value: /app1
backendRefs:
- name: alb-demo-1
port: 80
- matches:
- path:
type: PathPrefix
value: /app2
backendRefs:
- name: alb-demo-2
port: 80
- backendRefs: # Default match (implicit "/" path prefix)
- name: alb-demo-2
port: 80
Installation and requirements
To install the Gateway API, you need:
- Managed Service for Kubernetes cluster.
- Cluster node group.
- Cluster namespace to store your service account key.
To learn how to install the Gateway API, see this guide.
See also
- Security group configuration for a Kubernetes cluster and a load balancer.
- Service account to support controller operation.
- Gateway API in Yandex Cloud Marketplace.