Gateway API for Managed Service for Kubernetes
Application Load Balancer provides the Gateway API as a tool to create and manage load balancers in Yandex Managed Service for Kubernetes clusters. For more information about the Gateway API project, visit its website
Once you install the Gateway API, you can use it to create a resource named Gateway
and associated HTTPRoute
resources:
- The
Gateway
resource is managed by the cluster operator. This resource describes how incoming traffic is received and the rules for selecting routes for this traffic (HTTPRoute
resources). To receive traffic throughGateway
, an L7 load balancer is created. To route the traffic, HTTP routers are linked to the load balancer. - The
HTTPRoute
resources are managed by developers of applications (Kubernetes services).HTTPRoute
describes the route for the received incoming traffic. Based on this description, the traffic can be routed to a Kubernetes service acting as a backend or redirected to another URI. TheHTTPRoute
is used to create virtual hosts and routes in HTTP routers and backend groups.
For full configuration of the resources for Gateway API, see the following sections:
- Gateway: Rules for receiving incoming traffic and selecting routes (
HTTPRoute
) for this traffic. - HTTPRoute: Rules for routing traffic across backends or redirecting it.
- Service: Description of Kubernetes services used as backends.
Route order in virtual hosts
Route order in virtual hosts is defined by the algorithm described in the Gateway API
Match conditions (in order of decreasing priority):
- Exact path match.
- Path prefix match with the largest number of characters.
- Method match.
- Highest number of header matches.
- Highest number of request parameter matches.
If, after applying these conditions, there are still routes with equal priority from different resources, older routes get higher priority first, followed by the remaining routes in alphabetical order according to the {namespace}/{name}
format.
In the case of equal priority routes within a single HTTPRoute, the first matching rule is selected in the order they are listed, while also taking the above criteria into account.
If a request does not match any of the rules linked to the current parent element, the 404
code is returned.
The order of routes can affect the logic of request processing.
Sample configuration
Below is a sample configuration of the Gateway
and HTTPRoute
resources. It will be used to create a load balancer to receive HTTPS traffic and to distribute it to two services based on the URI request path.
Example
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: Gateway
metadata:
name: alb-gwapi-gw
spec:
gatewayClassName: yc-df-class
listeners:
- name: alb-gwapi-listener
protocol: HTTPS
port: 443
hostname: <domain_name>
allowedRoutes:
namespaces:
from: Selector
selector:
matchLabels:
gatewayName: alb-gwapi-gw
tls:
certificateRefs:
- kind: Secret
group: ""
name: alb-gwapi-cert
namespace: alb-gwapi-ns
---
apiVersion: v1
kind: Namespace
metadata:
name: alb-gwapi-apps-ns
labels:
gatewayName: alb-gwapi-gw
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: HTTPRoute
metadata:
name: alb-gwapi-route
namespace: alb-gwapi-apps-ns
spec:
hostnames:
- "<domain_name>"
parentRefs:
- name: alb-gwapi-gw
namespace: default
rules:
- matches:
- path:
type: PathPrefix
value: /app1
backendRefs:
- name: alb-demo-1
port: 80
- matches:
- path:
type: PathPrefix
value: /app2
backendRefs:
- name: alb-demo-2
port: 80
- backendRefs: # Default match (implicit "/" path prefix)
- name: alb-demo-2
port: 80
Installation and requirements
To install the Gateway API, you need:
- Managed Service for Kubernetes cluster.
- Cluster node group.
- Cluster namespace to store the service account key.
To learn how to install the Gateway API, see this guide.
See also
- Security group configuration for a Kubernetes cluster and a load balancer.
- Service account to support controller operation.
- Gateway API in Yandex Cloud Marketplace.