Gateway API for Managed Service for Kubernetes

Application Load Balancer provides the Gateway API as a tool to create and manage load balancers in Yandex Managed Service for Kubernetes clusters. For more information about the Gateway API project, visit its website.

Once you install the Gateway API, you can use it to create a resource named Gateway and associated HTTPRoute resources:

• The Gateway resource is managed by the cluster operator. This resource describes how incoming traffic is received and the rules for selecting routes for the traffic (HTTPRoute resources). To receive traffic through Gateway, an L7 load balancer is created. To route the traffic, HTTP routers are linked to the load balancer.
• The HTTPRoute resources are managed by the developers of the applications representing the Kubernetes services. HTTPRoute is a description of the route for the received incoming traffic. Based on this description, the traffic can be routed to a Kubernetes service acting as a backend or redirected to another URI. The HTTPRoute is used to create virtual hosts and routes in HTTP routers and backend groups.

For full configuration of the resources for Gateway API, see the following sections:

• Gateway: Rules for receiving incoming traffic and selecting routes (HTTPRoute) for the traffic.
• HTTPRoute: Rules for routing traffic across backends or redirecting it.
• Service: Description of Kubernetes services used as backends.

Sample configurationSample configuration

Below is a sample configuration of Gateway and HTTPRoute resources. It will be used to create a load balancer to receive HTTPS traffic and to distribute it to two services based on the URI request path.

---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: Gateway
metadata:
  name: alb-gwapi-gw
spec:
  gatewayClassName: yc-df-class
  listeners:
    - name: alb-gwapi-listener
      protocol: HTTPS
      port: 443
      hostname: <domain_name>
      allowedRoutes:
        namespaces:
          from: Selector
          selector:
            matchLabels:
              gatewayName: alb-gwapi-gw
      tls:
        certificateRefs:
          - kind: Secret
            group: ""
            name: alb-gwapi-cert
            namespace: alb-gwapi-ns

---
apiVersion: v1
kind: Namespace
metadata:
  name: alb-gwapi-apps-ns
  labels:
    gatewayName: alb-gwapi-gw

---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: HTTPRoute
metadata:
  name: alb-gwapi-route
  namespace: alb-gwapi-apps-ns
spec:
  hostnames:
    - "<domain_name>"
  parentRefs:
    - name: alb-gwapi-gw
      namespace: default
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /app1
      backendRefs:
        - name: alb-demo-1
          port: 80
    - matches:
        - path:
            type: PathPrefix
            value: /app2
      backendRefs:
        - name: alb-demo-2
          port: 80
    - backendRefs: # Default match (implicit "/" path prefix)
        - name: alb-demo-2
          port: 80

Installation and requirementsInstallation and requirements

To install the Gateway API, you need:

• Managed Service for Kubernetes cluster.
• Cluster node group.
• Cluster namespace to store the service account key.

To learn how to install the Gateway API, see this guide.

See alsoSee also

• Security group configuration for a Kubernetes cluster and a load balancer.
• Service account to support controller operation.
• Gateway API in Yandex Cloud Marketplace.