Installing Gateway API
Gateway API is a collection of API resources that model network communications in a Managed Service for Kubernetes cluster, including GatewayClass, Gateway, HTTPRoute, etc.
In Managed Service for Kubernetes, Gateway API launches Yandex Application Load Balancer and its auxiliary resources when a Kubernetes user announces the Gateway resource in a Managed Service for Kubernetes cluster.
Getting started
-
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder specified when creating the CLI profile is used by default. To change the default folder, use the
yc config set folder-id <folder_ID>command. You can specify a different folder using the--folder-nameor--folder-idparameter. -
Assign the following roles to the service account:
alb.editor: To create resources.vpc.publicAdmin: To manage external connectivity.certificate-manager.admin: To use certificates registered in Yandex Certificate Manager.compute.viewer: To use Managed Service for Kubernetes cluster nodes in balancer target groups.
-
Create an authorized key for your service account and save it to the
sa-key.jsonfile:yc iam key create \ --service-account-name <name_of_service_account_for_Gateway_API> \ --output sa-key.json -
Make sure that the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If any rule is missing, add it.
Warning
The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.
Installation using Yandex Cloud Marketplace
- Navigate to the folder dashboard and select Managed Service for Kubernetes.
- Click the name of the Managed Service for Kubernetes cluster you need and select the Marketplace tab.
- Under Application available for installation, select Gateway API and click Go to install.
- Configure the application:
- Namespace: Create a new namespace, e.g.,
gateway-api-space. If you leave the default namespace, Gateway API may work incorrectly. - Application name: Specify the application name.
- Folder ID: Select the folder where you want to create your load balancers.
- Network ID: Select the cloud network where your load balancers will reside.
- Subnet ID 1, Subnet ID 2, Subnet ID 3: Select subnets where your load balancers will reside.
- Service account key: Paste the contents of the
sa-key.jsonfile or create a new service account key.
- Namespace: Create a new namespace, e.g.,
- Click Install.
- Wait for the application to change its status to
Deployed.
Installation using a Helm chart
-
Install Helm v3.8.0 or higher.
-
Install kubect and configure it to work with the new cluster.
-
To install a Helm chart with Gateway API, run this command:
helm pull oci://cr.yandex/yc-marketplace/yandex-cloud/gateway-api/gateway-api-helm/gateway-api \ --version v0.6.1 \ --untar && \ helm install \ --namespace <namespace> \ --create-namespace \ --set folderId='<folder_ID>' \ --set networkId='<cloud_network_ID>' \ --set subnet1Id='<subnet_1_ID>' \ --set subnet2Id='<subnet_2_ID>' \ --set subnet3Id='<subnet_3_ID>' \ --set-file saKeySecretKey='<path_to_sa-key.json>' \ gateway-api ./gateway-api/In this command, specify the network and its subnets where your load balancers will reside.
If you set
namespaceto the default namespace, Gateway API may work incorrectly. We recommend that you specify a value different from all existing namespaces (e.g.,gateway-api-space).Note
If you are using a Helm version below 3.8.0, append the
export HELM_EXPERIMENTAL_OCI=1 && \string to the command to enable Open Container Initiative (OCI) support in the Helm client.
Use cases
See also
- Gateway API project description.
- Gateway API description and configuration information in the Application Load Balancer guides.