Gateway API for Managed Service for Kubernetes
Application Load Balancer provides the Gateway API as a tool to create and manage load balancers in Yandex Managed Service for Kubernetes clusters. For more information about the Gateway API project, visit its website.
Once you install the Gateway API, you can use it to create a resource named
Gateway and associated
HTTPRoute resources:
- The
Gatewayresource is managed by the cluster operator. This resource describes how incoming traffic is received and the rules for selecting routes for the traffic (
HTTPRouteresources). To receive traffic through
Gateway, an L7 load balancer is created. To route the traffic, HTTP routers are linked to the load balancer.
- The
HTTPRouteresources are managed by the developers of applications — Kubernetes services.
HTTPRouteis a description of the route for the incoming traffic received. Based on this description, the traffic can be routed to Kubernetes that serves as a backend or redirected to another URI. The
HTTPRouteis used to create virtual hosts and routes in HTTP routers and backend groups.
Sample configuration
Below is an abbreviated sample configuration for an
Ingress resource. It will be used to create a load balancer to receive HTTPS traffic and to distribute it to two services based on the URI request path.
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: Gateway
metadata:
name: alb-gwapi-gw
spec:
gatewayClassName: yc-df-class
listeners:
- name: alb-gwapi-listener
protocol: HTTPS
port: 443
hostname: <domain_name>
allowedRoutes:
namespaces:
from: Selector
selector:
matchLabels:
gatewayName: alb-gwapi-gw
tls:
certificateRefs:
- kind: Secret
group: ""
name: alb-gwapi-cert
namespace: alb-gwapi-ns
---
apiVersion: v1
kind: Namespace
metadata:
name: alb-gwapi-apps-ns
labels:
gatewayName: alb-gwapi-gw
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: HTTPRoute
metadata:
name: alb-gwapi-route
namespace: alb-gwapi-apps-ns
spec:
hostnames:
- "<domain_name>"
parentRefs:
- name: alb-gwapi-gw
namespace: default
rules:
- matches:
- path:
type: PathPrefix
value: /app1
backendRefs:
- name: alb-demo-1
port: 80
- matches:
- path:
type: PathPrefix
value: /app2
backendRefs:
- name: alb-demo-2
port: 80
- backendRefs: # Default match (implicit "/" path prefix)
- name: alb-demo-2
port: 80
Installation and requirements
To install the Gateway API, you need:
- A Managed Service for Kubernetes cluster.
- A cluster node group.
- A cluster namespace to store the service account key.
You can install the Gateway API:
-
As a Yandex Cloud Marketplace product using the management console.
-
As a chart using the Helm package manager, version 3.7.0 or higher with OCI support enabled. You can download and install the chart using the commands below:
export HELM_EXPERIMENTAL_OCI=1 && \ helm pull oci://cr.yandex/yc-marketplace/yandex-cloud/gateway-api/gateway-api-helm/gateway-api \ --version 0.4.16 \ --untar && \ helm install \ --namespace <namespace> \ --set folderId=<folder_ID> \ --set networkId=<network_ID> \ --set subnetId=<subnet_ID> \ --set-file saKeySecretKey=<path_to_file_with_service_account_key> \ yc-alb-gateway-api ./yc-alb-gateway-api-chart/
For more information about each option, please see the complete installation instructions.
