1. Version 1.0
Gateway API
Not a mistake, didn’t invert the order of the words!
Luca Ferrari
EMEA Edge magician

2. Version 1.0
Agenda
Kubernetes intro
Kubernetes traffic
management
Gateway API
Why is this relevant?

3. Overview
We can make the title of this meetup even more fun:
Gateway API API Gateway
What does this mean at all?

4. The news
https://kubernetes.io/blog/2022/07/13/g
ateway-api-graduates-to-beta/
In summary:
The kubernetes community decided to
invest in the future of Gateway API
project, to enable an easier and more
standardized way to manage traffic inside
kubernetes.

5. What is CNCF ?
Or better said
OPEN SOURCE CLOUD COMPUTING FOR APPLICATIONS

6. What is CNCF ?
Non-profit foundation to gather Cloud
Native:
● Open Source projects
● Companies
● Enthusiasts to come together in a
neutral place.
Part of The Linux Foundation.
Curates and promotes a set of trusted
projects for modern applications
development.
Helps hosted projects to succeed by also
organizing events where the community
can meet in person.

7. What is CNCF graduation ?

8. Kubernetes ?
What does “Kubernetes” mean?
Kubernetes = Greek for “pilot” or
“helmsman of a ship”

9. Where is the ship ?
Suppose you have a “fleet” of
“microservices” that you want to
manage through the perilous
waters of availability and scalability
How would you do that ?
You would need a really good pilot
right?

10. So Kubernetes ?!
● a Production-Grade Container
Orchestration System
● a Google inside project, based on
Borg and Omega, systems that
worked in Google for over 10
years.
● a project created during the
summer of 2014 which grew
exponentially
● the first project to get donated
to the CNCF.

11. Where is the trick ?
K8S abstracts away the underlying
hardware into the concept of Node.
Manage your applications like Cattle
(generic, bulk operations) instead of
like Pets (every operation is
customized with care and love for the
individual) Kubernetes is the Linux
for distributed systems.

12. Where is the trick ?
Kubernetes is the Linux for distributed
systems.
❏ Linux (an OS) abstracts away the
hardware differences (with different CPU
types, etc.)
❏ Kubernetes abstracts away the fact that
you have 5 000 nodes in the node pool and
provides consistent UX and operation
methods for apps

13. Where is the trick ?
Steps for a “carefree” ops management:
1. You (the admin) declares the desired
state
2. Kubernetes' main task is to make the
desired state the actual state.

14. K8S architecture

15. K8S is extensible
● API Aggregation (GA)
● kubectl plugins (beta)
● CustomResourceDefinitions, Example intro (beta)
● Container Network Interface plugins (stable)
● Scheduler webhook & multiple (beta)
● Device plugins (GA)
● Admission webhooks (beta)
● External Cloud Provider Integrations (beta)
● API Server authn / authz webhooks (stable)
● Container Runtime Interface plugins (alpha)
● Container Storage Interface plugins (GA)

16. K8S fundamentals
POD
The basic, atomically deployable unit in
Kubernetes.
A Pod consists of one or many co-located
containers.

17. K8S fundamentals
POD
A single instance of an application.
Each Pod has its own, uniquely assigned
and internal IP.
Pods are mortal, which means that if the
node the Pod runs on becomes
unavailable, the workload also goes
unavailable.

18. K8S fundamentals
DEPLOYMENT
A replicated, upgradeable set of Pods.
Helps you manage Pods in a declarative
and upgradable manner.
Kubernetes will make sure that amount
of Pods created based on the
Deployment replica are always available.
When the Deployment is updated,
Kubernetes will perform a rolling update
of the Pods running in the cluster.

19. K8S networking
● Every Pod has a unique IP
● Pod IP is shared by all the containers
in this Pod, and it’s routable from all
the other Pods.
● All containers within a pod can
communicate with each other.
● All Pods can communicate with all
other Pods without NAT.
● All nodes can communicate with all
Pods (and vice-versa) without NAT.
● The IP that a Pod sees itself as, is the
same IP that others see it as.

20. K8S networking
SERVICE
Allows access to your replicated Pods
A Service exposes one or many Pods via a
stable internal IP address.
It’s also accessible via cluster-internal DNS
The Service selects Pods based on the label
key-value selectors (foo = bar)
A Service may expose multiple ports.

21. K8S networking
SERVICE
There are different kinds of services:
● NodePort
● ClusterIP
● LoadBalancer

22. K8S networking
SERVICE - NodePort
NodePort service maps (exposes) port on the
Pod to a port on the Node.
There are actually 3 ports involved in the
process

23. K8S networking
SERVICE - ClusterIP
In the case of an application consisting of
multiple tiers deployed to different sets of pods,
a way to establish communication between
different tiers inside the cluster is necessary.
ClusterIP service provides us with unified
interfaces to access each group of pods — it
provides a group of pods with internal name/IP
(the default K8S service type)

24. K8S networking
SERVICE - LoadBalancer
A LoadBalancer type of service is provisioning
external load balancer in cloud space —
depending on provider support.
The big downside is that each service you expose
with a LoadBalancer will get its own IP address,
and you have to pay for a LoadBalancer per
exposed service, which can get expensive!

25. K8S traffic management
INGRESS
When getting into a situation where we
are managing more than one web server
with multiple different sets of pods,
using above mentioned services turn out
to be quite complex to manage in most of
the real life cases.
Kubernetes cluster has ingress as a
solution to the above complexity. Ingress
is essentially a layer 7 load balancer.

26. K8S traffic management
INGRESS
Ingress can provide load balancing, SSL
termination, and name-based virtual
hosting. It covers HTTP, HTTPS.
In order to expose the Service to the
internet, you must deploy an Ingress
controller and create an Ingress Rule

27. K8S traffic management
INGRESS
The Ingress rule is the Kubernetes-way
of mapping hostnames and paths from
internet requests to cluster-internal
Services.
The Ingress controller is a loadbalancer
that’s creating forwarding rules based on
the Ingress Rules in the Kubernetes API.

28. K8S Gateway API ?
GATEWAY API
Gateway API is a collection of resources
to enable robust Kubernetes service
networking through expressive,
extensible and role-oriented interfaces
that are implemented by many vendors
and have broad industry support.
Originally conceived as a successor to
the well known Ingress API, the benefits
of Gateway API include (but are not

29. K8S Gateway API ?
GATEWAY API
Originally conceived as a successor to the
Ingress API
Advantages:
● support for many commonly used
networking protocols (e.g. HTTP, TLS,
TCP, UDP)
● integrated support for Transport Layer
Security (TLS)
● managing the lifecycle of network
gateways as a Kubernetes API

30. K8S Gateway API ?
GATEWAY API
Important:
● there is no default implementation of
Gateway API built into Kubernetes.
● there are many different
implementations available, using
different underlying technologies
while providing a consistent and
portable experience.

31. K8S Gateway API concepts
There are 3 primary roles in Gateway API:
1. Infrastructure Provider
2. Cluster Operator
3. Application Developer

32. K8S Gateway API concepts
There are three main types of objects in
the model:
1. GatewayClass defines a set of
gateways with a common
configuration and behavior.
2. Gateway requests a point where
traffic can be translated to Services
within the cluster.
3. Routes describe how traffic coming
via the Gateway maps to the
Services.

33. K8S Gateway API concepts
Request flow:
1. A client makes a request to http://foo.example.com.
2. DNS resolves the name to a Gateway address.
3. The reverse proxy receives the request on a Listener
and uses the Host header to match an HTTPRoute.
4. Optionally, the reverse proxy can perform request
header and/or path matching based on match rules of
the HTTPRoute.
5. Optionally, the reverse proxy can modify the request,
i.e. add/remove headers, based on filter rules of the
HTTPRoute.
6. Lastly, the reverse proxy forwards the request to one
or more objects, i.e. Service, in the cluster based on
backendRefs rules of the HTTPRoute.

34. K8S Gateway API in the real world ?
If you're an end-user interested in some
of the benefits of Gateway API, there are
over a dozen implementations for
popular API gateways and service
meshes and guides are available to start
exploring quickly.
https://gateway-api.sigs.k8s.io/implementations/

35. Gateway API - API Gateway
The implications of what we have seen so far:
Remember the last time you moved and changed
router and had to manually recreate the
configuration since it was a different brand and
model?
Think again!

36. Thank you
sincerely.