📚 Kubernetes Gateway API

[ankitiitians]

Kubernetes Gateway API

Yeh guide hai Kubernetes Gateway API ke baare mein, jo ek modern aur flexible tareeka hai ingress aur traffic routing manage karne ka Kubernetes mein. Hum NGINX Gateway Controller use karenge demo ke liye, lekin concepts aur APIs universal hain, aur kisi bhi Gateway API-compatible controller ke saath kaam karte hain.

📚 Official Docs: gateway-api.sigs.k8s.io

---

1. Gateway API Install Karna with NGINX 🛠️

Gateway API custom resources define karta hai, lekin unhe implement karne ke liye ek controller chahiye. Hum NGINX Gateway Controller use kar rahe hain jo saare standard Gateway API resources support karta hai.

Commands to install NGINX Gateway Controller:

kubectl kustomize "https://github.com/nginx/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v1.6.2" | kubectl apply -f -
kubectl kustomize "https://github.com/nginx/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v1.6.2" | kubectl apply -f -
helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric --create-namespace -n nginx-gateway

Kya hota hai yeh?

• NGINX Gateway Controller install hota hai.
• Gateway API ke Custom Resource Definitions (CRDs) aur related resources add hote hain.

🔗 Reference: NGINX Gateway Fabric Docs

---

2. GatewayClass: Blueprint for Gateways 🗂️

GatewayClass ek template hai jo batata hai kaunsa controller Gateways manage karega. Isko aise samjho:

• Purpose:
  • Gateway config ko implementation se alag rakhta hai, so you don’t worry about underlying controller.
  • Ek cluster mein multiple gateway implementations chala sakte ho (jaise NGINX aur Istio ek saath).

Example:

apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
  name: nginx
spec:
  controllerName: nginx.org/gateway-controller

Samjho:

• controllerName: Yeh batata hai kaunsa controller (jaise nginx.org/gateway-controller) is GatewayClass ke Gateways ko handle karega.

🔗 Docs: GatewayClass Reference

---

3. HTTP Gateway aur Listener Setup 📡

Gateway resource define karta hai ki traffic kaise cluster mein aayega – protocols, ports, aur routing rules ke saath.

Example for HTTP Gateway:

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: nginx-gateway
  namespace: default
spec:
  gatewayClassName: nginx
  listeners:
  - name: http
    protocol: HTTP
    port: 80
    allowedRoutes:
      namespaces:
        from: All

Explanation:

• gatewayClassName: Yeh nginx GatewayClass ko point karta hai.
• listeners: Batata hai Gateway kaise traffic sunega.
  • name: Listener ka unique naam.
  • protocol: HTTP traffic ke liye set hai.
  • port: 80 par HTTP traffic sunega.
  • allowedRoutes: from: All matlab saare namespaces se routes allow hain.

Kaam: Yeh HTTP traffic ko port 80 par handle karta hai aur backend services ko forward karta hai.

---

4. HTTP Routing: Traffic Ko Direct Karna 🛤️

HTTPRoute batata hai ki HTTP traffic kaise specific services tak jayega. Yeh Gateway ke saath milke kaam karta hai.

Example:

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: basic-route
  namespace: default
spec:
  parentRefs:
  - name: nginx-gateway
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /app
    backendRefs:
    - name: my-app
      port: 80

Kya hai yeh?

• parentRefs: Is route ko nginx-gateway se link karta hai.
• rules: Traffic kaise route hoga, yeh define karta hai.
  • matches: Requests ko match karta hai, jaise /app path prefix.
  • backendRefs: Traffic ko my-app service ke port 80 par bhejta hai.

Kaam: /app se start hone wale requests my-app service tak jayenge.

🔗 Docs: HTTP Routing Guide

---

5. HTTP Redirects aur Rewrites 🔄

Redirects aur Rewrites se requests ko modify kar sakte ho before they reach backend.

HTTP to HTTPS Redirect

Force HTTP traffic to HTTPS for security.

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: https-redirect
  namespace: default
spec:
  parentRefs:
  - name: nginx-gateway
  rules:
  - filters:
    - type: RequestRedirect
      requestRedirect:
        scheme: https

Kaise kaam karta hai?

• filters: Request ko process karta hai.
• RequestRedirect: HTTP ko HTTPS mein redirect karta hai.

🔗 Docs: Redirects Guide

Path Rewrite

Request ka path change karo before forwarding.

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: rewrite-path
  namespace: default
spec:
  parentRefs:
  - name: nginx-gateway
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /old
    filters:
    - type: URLRewrite
      urlRewrite:
        path:
          replacePrefixMatch: /new
    backendRefs:
    - name: my-app
      port: 80

Kya hota hai?

• /old path ko /new se replace karta hai.
• Modified request my-app service ke port 80 par jata hai.

🔗 Docs: Rewrite Guide

---

6. HTTP Header Modification 🏷️

Headers ko add, set, ya remove kar sakte ho requests ya responses mein.

Example:

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: header-mod
  namespace: default
spec:
  parentRefs:
  - name: nginx-gateway
  rules:
  - filters:
    - type: RequestHeaderModifier
      requestHeaderModifier:
        add:
          x-env: staging
    backendRefs:
    - name: my-app
      port: 80

Kaise kaam karta hai?

• RequestHeaderModifier: Ek custom header x-env: staging add karta hai.
• Modified request my-app service tak jata hai.

Use: Environment-specific metadata add karne ke liye useful hai.

🔗 Docs: Header Guide

---

7. HTTP Traffic Splitting: Divide and Rule 🚦

Traffic ko multiple backend services mein split kar sakte ho, jaise canary deployments ya A/B testing ke liye.

Example:

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: traffic-split
  namespace: default
spec:
  parentRefs:
  - name: nginx-gateway
  rules:
  - backendRefs:
    - name: v1-service
      port: 80
      weight: 80
    - name: v2-service
      port: 80
      weight: 20

Kya hota hai?

• 80% traffic v1-service ko jata hai.
• 20% traffic v2-service ko jata hai.

Use: New features test karne ya rollout ke liye perfect hai.

🔗 Docs: Traffic Splitting Guide

---

8. HTTP Request Mirroring 🪞

Requests ki copy ek secondary service ko bhej sakte ho for testing ya analysis, bina primary service ko affect kiye.

Example:

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: request-mirror
  namespace: default
spec:
  parentRefs:
  - name: nginx-gateway
  rules:
  - filters:
    - type: RequestMirror
      requestMirror:
        backendRef:
          name: mirror-service
          port: 80
    backendRefs:
    - name: my-app
      port: 80

Kaise kaam karta hai?

• Original request my-app ko jata hai.
• Ek copy mirror-service ko bheji jati hai.

Use: New services test karne ya traffic analyze karne ke liye useful.

🔗 Docs: Request Mirroring Guide

---

9. TLS Configuration: Secure Karo 🔒

TLS se traffic encrypt hota hai, ensuring secure communication. Gateway level par TLS terminate kar sakte ho using a Kubernetes Secret.

Example for TLS Termination:

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: nginx-gateway-tls
  namespace: default
spec:
  gatewayClassName: nginx
  listeners:
  - name: https
    protocol: HTTPS
    port: 443
    tls:
      mode: Terminate
      certificateRefs:
      - kind: Secret
        name: tls-secret
    allowedRoutes:
      namespaces:
        from: All

Explanation:

• protocol: HTTPS traffic handle karta hai.
• tls.mode: Terminate: Gateway traffic decrypt karta hai.
• certificateRefs: tls-secret Secret mein TLS certificate aur key stored hote hain.
• allowedRoutes: Saare namespaces se routes allow hain.

Kaam: Secure communication ke liye, backend services ko unencrypted traffic milta hai.

🔗 Docs: TLS Guide

---

10. TCP, UDP, aur Other Protocols 🌐

Gateway API sirf HTTP nahi, TCP, UDP, aur gRPC jaise protocols bhi support karta hai, making it versatile for databases, DNS, microservices, etc.

TCP Example (Databases ke liye)

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: tcp-gateway
  namespace: default
spec:
  gatewayClassName: nginx
  listeners:
  - name: tcp
    protocol: TCP
    port: 3306
    allowedRoutes:
      namespaces:
        from: All

Kya hai?

• protocol: TCP traffic ke liye.
• port: 3306 (MySQL ke liye common).
• Use: Database services expose karne ke liye.

UDP Example (DNS ya Streaming ke liye)

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: udp-gateway
  namespace: default
spec:
  gatewayClassName: nginx
  listeners:
  - name: udp
    protocol: UDP
    port: 53
    allowedRoutes:
      namespaces:
        from: All

Kya hai?

• protocol: UDP traffic ke liye.
• port: 53 (DNS ke liye common).
• Use: DNS services ya UDP-based apps ke liye.

gRPC Example (Microservices ke liye)

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: grpc-route
  namespace: default
spec:
  parentRefs:
  - name: nginx-gateway
  rules:
  - matches:
    - method:
        service: my.grpc.Service
        method: GetData
    backendRefs:
    - name: grpc-service
      port: 50051

Kya hai?

• method.service: gRPC service ka naam (e.g., my.grpc.Service).
• method.method: Specific gRPC method (e.g., GetData).
• Use: Microservices ke beech communication ke liye.

---

Conclusion: Kyun Use Karein? 🎯

Kubernetes Gateway API ek powerful aur structured tareeka hai traffic manage karne ka. Features jaise header rewrites, traffic splits, aur protocol flexibility make it super expressive. Start with HTTP basics, then move to advanced protocols like TLS, TCP, ya gRPC. Yeh ensure karta hai smooth, secure, aur scalable ingress strategy for your Kubernetes clusters.

Ab try karo aur apne cluster ko next level par le jao! 🚀

[ankitiitians]

Kubernetes-CKA-0800-Networking.pdf

[ankitiitians]

Ingress.pdf