search

hashicorp / terraform-provider-kubernetes

Terraform Kubernetes provider
https://www.terraform.io/docs/providers/kubernetes/
Mozilla Public License 2.0
1.6k stars 979 forks source link

Gateway API v1.0 #2474

Open mans0954 opened 7 months ago

mans0954 commented 7 months ago

Description

Are there any plans to support Gateway API now that it's [GA]?(https://kubernetes.io/blog/2023/10/31/gateway-api-ga/)

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

References

Community Note

BBBmau commented 2 months ago

@mans0954 I've taken this on and after looking into gateway api docs and playing around with it myself it seems like you can easily use the resourcs from the gateaway api with the help of the kubernetes_manifest

I implemented it both manually and through terraform, you can see my implementation of it in my repo here: BBBmau/gateway-api/terraform

Is their a reason for opening this issue when you could use the existing kubernetes_manifest?

mans0954 commented 2 months ago

@BBBmau thank you for looking at this. In our current configuration we use kubernetes_ingress_v1. Since gateways are the next generation of ingress I assumed that at some point there would be a kubernetes_gateway_v1.

There's a lot of repetition in the definition of our ingress. With kubernetes_ingress_v1 we use terraform language features such as dynamic blocks to generate this e.g.: 

  dynamic "rule" {
      for_each = local.languages
      iterator = lang
      content {
        host = "${lang.value}.${var.domain}"
        http {
          path {
            backend {
              service {
                name = "svc-${var.shortenv}"
                port {
                  name = "svc-port"
                }
              }
            }
            path      = "/socket/*"
            path_type = "ImplementationSpecific"
          }
          path {
            backend {
              service {
                name = "neg-svc-${var.shortenv}"
                port {
                  name = "web-port"
                }
              }
            }
            path      = "/spelling/*"
            path_type = "ImplementationSpecific"
          }
          path {
            backend {
              service {
                name = "web-neg-svc-${var.shortenv}"
                port {
                  name = "web-port"
                }
              }
            }
            path      = "/*"
            path_type = "ImplementationSpecific"
          }
        }
      }
    }

I suspect trying to do something similar with kubernetes_manifest would be less elegant?

BBBmau commented 1 month ago

@mans0954 you can actually still have Dynamic HTTPRoutes with manifest with the following tfconfig:

locals {
  rules = [
    {
      name = "echo"
      port = 1027
      path = "/echo"
    },
    {
      name = "ping"
      port = 1028
      path = "/ping"
    }
  ]
}

resource "kubernetes_manifest" "httproute_echo" {
  manifest = {
    "apiVersion" = "gateway.networking.k8s.io/v1"
    "kind"       = "HTTPRoute"
    "metadata" = {
      "name"      = "echo"
      "namespace" = "default"
    }
    "spec" = {
      "parentRefs" = [
        {
          "group" = "gateway.networking.k8s.io"
          "kind"  = "Gateway"
          "name"  = "kong"
        },
      ]
      "rules" = [
        for i, v in local.rules :
        {
          "backendRefs" = [
            {
              "name" = v.name
              "port" = v.port
            },
          ]
          "matches" = [
            {
              "path" = {
                "type"  = "PathPrefix"
                "value" = v.path
              }
            },
          ]
        }
      ]
    }
  }
}

Though we understand the desire to have native gateway resources. We'll keep this issue open for future planning.

mans0954 commented 1 month ago

@BBBmau thanks - that's useful to know in the meantime.