Feature request: Install Gateway API before CNI installation

[fredwangwang]

What would you like to be added

we are using cilium as CNI and cilium supports Gateway API, which we would like to use.

However, to enable the gateway support, the gateway api CRD must be pre-installed onto the cluster: https://docs.cilium.io/en/latest/network/servicemesh/gateway-api/gateway-api/#prerequisites

this is challenging because when using Kubespray to install the cluster, and CNI, there is no additional steps allowed to pre-install the gateway api before installing the CNI (at least I havent found one..)

The request is to allow installing gateway api crd after the cluster creation to allow seemless integration.

Why is this needed

To make Gateway api available for consumption before installing cilium so that gateway api feature can be enabled directly.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[adux6991]

Need this too. In addition, if gateway api is enabled, some role and rolebinding need to be modified too: https://github.com/search?q=repo%3Acilium%2Fcilium%20gatewayAPI.enabled&type=code

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[tico88612]

/remove-lifecycle rotten /assign

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[tico88612]

/retitle Feature request: Install Gateway API before CNI installation

[tico88612]

@VannTen While we can install the Gateway API now (still very rough), what do you think is a good way to do this before the CNI is installed?

[VannTen]

Does that mean that cilium does not have an upgrade path to support gateway api ?

If you have an existing cilium cluster without the gateway api, you have to re-install your cluster to enable the support ? Seems pretty odd.

[tico88612]

No. This issue is about installing the Gateway API CRDs before the CNI is installed; the current process is to install the Gateway API CRDs after the CNI is installed.

Current: ... -> kubeadm (create cluster) -> CNI (whatever Calico, Cilium etc.) -> Gateway API -> ...

However, some people may wish to

Expect: ... -> kubeadm (create cluster) -> Gateway API -> CNI -> ...

I'm not sure if it's feasible to allow users to freely choose the Gateway API installation process.

https://github.com/kubernetes-sigs/kubespray/issues/10814#issue-2091350171 However, to enable the gateway support, the gateway api CRD must be pre-installed onto the cluster: https://docs.cilium.io/en/latest/network/servicemesh/gateway-api/gateway-api/#prerequisites

[VannTen]

I don't think there would be any problem installing the gateway api CRDs as soon as the api server is up. As long as the gateway api CRDs provide a translation between versions (which I assume they do, given it's practically part of kubernetes), it should not be a problem on upgrade either.

My previous question was more about the why : with current kubespray, would creating the cluster with gateway api and cilium then running upgrade-cluster achieve the desired result (== can cilium upgrade to a gateway api mode) ?

[tico88612]

My previous question was more about the why : with current kubespray, would creating the cluster with gateway api and cilium then running upgrade-cluster achieve the desired result (== can cilium upgrade to a gateway api mode) ?

I'm not sure; I'll need to implement and test it, but I'm sure Kubespray's cilium needs to be patched with the gatewayAPI.enabled condition.