With the release of Istio 1.22, the Istio API has officially been upgraded to version v1, coinciding with the update of the Kubernetes Gateway API to v1.1. This article aims to explore the connections and differences between the Ingress API, Istio API, and Kubernetes Gateway API, detailing their selection and migration strategies in practical applications.
Previously, I wrote an article discussing Why the Gateway API Is the Unified Future of Ingress for Kubernetes and Service Mesh. The article pointed out that as Kubernetes’ original ingress gateway, Ingress’s resource model is too simple to meet the demands of today’s programmable networks. As its successor, the Gateway API has rapidly developed in recent years and has gained broad support, including many emerging open-source gateway projects like Envoy Gateway choosing to develop based on the Gateway API. Additionally, some legacy gateway projects have started adapting to the Gateway API or using tools like ingress2gateway to migrate.
The Gateway API, as the latest achievement in Kubernetes ingress gateways, separates concerns through role division and supports cross-namespace capabilities, making it more suitable for multi-cloud environments. It integrates the overlapping functions of ingress gateways (north-south) and service meshes (east-west, intra-cluster routing) to provide a new reference model for unified traffic management in the cloud-native era.
Ingress API, Gateway API, and Istio API can all implement gateway functions, but what are the connections and differences between them? This article will unveil this mystery and provide strategies for selecting and migrating gateways in Kubernetes environments.
With the widespread adoption and increasing complexity of microservice architectures, Kubernetes’ traffic management tools have also evolved to meet various technical needs. The Ingress API, Istio API, and Kubernetes Gateway API each represent different stages of this evolution.
Ingress API offers basic traffic management capabilities in Kubernetes, allowing users to manage external access to services within the cluster through simple routing rules (e.g., HTTP and HTTPS). Although its design is straightforward, its functionality is limited and mainly suitable for smaller-scale, less complex applications.
In contrast, Istio API, as part of a service mesh, offers a range of advanced traffic management features, such as traffic mirroring, canary releases, and circuit breakers, suitable for large-scale microservice architectures requiring complex traffic management.
To overcome the limitations of the Ingress API and integrate advanced features similar to those of Istio, the Kubernetes Gateway API was developed. It not only provides greater flexibility and extensibility in its design but also, through broad community support, serves as a bridge connecting traditional Ingress implementations and modern service mesh technologies like Istio, with most mainstream open-source gateways being based on or adapted to the Gateway API.
The following table summarizes the core features and recommended use cases for each API:
API Name | Object Type | Status | Recommended Use Cases |
---|---|---|---|
Ingress API | Ingress |
Stable (Kubernetes v1.19) | Suitable for small-scale and simple scenarios, mainly for basic routing configurations |
Istio API | VirtualService , Gateway |
Stable (Istio 1.22) | Suitable for highly complex microservice architectures, requiring fine-grained control and advanced traffic management features |
Gateway API | HTTPRoute , Gateway |
Stable (Gateway API v1.1) | Suitable for new or existing deployments that require increased flexibility and scalability, especially when combined with Istio |
The launch of Gateway API v1.1, especially its improvements in compatibility with existing Ingress configurations, provides a smooth migration path for users, making the transition from traditional Ingress solutions to more modern, feature-rich Gateway API easier.
To migrate from Ingress to Gateway API, follow these steps:
Gateway
, HTTPRoute
, and TLSRoute
. These resources offer more configuration options and flexibility; refer to the Gateway API documentation for their configurations.Gateway
resource configurations, clearly defining how to receive external traffic, including protocols, ports, and TLS terminations.To simplify the migration process, you can use tools like ingress2gateway, which can automatically convert Ingress configurations into Gateway API formats.
Here is a simple example of an HTTP gateway configuration demonstrating how to migrate from Ingress to the Gateway API.
Assume you have an existing Ingress configuration as follows:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: example-service
port:
number: 80
To migrate it to the Gateway API, first create a Gateway object:
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: example-gateway
spec:
gatewayClassName: example-gateway-class
listeners:
- name: http
protocol: HTTP
port: 80
allowedRoutes:
kinds:
- kind: HTTPRoute
Ensure that the gatewayClassName
refers to a valid GatewayClass configured in your cluster. The GatewayClass is usually set by the cluster administrator and provides a resource to configure the Gateway.
Next, create an HTTPRoute resource to define routing rules that route traffic to the backend service:
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: example-httproute
spec:
parentRefs:
- name: example-gateway
hostnames:
- "example.com"
rules:
- matches:
- path:
type: PathPrefix
value: "/"
backendRefs:
- name: example-service
port: 80
In this example, we see:
Ingress
object are directly mapped to the HTTPRoute
object.Although it is possible to migrate from Ingress to Gateway API and potentially run them simultaneously, there are several challenges and considerations for the necessity of migration:
For existing users of Ingress and Istio API, whether to migrate to the Gateway API depends on specific circumstances. Here are some migration recommendations:
For the support status of different gateways for the Gateway API, refer to the Gateway API Implementation Conformance Report for more details.
The Ingress API, Istio API, and Kubernetes Gateway API each have distinct features suitable for different application scenarios and needs. Selecting the appropriate API and planning and managing effectively can significantly enhance system flexibility and stability. As the Gateway API continues to develop and mature, it is increasingly becoming the mainstream choice for future traffic management.
Choosing the right gateway technology, combined with your specific needs and existing architecture, can better manage and optimize traffic to ensure efficient and stable application operation. As technology progresses and the community evolves, the Gateway API provides a powerful and flexible framework, making the transition from traditional Ingress to more modern solutions simpler and more effective.
This blog was initially published at tetrate.io.
Last updated on Dec 12, 2024