github.com/projectcontour/contour@v1.28.2/site/content/docs/1.23/guides/gateway-api.md (about) 1 --- 2 title: Using Gateway API with Contour 3 --- 4 5 ## Introduction 6 7 [Gateway API][1] is an open source project managed by the Kubernetes SIG-NETWORK community. The project's goal is to 8 evolve service networking APIs within the Kubernetes ecosystem. Gateway API consists of multiple resources that provide 9 user interfaces to expose Kubernetes applications- Services, Ingress, and more. 10 11 This guide covers using version **v1beta1** of the Gateway API, with Contour `v1.22.0` or higher. 12 13 ### Background 14 15 Gateway API targets three personas: 16 17 - __Platform Provider__: The Platform Provider is responsible for the overall environment that the cluster runs in, i.e. 18 the cloud provider. The Platform Provider will interact with `GatewayClass` resources. 19 - __Platform Operator__: The Platform Operator is responsible for overall cluster administration. They manage policies, 20 network access, application permissions and will interact with `Gateway` resources. 21 - __Service Operator__: The Service Operator is responsible for defining application configuration and service 22 composition. They will interact with `HTTPRoute` and `TLSRoute` resources and other typical Kubernetes resources. 23 24 Gateway API contains three primary resources: 25 26 - __GatewayClass__: Defines a set of gateways with a common configuration and behavior. 27 - __Gateway__: Requests a point where traffic can be translated to a Service within the cluster. 28 - __HTTPRoute/TLSRoute__: Describes how traffic coming via the Gateway maps to the Services. 29 30 Resources are meant to align with personas. For example, a platform operator will create a `Gateway`, so a developer can 31 expose an HTTP application using an `HTTPRoute` resource. 32 33 ### Prerequisites 34 The following prerequisites must be met before using Gateway API with Contour: 35 36 - A working [Kubernetes][2] cluster. Refer to the [compatibility matrix][3] for cluster version requirements. 37 - The [kubectl][4] command-line tool, installed and configured to access your cluster. 38 39 ## Deploying Contour with Gateway API 40 41 Contour supports two modes of provisioning for use with Gateway API: **static** and **dynamic**. 42 43 In **static** provisioning, the platform operator defines a `Gateway` resource, and then manually deploys a Contour instance corresponding to that `Gateway` resource. 44 It is up to the platform operator to ensure that all configuration matches between the `Gateway` and the Contour/Envoy resources. 45 With static provisioning, Contour can be configured with either a [controller name][8], or a specific gateway (see the [API documentation][7].) 46 If configured with a controller name, Contour will process the oldest `GatewayClass`, its oldest `Gateway`, and that `Gateway's` routes, for the given controller name. 47 If configured with a specific gateway, Contour will process that `Gateway` and its routes. 48 49 In **dynamic** provisioning, the platform operator first deploys Contour's Gateway provisioner. Then, the platform operator defines a `Gateway` resource, and the provisioner automatically deploys a Contour instance that corresponds to the `Gateway's` configuration and will process that `Gateway` and its routes. 50 51 Static provisioning may be more appropriate for users who prefer the traditional model of deploying Contour, have just a single Contour instance, or have highly customized YAML for deploying Contour. 52 Dynamic provisioning may be more appropriate for users who want a simple declarative API for provisioning Contour instances. 53 54 ### Option #1: Statically provisioned 55 56 Create Gateway API CRDs: 57 ```shell 58 $ kubectl apply -f {{< param github_raw_url>}}/{{< param branch >}}/examples/gateway/00-crds.yaml 59 ``` 60 61 Create a GatewayClass: 62 ```shell 63 kubectl apply -f - <<EOF 64 kind: GatewayClass 65 apiVersion: gateway.networking.k8s.io/v1beta1 66 metadata: 67 name: contour 68 spec: 69 controllerName: projectcontour.io/gateway-controller 70 EOF 71 ``` 72 73 Create a Gateway in the `projectcontour` namespace: 74 ```shell 75 kubectl apply -f - <<EOF 76 kind: Namespace 77 apiVersion: v1 78 metadata: 79 name: projectcontour 80 --- 81 kind: Gateway 82 apiVersion: gateway.networking.k8s.io/v1beta1 83 metadata: 84 name: contour 85 namespace: projectcontour 86 spec: 87 gatewayClassName: contour 88 listeners: 89 - name: http 90 protocol: HTTP 91 port: 80 92 allowedRoutes: 93 namespaces: 94 from: All 95 EOF 96 ``` 97 98 Deploy Contour: 99 ```shell 100 $ kubectl apply -f {{< param base_url >}}/quickstart/contour.yaml 101 ``` 102 This command creates: 103 104 - Namespace `projectcontour` to run Contour 105 - Contour CRDs 106 - Contour RBAC resources 107 - Contour Deployment / Service 108 - Envoy DaemonSet / Service 109 - Contour ConfigMap 110 111 Update the Contour configmap to enable Gateway API processing by specifying a gateway controller name, and restart Contour to pick up the config change: 112 113 ```shell 114 kubectl apply -f - <<EOF 115 kind: ConfigMap 116 apiVersion: v1 117 metadata: 118 name: contour 119 namespace: projectcontour 120 data: 121 contour.yaml: | 122 gateway: 123 controllerName: projectcontour.io/gateway-controller 124 EOF 125 126 kubectl -n projectcontour rollout restart deployment/contour 127 ``` 128 129 See the next section ([Testing the Gateway API](#testing-the-gateway-api)) for how to deploy an application and route traffic to it using Gateway API! 130 131 ### Option #2: Dynamically provisioned 132 133 Deploy the Gateway provisioner: 134 ```shell 135 $ kubectl apply -f {{< param base_url >}}/quickstart/contour-gateway-provisioner.yaml 136 ``` 137 138 This command creates: 139 140 - Namespace `projectcontour` to run the Gateway provisioner 141 - Contour CRDs 142 - Gateway API CRDs 143 - Gateway provisioner RBAC resources 144 - Gateway provisioner Deployment 145 146 Create a GatewayClass: 147 148 ```shell 149 kubectl apply -f - <<EOF 150 kind: GatewayClass 151 apiVersion: gateway.networking.k8s.io/v1beta1 152 metadata: 153 name: contour 154 spec: 155 controllerName: projectcontour.io/gateway-controller 156 EOF 157 ``` 158 159 Create a Gateway: 160 161 ```shell 162 kubectl apply -f - <<EOF 163 kind: Gateway 164 apiVersion: gateway.networking.k8s.io/v1beta1 165 metadata: 166 name: contour 167 namespace: projectcontour 168 spec: 169 gatewayClassName: contour 170 listeners: 171 - name: http 172 protocol: HTTP 173 port: 80 174 allowedRoutes: 175 namespaces: 176 from: All 177 EOF 178 ``` 179 180 The above creates: 181 - A `GatewayClass` named `contour` controlled by the Gateway provisioner (via the `projectcontour.io/gateway-controller` string) 182 - A `Gateway` resource named `contour` in the `projectcontour` namespace, using the `contour` GatewayClass 183 - Contour and Envoy resources in the `projectcontour` namespace to implement the `Gateway`, i.e. a Contour deployment, an Envoy daemonset, an Envoy service, etc. 184 185 See the next section ([Testing the Gateway API](#testing-the-gateway-api)) for how to deploy an application and route traffic to it using Gateway API! 186 187 ## Testing the Gateway API 188 189 Deploy the test application: 190 ```shell 191 $ kubectl apply -f {{< param github_raw_url>}}/{{< param branch >}}/examples/example-workload/gatewayapi/kuard/kuard.yaml 192 ``` 193 This command creates: 194 195 - A Deployment named `kuard` in the default namespace to run kuard as the test application. 196 - A Service named `kuard` in the default namespace to expose the kuard application on TCP port 80. 197 - An HTTPRoute named `kuard` in the default namespace, attached to the `contour` Gateway, to route requests for `local.projectcontour.io` to the kuard service. 198 199 Verify the kuard resources are available: 200 ```shell 201 $ kubectl get po,svc,httproute -l app=kuard 202 NAME READY STATUS RESTARTS AGE 203 pod/kuard-798585497b-78x6x 1/1 Running 0 21s 204 pod/kuard-798585497b-7gktg 1/1 Running 0 21s 205 pod/kuard-798585497b-zw42m 1/1 Running 0 21s 206 207 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE 208 service/kuard ClusterIP 172.30.168.168 <none> 80/TCP 21s 209 210 NAME HOSTNAMES 211 httproute.gateway.networking.k8s.io/kuard ["local.projectcontour.io"] 212 ``` 213 214 Test access to the kuard application: 215 216 _Note, for simplicity and compatibility across all platforms we'll use `kubectl port-forward` to get traffic to Envoy, but in a production environment you would typically use the Envoy service's address._ 217 218 Port-forward from your local machine to the Envoy service: 219 ```shell 220 # If using static provisioning 221 $ kubectl -n projectcontour port-forward service/envoy 8888:80 222 223 # If using dynamic provisioning 224 $ kubectl -n projectcontour port-forward service/envoy-contour 8888:80 225 ``` 226 227 In another terminal, make a request to the application via the forwarded port (note, `local.projectcontour.io` is a public DNS record resolving to 127.0.0.1 to make use of the forwarded port): 228 ```shell 229 $ curl -i http://local.projectcontour.io:8888 230 ``` 231 You should receive a 200 response code along with the HTML body of the main `kuard` page. 232 233 You can also open http://local.projectcontour.io:8888/ in a browser. 234 235 ## Next Steps 236 237 ### Customizing your dynamically provisioned Contour instances 238 239 In the dynamic provisioning example, we used a default set of options for provisioning the Contour gateway. 240 However, Gateway API also [supports attaching parameters to a GatewayClass][5], which can customize the Gateways that are provisioned for that GatewayClass. 241 242 Contour defines a CRD called `ContourDeployment`, which can be used as `GatewayClass` parameters. 243 244 A simple example of a parameterized Contour GatewayClass that provisions Envoy as a Deployment instead of the default DaemonSet looks like: 245 246 ```yaml 247 kind: GatewayClass 248 apiVersion: gateway.networking.k8s.io/v1beta1 249 metadata: 250 name: contour-with-envoy-deployment 251 spec: 252 controllerName: projectcontour.io/gateway-controller 253 parametersRef: 254 kind: ContourDeployment 255 group: projectcontour.io 256 name: contour-with-envoy-deployment-params 257 namespace: projectcontour 258 --- 259 kind: ContourDeployment 260 apiVersion: projectcontour.io/v1alpha1 261 metadata: 262 namespace: projectcontour 263 name: contour-with-envoy-deployment-params 264 spec: 265 envoy: 266 workloadType: Deployment 267 ``` 268 269 All Gateways provisioned using the `contour-with-envoy-deployment` GatewayClass would get an Envoy Deployment. 270 271 See [the API documentation][6] for all `ContourDeployment` options. 272 273 ### Further reading 274 275 This guide only scratches the surface of the Gateway API's capabilities. See the [Gateway API website][1] for more information. 276 277 278 [1]: https://gateway-api.sigs.k8s.io/ 279 [2]: https://kubernetes.io/ 280 [3]: https://projectcontour.io/resources/compatibility-matrix/ 281 [4]: https://kubernetes.io/docs/tasks/tools/install-kubectl/ 282 [5]: https://gateway-api.sigs.k8s.io/api-types/gatewayclass/#gatewayclass-parameters 283 [6]: https://projectcontour.io/docs/main/config/api/#projectcontour.io/v1alpha1.ContourDeployment 284 [7]: https://projectcontour.io/docs/main/config/api/#projectcontour.io/v1alpha1.GatewayConfig 285 [8]: https://gateway-api.sigs.k8s.io/api-types/gatewayclass/#gatewayclass-controller-selection