sigs.k8s.io/gateway-api@v1.0.0/site-src/blog/2023/0829-mesh-support.md (about) 1 --- 2 description: > 3 We are excited to announce the v0.8.0 release of Gateway API, where service 4 mesh support has has now reached Experimental status, we've introduced CEL 5 validation and a Mesh conformance profile, and more! 6 --- 7 8 # Gateway API v0.8.0: Introducing Service Mesh Support! 9 10 <small style="position:relative; top:-30px;"> 11 :octicons-calendar-24: August 29, 2023 ยท 12 :octicons-clock-24: 5 min read 13 </small> 14 15 We are thrilled to announce the v0.8.0 release of Gateway API! With this 16 release, Gateway API support for service mesh has reached [Experimental 17 status][status], and we've also made some smaller additions such as CEL 18 validation. We look forward to your feedback! 19 20 We're especially delighted to announce that Kuma 2.3+, Linkerd 2.14+, and 21 Istio 1.16+ are all fully-conformant implementations of the Gateway API 22 service mesh support. 23 24 ## Service mesh support in Gateway API 25 26 While the initial focus of Gateway API was always ingress (north-south) 27 traffic, it was clear almost from the beginning that the same basic routing 28 concepts should also be applicable to service mesh (east-west) traffic. In 29 2022, the Gateway API subproject started the [GAMMA initiative][gamma], a 30 dedicated vendor-neutral workstream, specifically to examine how best to fit 31 service mesh support into the framework of the Gateway API resources, without 32 requiring users of Gateway API to relearn everything they understand about the 33 API. 34 35 Over the last year, GAMMA has dug deeply into the challenges and possible 36 solutions around using the Gateway API for service mesh. The end result is a 37 small number of [enhancement proposals][geps] that subsume many hours of 38 thought and debate, and provide a minimum viable path to allow the Gateway API 39 to be used for service mesh. 40 41 ### How will mesh routing work when using the Gateway API? 42 43 You can find all the details in the [Gateway API Mesh routing 44 documentation][mesh-routing] and [GEP-1426], but the short version for Gateway 45 API v0.8.0 is that an HTTPRoute can now have a `parentRef` that is a Service, 46 rather than just a Gateway. We anticipate future GEPs in this area as we gain 47 more experience with service mesh use cases -- binding to a Service makes it 48 possible to use the Gateway API with a service mesh, but there are several 49 interesting use cases that remain difficult to cover. 50 51 As an example, you might use an HTTPRoute to do an A-B test in the mesh as 52 follows: 53 54 ```yaml 55 apiVersion: gateway.networking.k8s.io/v1beta1 56 kind: HTTPRoute 57 metadata: 58 name: bar-route 59 spec: 60 parentRefs: 61 - group: "" 62 kind: Service 63 name: demo-app 64 port: 5000 65 rules: 66 - matches: 67 - headers: 68 - type: Exact 69 name: env 70 value: v1 71 backendRefs: 72 - name: demo-app-v1 73 port: 5000 74 - backendRefs: 75 - name: demo-app-v2 76 port: 5000 77 ``` 78 79 Any request to port 5000 of the `demo-app` Service that has the header `env: 80 v1` will be routed to `demo-app-v1`, while any request without that header 81 will be routed to `demo-app-v2` -- and since this is being handled by the 82 service mesh, not the ingress controller, the A/B test can happen anywhere in 83 the application's call graph. 84 85 ### How do I know this will be truly portable? 86 87 Gateway API has been investing heavily in conformance tests across all 88 features it supports, and mesh is no exception. One of the challenges that the 89 GAMMA initiative ran into is that many of these tests were strongly tied to 90 the idea that a given implementation provides an ingress controller. Many 91 service meshes don't, and requiring a GAMMA-conformant mesh to also implement 92 an ingress controller seemed impractical at best. This resulted in work 93 restarting on Gateway API _conformance profiles_, as discussed in [GEP-1709]. 94 95 The basic idea of conformance profiles is that we can define subsets of the 96 Gateway API, and allow implementations to choose (and document) which subsets 97 they conform to. GAMMA is adding a new profile, named `Mesh` and described in 98 [GEP-1686], which checks only the mesh functionality as defined by GAMMA. At 99 this point, Kuma 2.3+, Linkerd 2.14+, and Istio 1.16+ are all conformant with 100 the `Mesh` profile. 101 102 ## What else is in Gateway API v0.8.0? 103 104 This release is all about preparing Gateway API for the upcoming v1.0 release 105 where HTTPRoute, Gateway, and GatewayClass will graduate to GA. There are two 106 main changes related to this: CEL validation and GEP process changes. 107 108 ### CEL Validation 109 110 The first major change is that Gateway API v0.8.0 is the start of a transition 111 from webhook validation to [CEL validation][cel] using information built into 112 the CRDs. That will mean different things depending on the version of 113 Kubernetes you're using: 114 115 #### Kubernetes 1.25+ 116 117 CEL validation is fully supported, and almost all validation is implemented in 118 CEL. (The sole exception is that header names in header modifier filters can 119 only do case-insensitive validation. There is more information in [issue 120 2277].) 121 122 We recommend _not_ using the validating webhook on these Kubernetes versions. 123 124 #### Kubernetes 1.23 and 1.24 125 126 CEL validation is not supported, but Gateway API v0.8.0 CRDs can still be 127 installed. When you upgrade to Kubernetes 1.25+, the validation included in 128 these CRDs will automatically take effect. 129 130 We recommend continuing to use the validating webhook on these Kubernetes 131 versions. 132 133 #### Kubernetes 1.22 and older 134 135 Gateway API only commits to support for [5 most recent versions of 136 Kubernetes][supported-versions]. As such, these versions are no longer 137 supported by Gateway API, and unfortunately Gateway API v0.8.0 cannot be 138 installed on them, since CRDs containing CEL validation will be rejected. 139 140 ### GEP Process Changes 141 142 The second significant change in Gateway API v0.8.0 is that we have (by 143 necessity) taken a hard look at the process around [Experimental][status] 144 GEPs. Some of these GEPs have been lingering long enough that projects have 145 come to rely on them in production use, which is a bit of a breakdown of the 146 GEP process. In order to prevent it happening in the future, we have changed 147 the GEP process such that reaching [Experimental][status] _requires_ that a 148 GEP include both the graduation criteria by which the GEP will become 149 [Standard][status], and a probationary period after which the GEP will be 150 dropped if does not meet its graduation criteria. 151 152 For an exhaustive list of changes included in the `v0.8.0` release, please see 153 the [v0.8.0 release notes]. For more information on Gateway API versioning, 154 refer to the [official documentation][versioning docs]. 155 156 ## How can I get started with the Gateway API? 157 158 Gateway API represents the future of load balancing, routing, and service mesh 159 APIs in Kubernetes. There are already more than 20 [implementations][impl] 160 available (including both ingress controllers and service meshes) and the list 161 keeps growing. 162 163 If you're interested in getting started with Gateway API, take a look at the 164 [API concepts documentation][concepts] and check out some of the 165 [Guides][guides] to try it out. Because this is a CRD-based API, you can 166 install the latest version on any Kubernetes 1.23+ cluster. 167 168 If you're specifically interested in helping to contribute to Gateway API, we 169 would love to have you! Please feel free to [open a new issue][issue] on the 170 repository, or join in the [discussions][disc]. Also check out the [community 171 page][community] which includes links to the Slack channel and community 172 meetings. We look forward to seeing you!! 173 174 ## Further Reading: 175 176 - [GEP-1324] provides an overview of the GAMMA goals and some important 177 definitions. This GEP is well worth a read for its discussion of the problem 178 space. 179 - [GEP-1426] defines how to use Gateway API route resources, such as 180 HTTPRoute, to manage traffic within a service mesh. 181 - [GEP-1686] builds on the work of [GEP-1709] to define a _conformance 182 profile_ for service meshes to be declared conformant with the Gateway API. 183 184 Although these are [Experimental][status] patterns, note that they are 185 available in the [`standard` release channel][ch], since the GAMMA initiative 186 has not needed to introduce new resources or fields to date. 187 188 [gamma]:/concepts/gamma/ 189 [status]:/geps/overview/#status 190 [ch]:/concepts/versioning/#release-channels-eg-experimental-standard 191 [cel]:https://kubernetes.io/docs/reference/using-api/cel/ 192 [crd]:https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/ 193 [concepts]:/concepts/api-overview/ 194 [geps]:/contributing/enhancement-requests/ 195 [guides]:/guides/getting-started/ 196 [impl]:/implementations/ 197 [install-crds]:/guides/getting-started/#install-the-crds 198 [issue]:https://github.com/kubernetes-sigs/gateway-api/issues/new/choose 199 [disc]:https://github.com/kubernetes-sigs/gateway-api/discussions 200 [community]:/contributing/community/ 201 [mesh-routing]:/concepts/gamma/#how-the-gateway-api-works-for-service-mesh 202 [GEP-1426]:/geps/gep-1426/ 203 [GEP-1324]:/geps/gep-1324/ 204 [GEP-1686]:/geps/gep-1686/ 205 [GEP-1709]:/geps/gep-1709/ 206 [issue 2277]:https://github.com/kubernetes-sigs/gateway-api/issues/2277 207 [supported-versions]:/concepts/versioning/#supported-versions 208 [v0.8.0 release notes]:https://github.com/kubernetes-sigs/gateway-api/releases/tag/v0.8.0 209 [versioning docs]:/concepts/versioning/