-
Notifications
You must be signed in to change notification settings - Fork 498
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GEP-1651: Gateway Routability #1653
Conversation
Hi @dprotaso. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Going to leave this as draft - until I propose an implementation/API - @evankanderson had a simple proposal in the discussion but wanted to dwell on it a bit before committing it to this GEP |
/ok-to-test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for starting this @dprotaso! Have some questions about scoping here, especially around some of the edge cases about what "external" means in this context.
@dprotaso added this to agenda for community meeting today, want to try to figure out where this fits between a theoretical future ClusterIP GatewayClass, and the broader goal of providing shared config for all in-cluster implementations that are currently mapping a Gateway to a Service type=LB. |
Discussed on zoom: this seems like a specialized case of a more general problem: how do we customize the generate resources (Deployment/Service commonly, maybe others) for in cluster deployments? See also #1713 and #1355. Currently I think most implementations seem to do this in different ways. It may make sense to have a unified approach here rather than tackling one specific use case |
Another follow up from community meeting. I think we have 3 questions to answer:
|
+1 on seeing if this fits into a category of standardizing the experience for the user of Gateway proxies/infrastructure that is built and deployed using standard K8s. Regarding whether GatewayClass or Gateway -- this really rests on the role you think who should be determining these parameters. Our most typical use case is the person owning the lifecycle of the GW would not be also configuring # of replicas etc. They may give hints as to the capacity they need, but not be the one fixing the actual resource values. |
Here's an attempt to answer the questions from the meeting I commented above: Another follow up from community meeting. I think we have 3 questions to answer:
At a minimum, we should try to list out what users commonly want to configure here. Determining what those features are and how often they're likely to vary would help us decide if that's a separate effort or directly linked with this.
I'm biased because GKE already has different GatewayClasses for internal and external load balancers. If we were to include this on GWC, we could add something like a While I can see how this could also fit on the Gateway itself, to me this feels more fundamentally about the type/class of Gateway that is being used than a switch on the Gateway. I'm still not really sure how this would interact with the potential of a future "ClusterIP" GatewayClass, but I think this may be a bit less likely to conflict with that.
I think these probably should be different values. It's possible that in-cluster implementations would be able to configure internal LBs on some providers that effectively provided "SameNetwork" behavior. |
FWIW this is not how many users use our product, at least. See https://istio.io/latest/docs/setup/additional-setup/gateway/#dedicated-application-gateway and #567. I think my views on GatewayClass haven't necessarily been congruent with the projects position, but in my mind, if we draw an analogy to deployments (which is not a stretch, we literally make a Deployment for us :-) ) GatewayClass: deploy the meta-infra. i.e. Deployment controller in controller-manager. I know there is "params" on Gatewayclass but I think this is an anti-pattern for most use cases. This would be akin to putting a cluster scoped "ResourceClass" resource that has cpu/memory requests, and deployments reference that vs inlining it - this isn't a terrible idea, but feels more like a higher level abstraction that a PaaS may offer, while I would expect Kubernetes to be a bit lower level. Similarly, having the ability to configure things at a higher level seems nice for Gateway, but being able to configure them on a per-Gateway basis remains important. I would also like to point out that the "1-2 Gateways per cluster" is a common case, but not the only one. We expect to have 100s of Gateways in a cluster which all may have bespoke config. Making each of theserequire a GatewayClass is problematic |
Could introducing |
Expanding scope of the GEP
I think it's premature to suggest this use case warrants an expansion in scope to cover the definition of the Gateway's deployment. It feels this locks us into a 1:1 mapping between a Gateway and it's underlying k8s resources. I worry this would interfere with my the proposal to define how multiple gateways can be merged. See #1713 Empirically, Knative's deployment of Istio makes use of a single deployment to handle cluster local traffic AND traffic from the internet. This is accomplished by using multiple K8s Services (one If a 1:1 mapping between Gateway => (Service & Deployment) is required we would have to push ie. # Bad example
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: prod-web
spec:
gatewayClassName: acme-lb
listeners:
- protocol: HTTP
port: 80
scope: ClusterLocal
name: prod-internal-gw
- protocol: HTTP
port: 80
scope: Public
name: prod-web-gw
status:
addresses:
- type: IPAddress
scope: Public
value: 53.457.48.54
- type: IPAddress
value: 10.0.0.13
scope: ClusterLocal GatewayClass or Gateway
GatewayClass seems solely for providing implementation specific configuration - given that it's so underspecified. Gateway is advertised as From howardjohn
Yeah +100 From howardjohn
Knative could easily have 1000s of Gateways resources that are merged (because of unique certs issued by HTTP01) Same Cluster or Same Network
@robscott Can you elaborate on Given that I had to even ask that question I think |
…et conditions to false
sorry folks - I rebase to resolve nav conflict |
weird |
gcr transient error /retest |
Thanks @dprotaso! This LGTM, but leaving for @youngnick to give final LGTM. /approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dprotaso, howardjohn, robscott, shaneutt The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
After one last pass, yes, this LGTM /lgtm |
/hold cancel |
wow no way - thanks everyone! |
/kind gep
What this PR does / why we need it:
Support different types of routable Gateways
Which issue(s) this PR fixes:
Supports (but does not resolve) #1651