1. Using kubernetes gateway.networking.k8s.io with pulumi.com


    To use Kubernetes Gateway API (gateway.networking.k8s.io) with Pulumi, you would actually leverage the Kubernetes provider from Pulumi to define resources compliant with this API. The Gateway API provides a more expressive and powerful way of configuring ingress than what was previously available with Ingress in Kubernetes, allowing for more complex routing, traffic management, and administrative separation.

    First, let’s understand the core resources provided by the Gateway API:

    • GatewayClass: Defines a set of gateways with a common configuration and behavior.
    • Gateway: Represents an instantiation of a service load balancer operating at the edge of the network, configured with the GatewayClass.
    • HTTPRoute: Defines HTTP routing rules associated with a Gateway.

    Below is a Pulumi program written in TypeScript that demonstrates how you might define a Gateway and an HTTPRoute using the Kubernetes Gateway API. The example assumes that you have a Kubernetes cluster up and running.

    Before starting with the code, ensure that you have the Pulumi CLI and Kubernetes provider installed and configured with access to your Kubernetes cluster.

    import * as k8s from '@pulumi/kubernetes'; const gatewayClassName = 'example-gatewayclass'; // Create a GatewayClass resource const gatewayClass = new k8s.networking.v1beta1.GatewayClass('example-gatewayclass', { metadata: { name: gatewayClassName, }, spec: { // The specific controller that will manage this class and its gateways // This will vary based on the actual gateway controller you are using // For example 'istio.io/gateway-controller' for Istio controller: 'example-controller', }, }); // Create a Gateway resource const gateway = new k8s.networking.v1beta1.Gateway('example-gateway', { metadata: { name: 'example-gateway', }, spec: { gatewayClassName: gatewayClass.metadata.name, // Reference to the GatewayClass listeners: [{ protocol: 'HTTP', port: 80, // The port where the HTTP traffic will be listened routes: { kind: 'HTTPRoute', selector: { matchLabels: { app: 'my-app', // Label selector to associate HTTPRoutes }, }, }, }], }, }, {dependsOn: [gatewayClass]}); // Ensure the GatewayClass exists before the Gateway // Create an HTTPRoute resource const httpRoute = new k8s.networking.v1beta1.HTTPRoute('example-httproute', { metadata: { name: 'example-httproute', labels: { app: 'my-app', // Match the label to Gateway's route selector }, }, spec: { gateways: { allow: 'All', // Allow any Gateway that matches the selectors }, // Hosts and rules define the endpoints and routing rules hosts: [{ hostname: 'example.com', rules: [{ matches: [{ path: { type: 'Exact', value: '/hello' }, }], // Define the backend that where the traffic will be forwarded forwardTo: [{ serviceName: 'my-service', port: { number: 8080 }, }], }], }], }, }, {dependsOn: [gateway]}); // Ensure the Gateway exists before the HTTPRoute // Export the Gateway's name and the HTTPRoute's name export const gatewayName = gateway.metadata.name; export const httpRouteName = httpRoute.metadata.name;

    In this program, we have established three resources: a GatewayClass that specifies the controller responsible for this set of gateways, a Gateway that uses the GatewayClass and sets up HTTP traffic listening on port 80, and an HTTPRoute that specifies that any HTTP traffic to example.com/hello should be forwarded to my-service at port 8080.

    Remember that to work with these API objects, the Kubernetes cluster must have a compatible gateway controller installed that recognizes the Gateway API objects (GatewayClass, Gateway, and HTTPRoute). This could be the built-in Ingress Controller if it supports the Gateway API, or an external one like Contour, Gloo, or Ambassador.

    You would need to apply the appropriate controller field value in the gatewayClass definition depending on the gateway controller you are using.

    Please adjust the sample code as per the specific configuration of your Kubernetes environment, such as domain names, service names, labels, and the gateway controller.