Using kubernetes gateway.networking.k8s.io with pulumi.com

Question

Pulumi · Accepted Answer

To use Kubernetes Gateway API (`gateway.networking.k8s.io`) with Pulumi, you would actually leverage the Kubernetes provider from Pulumi to define resources compliant with this API. The Gateway API provides a more expressive and powerful way of configuring ingress than what was previously available with Ingress in Kubernetes, allowing for more complex routing, traffic management, and administrative separation.

First, let’s understand the core resources provided by the Gateway API:
- **GatewayClass**: Defines a set of gateways with a common configuration and behavior.
- **Gateway**: Represents an instantiation of a service load balancer operating at the edge of the network, configured with the GatewayClass.
- **HTTPRoute**: Defines HTTP routing rules associated with a Gateway.

Below is a Pulumi program written in TypeScript that demonstrates how you might define a Gateway and an HTTPRoute using the Kubernetes Gateway API. The example assumes that you have a Kubernetes cluster up and running.

Before starting with the code, ensure that you have the Pulumi CLI and Kubernetes provider installed and configured with access to your Kubernetes cluster.

```typescript
import * as k8s from '@pulumi/kubernetes';

const gatewayClassName = 'example-gatewayclass';

// Create a GatewayClass resource
const gatewayClass = new k8s.networking.v1beta1.GatewayClass('example-gatewayclass', {
    metadata: {
        name: gatewayClassName,
    },
    spec: {
        // The specific controller that will manage this class and its gateways
        // This will vary based on the actual gateway controller you are using
        // For example 'istio.io/gateway-controller' for Istio
        controller: 'example-controller',
    },
});

// Create a Gateway resource
const gateway = new k8s.networking.v1beta1.Gateway('example-gateway', {
    metadata: {
        name: 'example-gateway',
    },
    spec: {
        gatewayClassName: gatewayClass.metadata.name, // Reference to the GatewayClass
        listeners: [{
            protocol: 'HTTP',
            port: 80, // The port where the HTTP traffic will be listened
            routes: {
                kind: 'HTTPRoute',
                selector: {
                    matchLabels: {
                        app: 'my-app', // Label selector to associate HTTPRoutes
                    },
                },
            },
        }],
    },
}, {dependsOn: [gatewayClass]}); // Ensure the GatewayClass exists before the Gateway

// Create an HTTPRoute resource
const httpRoute = new k8s.networking.v1beta1.HTTPRoute('example-httproute', {
    metadata: {
        name: 'example-httproute',
        labels: {
            app: 'my-app', // Match the label to Gateway's route selector
        },
    },
    spec: {
        gateways: {
            allow: 'All', // Allow any Gateway that matches the selectors
        },
        // Hosts and rules define the endpoints and routing rules
        hosts: [{
            hostname: 'example.com',
            rules: [{
                matches: [{
                    path: { type: 'Exact', value: '/hello' },
                }],
                // Define the backend that where the traffic will be forwarded
                forwardTo: [{
                    serviceName: 'my-service',
                    port: { number: 8080 },
                }],
            }],
        }],
    },
}, {dependsOn: [gateway]}); // Ensure the Gateway exists before the HTTPRoute

// Export the Gateway's name and the HTTPRoute's name
export const gatewayName = gateway.metadata.name;
export const httpRouteName = httpRoute.metadata.name;
```

In this program, we have established three resources: a GatewayClass that specifies the controller responsible for this set of gateways, a Gateway that uses the GatewayClass and sets up HTTP traffic listening on port 80, and an HTTPRoute that specifies that any HTTP traffic to `example.com/hello` should be forwarded to `my-service` at port `8080`.

Remember that to work with these API objects, the Kubernetes cluster must have a compatible gateway controller installed that recognizes the Gateway API objects (`GatewayClass`, `Gateway`, and `HTTPRoute`). This could be the built-in Ingress Controller if it supports the Gateway API, or an external one like Contour, Gloo, or Ambassador.

You would need to apply the appropriate `controller` field value in the `gatewayClass` definition depending on the gateway controller you are using.

Please adjust the sample code as per the specific configuration of your Kubernetes environment, such as domain names, service names, labels, and the gateway controller.