Gateway API is an open source project managed by the SIG-NETWORK community. The project aims to evolve service networking by providing expressive, extensible, and role-oriented interfaces. You can use Gateway API to define routing rules for accessing applications in a cluster. This topic shows you how to use Gateway API to define a routing rule for accessing an application in a cluster.

Prerequisites

Step 1: Deploy a sample application in an ACK cluster

  1. Enable automatic sidecar injection for the default namespace. For more information, see Enable automatic sidecar injection.
  2. Use kubectl to connect to the ACK cluster. For more information, see Use kubectl on Cloud Shell to manage ACK clusters.
  3. Use the following content to create a YAML file that is named httpbin:
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: httpbin
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: httpbin
      labels:
        app: httpbin
        service: httpbin
    spec:
      ports:
      - name: http
        port: 8000
        targetPort: 80
      selector:
        app: httpbin
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: httpbin
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: httpbin
          version: v1
      template:
        metadata:
          labels:
            app: httpbin
            version: v1
        spec:
          serviceAccountName: httpbin
          containers:
          - image: docker.io/kennethreitz/httpbin
            imagePullPolicy: IfNotPresent
            name: httpbin
            ports:
            - containerPort: 80
  4. Run the following command to create the httpbin application:
    kubectl apply -f httpbin.yaml
  5. Run the following command to check whether the pod of the application runs as expected:
    kubectl get pod |grep httpbin

    The following output is expected:

    httpbin-66cdbdb6c5-vhsh6          2/2     Running   0          11s

Step 2: Configure Gateway API in an ASM instance

  1. Use kubectl to connect to an ASM instance. For more information, see Use kubectl to connect to an ASM instance.
  2. Use the following content to create a YAML file that is named gw:
    apiVersion: networking.x-k8s.io/v1alpha1
    kind: GatewayClass
    metadata:
      name: istio
    spec:
      controller: istio.io/gateway-controller
    ---
    apiVersion: networking.x-k8s.io/v1alpha1
    kind: Gateway
    metadata:
      name: gateway
      namespace: istio-system
    spec:
      gatewayClassName: istio
      listeners:
      - hostname: "*"
        port: 80
        protocol: HTTP
        routes:
          namespaces:
            from: All
          selector:
            matchLabels:
              selected: "yes"
          kind: HTTPRoute
    ---
    apiVersion: networking.x-k8s.io/v1alpha1
    kind: HTTPRoute
    metadata:
      name: http
      namespace: default
      labels:
        selected: "yes"
    spec:
      gateways:
        allow: All
      hostnames: ["httpbin.aliyun.com"]
      rules:
      - matches:
        - path:
            type: Prefix
            value: /get
        filters:
        - type: RequestHeaderModifier
          requestHeaderModifier:
            add:
              my-added-header: added-value
        forwardTo:
        - serviceName: httpbin
          port: 8000
    • Configure a Gateway

      port: the port number of the Gateway. Set the parameter to 80. Then, the httpbin application can be accessed by using port 80.

    • Configure an HTTPRoute
      • hostnames: the host name. Set the parameter to httpbin.aliyun.com.
      • path: Set the type parameter to Prefix and the value parameter to /get. The settings specify that the URLs that are used to access the httpbin application must contain the get parameter.
  3. Run the following command to configure Gateway API:
    kubectl --kubeconfig=<Name of the kubeconfig file of the ASM instance> apply -f gw.yaml

Step 3: Query the IP address of the ingress gateway

  1. Log on to the ACK console.
  2. In the left-side navigation pane of the ACK console, click Clusters.
  3. On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
  4. In the left-side navigation pane of the details page, choose Services and Ingresses > Services.
  5. At the top of the Services page, select istio-system from the Namespace drop-down list. Find the ingress gateway that is named istio-ingressgateway and view the IP address whose port is 80 in the External Endpoint column.

Verify the routing rule

  • Run the following command to access the httpbin application:
    curl -s -HHost:httpbin.aliyun.com "http://$INGRESS_HOST:$INGRESS_PORT/get"

    Use the -H flag to set the Host HTTP header to httpbin.aliyun.com. The value of the Host HTTP header must be the same as the value of the hostnames parameter that is configured for the HTTPRoute.

    The following output is expected:

    {
      "args": {},
      "headers": {
        "Accept": "*/*",
        "Content-Length": "0",
        "Host": "httpbin.aliyun.com",
        "My-Added-Header": "added-value",
        "User-Agent": "curl/7.75.0",
        "X-Envoy-Attempt-Count": "1",
        "X-Envoy-External-Address": "xxxxxx"
      },
      "origin": "xxxxxx",
      "url": "http://httpbin.aliyun.com/get"
    }
  • Run the following command to access the httpbin application:
    curl -I -HHost:httpbin.aliyun.com "http://$INGRESS_HOST:$INGRESS_PORT/headers"

    The following output is expected:

    HTTP/1.1 404 Not Found

The application is accessed by using the URL that contains the get parameter, but fails to be accessed by using the URL that contains the headers parameter. This means that only URLs that contain the get parameter can be used to access the httpbin application. The results indicate that the routing rule that you defined by using Gateway API takes effect.