Closed
Description
Would like to discuss the scope of a Gateway / Route and relationship between gateway and routes.
For LoadBalancer, there are two basic use case:
- As an Application developer limited to a single namespace, I should be able to create a LoadBalancer to route traffic to their services within the single namespace.
- As a Cluster operator for multiple teams, I should be able to setup a single LoadBalancer for services across multiple namespaces. (e.g. Nginx ingress controller is kind of a single Loadbalancer for all Ingresses)
For route, similar use cases exists too:
- As an Application developer, I should be able to create a Route to route traffic to services within a single namespace.
- As an Application developer, I should be able to create a Route to route traffic to services across namespaces under different weights. (e.g. services lives in prod namespace and stage namespace, some users use namespace as isolation between environment stages).
- An a Cluster operator, I should be able to modify a Route to mirror traffic to services in different namespace. (e.g. set up rules to mirror application traffic to specific analysis service in another namespace than application service)
Should we have different scope of resource to satisfy all these use cases, similar to "Role" and "ClusterRole"? e.g.
- namespace-scoped HTTPRoute can only reference services within it's namespace.
- cluster-scoped ClusterHTTPRoute can reference services across namespaces.
- namespace-scoped Gateway can only reference HTTPRoute within it's namespace.
- cluster-scoped ClusterGateway can reference ClusterHTTPRoute or HTTPRoute in each namespaces.
An naive implementation can be like:
single namespace sample
apiVersion: networking.x-k8s.io
kind: Gateway
metadata:
namespace: product-xxx
name: lb-main
spec:
routeSelector:
matchLabels:
app: main
---
apiVersion: networking.x-k8s.io
kind: HTTPRoute
metadata:
namespace: "product-xxx"
name: "homepage"
labels:
app: main
spec:
path: /homepage
actions:
- forwardTo:
- serviceName: homepage
servicePort: 80
---
apiVersion: networking.x-k8s.io
kind: HTTPRoute
metadata:
namespace: "product-xxx"
name: "forum"
labels:
app: main
spec:
path: /forum
actions:
- forwardTo:
- serviceName: forumpage
servicePort: 80
multiple namespace sample
apiVersion: networking.x-k8s.io
kind: ClusterGateway
metadata:
name: "company-xxx-main"
spec:
routeSelectors:
- namespace: "team-a"
matchLabels:
app: a-app-on-main
- namespace: "team-b"
matchLabels:
app: b-app-on-main
clusterRouteSelector:
matchLabels:
app: main
---
apiVersion: networking.x-k8s.io
kind: HTTPRoute
metadata:
namespace: "team-a"
name: "homepage"
labels:
app: a-app-on-main
spec:
host: team-a.example.com
path: /homepage
actions:
- forwardTo:
- serviceName: homepage
servicePort: 80
---
apiVersion: networking.x-k8s.io
kind: HTTPRoute
metadata:
namespace: "team-b"
name: "homepage"
labels:
app: b-app-on-main
spec:
host: team-b.example.com
path: /homepage
actions:
- forwardTo:
- serviceName: homepage
servicePort: 80
---
apiVersion: networking.x-k8s.io
kind: ClusterHTTPRoute
metadata:
name: "random-homepage"
labels:
app: main
spec:
host: random.example.com
path: /homepage
actions:
- forwardTo:
- namespace: team-a
serviceName: homepage
servicePort: 80
weight: 50
- namespace: team-b
serviceName: homepage
servicePort: 80
weight: 50
---
apiVersion: networking.x-k8s.io
kind: ClusterHTTPRoute
metadata:
name: "mirror-traffic"
labels:
app: main
spec:
host: alpha.team-a.example.com
path: /homepage
actions:
- forwardTo:
- namespace: team-a
serviceName: homepage
servicePort: 80
- mirrorTo:
- namespace: team-infra
serviceName: monitor
servicePort: 8080