Default gateway proxy setup

Default gateway proxy setup

Learn about the different K8sGateway and Kubernetes resources that make up your gateway proxy deployment.

GatewayClass

The GatewayClass is a Kubernetes Gateway API-native resource that defines the controller that spins up and configures gateway proxies in your environment.

When you install K8sGateway, a GatewayClass resource is automatically created with the following configuration.

apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
  name: gloo-gateway
spec:
  controllerName: solo.io/gloo-gateway

The solo.io/gloo-gateway controller implements the Kubernetes Gateway API and provides an abstraction of the gateway’s underlying infrastructure. The controller watches the resources in your cluster. When a Gateway resource is created that references this GatewayClass, the controller spins up an Envoy-based gateway proxy by using the configuration that is defined in the GatewayParameters resource. The controller also translates other resources, such as HTTPRoute, RouteOption, VirtualHostOption, and more, into valid Envoy configuration, and applies the configuration to the gateway proxies it manages.

Gateway proxy template

When you create a Gateway resource, a default gateway proxy template is used to automatically spin up and bootstrap a gateway proxy deployment and service in your cluster. The template includes Envoy configuration that binds the gateway proxy deployment to the Gateway resource that you created. In addition, the settings in the GatewayParameters and Settings resources are used to configure the gateway proxy.

The resulting gateway proxy is managed for you and its configuration is automatically updated based on the settings in the GatewayParameters or Settings resources. To publicly expose the gateway proxy deployment, a service of type LoadBalancer is created for you. Depending on the cloud provider that you use, the LoadBalancer service is assigned a public IP address or hostname that you can use to reach the gateway. To expose an app on the gateway, you must create an HTTPRoute resource and define the matchers and filter rules that you want to apply before forwarding the request to the app in your cluster. You can review the Get started, traffic management, security, and resiliency guides to find examples for how to route and secure traffic to an app.

You can change the default configuration of your gateway proxy by changing the GatewayParameters and Settings values. In most cases, you add the values via the K8sGateway Helm chart. K8sGateway automatically updates the GatewayParameters and Settings resources for you. But you can also update the values in these two resources directly. Keep in mind that values that you manually add to the GatewayParameters and Settings resources do not persist between upgrades. To persist these values, you must add the values to the K8sGateway Helm chart.

If you do not want to use the default gateway proxy template to bootstrap your proxies, you can choose to create a self-managed gateway. With self-managed gateways, you are responsible for defining the proxy deployment template that you want to bootstrap your proxies with. For more information, see Self-managed gateways (BYO).

GatewayParameters

GatewayParameters is a K8sGateway custom resource that specifies the configuration for the gateway proxies in your cluster.

When you install K8sGateway, a GatewayParameters resource is automatically created for you. You can review its configuration by using the following command:

kubectl get gatewayparameters gloo-gateway -n gloo-system -o yaml  

To spin up new gateway proxies, the K8sGateway controller uses a gateway proxy template and the configuration in the default GatewayParameters and Settings resources. You can change the default configuration for your gateway proxies by manually editing the GatewayParameters resource or adding the respective values to the K8sGateway Helm chart. You can also create additional GatewayParameters resources to spin up different types of gateway proxies.

For example, you might want to pair your gateway with a Network Load Balancer (NLB) instance in AWS. To properly pair and configure the gateway with an NLB, specific annotations on the gateway proxy are required. These annotations are not included in the default GatewayParameters resource. To add them, you can either change the default GatewayParameters resource, or create a separate one where you add these annotations. For more customization options, see Customize the gateway.

Settings

Settings is a K8sGateway custom resource that is used to set global values for K8sGateway components, such as the gateway proxies or the K8sGateway control plane. The Settings resource is automatically created based on the values that you set in the K8sGateway Helm chart, but you can also manually update the Settings resource to enable or disable certain features in K8sGateway. For example, the Settings resource determines whether resource validation is enabled in your environment.

ℹ️
Note that when you manually update values in the Settings resource, these values do not persist between Helm upgrades. To ensure that your values are still present even after you upgrade to a new K8sGateway version, add the values to your Helm chart instead.

To view the default Settings resource, run the following command:

kubectl get settings default -n gloo-system -o yaml

When you follow the Get started guide, the following Settings resource is created for you. To understand each setting, check out the Settings custom resource documentation.

apiVersion: gloo.solo.io/v1
kind: Settings
metadata:
  annotations:
    meta.helm.sh/release-name: gloo-gateway
    meta.helm.sh/release-namespace: gloo-system
  generation: 1
  labels:
    app: gloo
    app.kubernetes.io/managed-by: Helm
    gloo: settings
  name: default
  namespace: gloo-system
spec:
  consoleOptions:
    apiExplorerEnabled: true
    readOnly: false
  discovery:
    fdsMode: WHITELIST
  discoveryNamespace: gloo-system
  extauth:
    extauthzServerRef:
      name: extauth
      namespace: gloo-system
    transportApiVersion: V3
    userIdHeader: x-user-id
  gateway:
    enableGatewayController: true
    isolateVirtualHostsBySslConfig: false
    readGatewaysFromAllNamespaces: false
    validation:
      allowWarnings: true
      alwaysAccept: true
      disableTransformationValidation: false
      proxyValidationServerAddr: gloo:9988
      serverEnabled: true
      validationServerGrpcMaxSizeBytes: 104857600
      warnRouteShortCircuiting: false
  gloo:
    disableKubernetesDestinations: false
    disableProxyGarbageCollection: false
    enableRestEds: false
    invalidConfigPolicy:
      invalidRouteResponseBody: K8sGateway has invalid configuration. Administrators
        should run `glooctl check` to find and fix config errors.
      invalidRouteResponseCode: 404
      replaceInvalidRoutes: false
    istioOptions:
      appendXForwardedHost: true
      enableAutoMtls: false
      enableIntegration: false
    proxyDebugBindAddr: 0.0.0.0:9966
    regexMaxProgramSize: 1024
    restXdsBindAddr: 0.0.0.0:9976
    xdsBindAddr: 0.0.0.0:9977
  graphqlOptions:
    schemaChangeValidationOptions:
      processingRules: []
      rejectBreakingChanges: false
  kubernetesArtifactSource: {}
  kubernetesConfigSource: {}
  kubernetesSecretSource: {}
  ratelimitServer:
    rateLimitBeforeAuth: false
    ratelimitServerRef:
      name: rate-limit
      namespace: gloo-system
  refreshRate: 60s
status:
  statuses: {}