Default gateway proxy setup
Learn about the different K8sGateway and Kubernetes resources that make up your gateway proxy deployment.
GatewayClass
The GatewayClass is a Kubernetes Gateway API-native resource that defines the controller that spins up and configures gateway proxies in your environment.
When you install K8sGateway, a default GatewayClass resource is automatically created with the following configuration.
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
name: gloo-gateway
spec:
controllerName: solo.io/gloo-gateway
The solo.io/gloo-gateway
controller implements the Kubernetes Gateway API and provides an abstraction of the gateway’s underlying infrastructure. The controller watches the resources in your cluster. When a Gateway resource is created that references this GatewayClass, the controller spins up an Envoy-based gateway proxy by using the configuration that is defined in the GatewayParameters resource. The controller also translates other resources, such as HTTPRoute, RouteOption, VirtualHostOption, and more, into valid Envoy configuration, and applies the configuration to the gateway proxies it manages.
Gateway proxy template
When you create a Gateway resource, a default gateway proxy template is used to automatically spin up and bootstrap a gateway proxy deployment and service in your cluster. The template includes Envoy configuration that binds the gateway proxy deployment to the Gateway resource that you created. In addition, the settings in the GatewayParameters and Settings resources are used to configure the gateway proxy.
The resulting gateway proxy is managed for you and its configuration is automatically updated based on the settings in the GatewayParameters or Settings resources. To publicly expose the gateway proxy deployment, a service of type LoadBalancer is created for you. Depending on the cloud provider that you use, the LoadBalancer service is assigned a public IP address or hostname that you can use to reach the gateway. To expose an app on the gateway, you must create an HTTPRoute resource and define the matchers and filter rules that you want to apply before forwarding the request to the app in your cluster. You can review the Get started, traffic management, security, and resiliency guides to find examples for how to route and secure traffic to an app.
You can change the default configuration of your gateway proxy by creating custom GatewayParameters resources, or updating the default GatewayParameters and Settings values in your K8sGateway Helm chart. If you change the values in the Helm chart, K8sGateway automatically applies the changes to the default GatewayParameters and Settings resources.
If you do not want to use the default gateway proxy template to bootstrap your proxies, you can choose to create a self-managed gateway. With self-managed gateways, you are responsible for defining the proxy deployment template that you want to bootstrap your proxies with. For more information, see Self-managed gateways (BYO).
GatewayParameters
GatewayParameters is a K8sGateway custom resource that specifies the configuration for the gateway proxies in your cluster.
When you install K8sGateway, a default GatewayParameters resource is automatically created for you. You can review its configuration by using the following command:
kubectl get gatewayparameters gloo-gateway -n gloo-system -o yaml
To spin up new gateway proxies, the Gloo Gateway controller uses a gateway proxy template and the configuration in the default GatewayParameters and Settings resources. You can change the default configuration for your gateway proxies by updating the respective values in the Gloo Gateway Helm chart. You can also create additional GatewayParameters resources to spin up different types of gateway proxies.
For example, you might want to pair your gateway with a Network Load Balancer (NLB) instance in AWS. To properly pair and configure the gateway with an NLB, specific annotations on the gateway proxy are required. These annotations are not included in the default GatewayParameters resource. To add them, you can create a separate GatewayParameters resource where you add these annotations. For more customization options, see Customize the gateway.
Settings
Settings is a K8sGateway custom resource that is used to set global values for K8sGateway components, such as the gateway proxies or the K8sGateway control plane. The Settings resource is automatically created based on the values that you set in the K8sGateway Helm chart and enables or disables certain features in K8sGateway. For example, the Settings resource determines whether resource validation is enabled in your environment.
To view the default Settings resource, run the following command:
kubectl get settings default -n gloo-system -o yaml
When you follow the Get started guide, the following Settings resource is created for you. To understand each setting, check out the Settings custom resource documentation.
apiVersion: gloo.solo.io/v1
kind: Settings
metadata:
annotations:
meta.helm.sh/release-name: gloo-gateway
meta.helm.sh/release-namespace: gloo-system
generation: 1
labels:
app: gloo
app.kubernetes.io/managed-by: Helm
gloo: settings
name: default
namespace: gloo-system
spec:
consoleOptions:
apiExplorerEnabled: true
readOnly: false
discovery:
fdsMode: WHITELIST
discoveryNamespace: gloo-system
extauth:
extauthzServerRef:
name: extauth
namespace: gloo-system
transportApiVersion: V3
userIdHeader: x-user-id
gateway:
enableGatewayController: true
isolateVirtualHostsBySslConfig: false
readGatewaysFromAllNamespaces: false
validation:
allowWarnings: true
alwaysAccept: true
disableTransformationValidation: false
proxyValidationServerAddr: gloo:9988
serverEnabled: true
validationServerGrpcMaxSizeBytes: 104857600
warnRouteShortCircuiting: false
gloo:
disableKubernetesDestinations: false
disableProxyGarbageCollection: false
enableRestEds: false
invalidConfigPolicy:
invalidRouteResponseBody: K8sGateway has invalid configuration. Administrators
should run `glooctl check` to find and fix config errors.
invalidRouteResponseCode: 404
replaceInvalidRoutes: false
istioOptions:
appendXForwardedHost: true
enableAutoMtls: false
enableIntegration: false
proxyDebugBindAddr: 0.0.0.0:9966
regexMaxProgramSize: 1024
restXdsBindAddr: 0.0.0.0:9976
xdsBindAddr: 0.0.0.0:9977
graphqlOptions:
schemaChangeValidationOptions:
processingRules: []
rejectBreakingChanges: false
kubernetesArtifactSource: {}
kubernetesConfigSource: {}
kubernetesSecretSource: {}
ratelimitServer:
rateLimitBeforeAuth: false
ratelimitServerRef:
name: rate-limit
namespace: gloo-system
refreshRate: 60s
status:
statuses: {}