This project is in the process of being donated to the CNCF and is not affiliated with the Kubernetes project.
Default gateway proxy setup

Default gateway proxy setup

Learn about the different K8sGateway and Kubernetes resources that make up your gateway proxy deployment.

GatewayClass

The GatewayClass is a Kubernetes Gateway API-native resource that defines the controller that spins up and configures gateway proxies in your environment.

When you install K8sGateway, a default GatewayClass resource is automatically created with the following configuration.

apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
  name: gloo-gateway
spec:
  controllerName: solo.io/gloo-gateway

The solo.io/gloo-gateway controller implements the Kubernetes Gateway API and provides an abstraction of the gateway’s underlying infrastructure. The controller watches the resources in your cluster. When a Gateway resource is created that references this GatewayClass, the controller spins up an Envoy-based gateway proxy by using the configuration that is defined in the GatewayParameters resource. The controller also translates other resources, such as HTTPRoute, RouteOption, VirtualHostOption, and more, into valid Envoy configuration, and applies the configuration to the gateway proxies it manages.

Gateway proxy template

When you create a Gateway resource, a default gateway proxy template is used to automatically spin up and bootstrap a gateway proxy deployment and service in your cluster. The template includes Envoy configuration that binds the gateway proxy deployment to the Gateway resource that you created. In addition, the settings in the GatewayParameters and Settings resources are used to configure the gateway proxy.

The resulting gateway proxy is managed for you and its configuration is automatically updated based on the settings in the GatewayParameters or Settings resources. To publicly expose the gateway proxy deployment, a service of type LoadBalancer is created for you. Depending on the cloud provider that you use, the LoadBalancer service is assigned a public IP address or hostname that you can use to reach the gateway. To expose an app on the gateway, you must create an HTTPRoute resource and define the matchers and filter rules that you want to apply before forwarding the request to the app in your cluster. You can review the Get started, traffic management, security, and resiliency guides to find examples for how to route and secure traffic to an app.

You can change the default configuration of your gateway proxy by creating custom GatewayParameters resources, or updating the default GatewayParameters and Settings values in your K8sGateway Helm chart. If you change the values in the Helm chart, K8sGateway automatically applies the changes to the default GatewayParameters and Settings resources.

ℹ️
Do not edit or change the default GatewayParameters and Settings resources directly. Always update the values in the K8sGateway Helm chart so that they persist between upgrades.

If you do not want to use the default gateway proxy template to bootstrap your proxies, you can choose to create a self-managed gateway. With self-managed gateways, you are responsible for defining the proxy deployment template that you want to bootstrap your proxies with. For more information, see Self-managed gateways (BYO).

GatewayParameters

GatewayParameters is a K8sGateway custom resource that specifies the configuration for the gateway proxies in your cluster.

When you install K8sGateway, a default GatewayParameters resource is automatically created for you. You can review its configuration by using the following command:

kubectl get gatewayparameters gloo-gateway -n gloo-system -o yaml  

To spin up new gateway proxies, the Gloo Gateway controller uses a gateway proxy template and the configuration in the default GatewayParameters and Settings resources. You can change the default configuration for your gateway proxies by updating the respective values in the Gloo Gateway Helm chart. You can also create additional GatewayParameters resources to spin up different types of gateway proxies.

ℹ️
Do not edit or change the default GatewayParameters resource directly. Always update the values in the Gloo Gateway Helm chart so that they persist between upgrades, or create your own GatewayParameters resource that holds your custom values. Note that you are responsible to maintain any GatewayParameters resources that you manually created.

For example, you might want to pair your gateway with a Network Load Balancer (NLB) instance in AWS. To properly pair and configure the gateway with an NLB, specific annotations on the gateway proxy are required. These annotations are not included in the default GatewayParameters resource. To add them, you can create a separate GatewayParameters resource where you add these annotations. For more customization options, see Customize the gateway.

Settings

Settings is a K8sGateway custom resource that is used to set global values for K8sGateway components, such as the gateway proxies or the K8sGateway control plane. The Settings resource is automatically created based on the values that you set in the K8sGateway Helm chart and enables or disables certain features in K8sGateway. For example, the Settings resource determines whether resource validation is enabled in your environment.

ℹ️
Do not edit or change the Settings resource directly. Always update the values in the K8sGateway Helm chart so that they persist between upgrades.

To view the default Settings resource, run the following command:

kubectl get settings default -n gloo-system -o yaml

When you follow the Get started guide, the following Settings resource is created for you. To understand each setting, check out the Settings custom resource documentation.

apiVersion: gloo.solo.io/v1
kind: Settings
metadata:
  annotations:
    meta.helm.sh/release-name: gloo-gateway
    meta.helm.sh/release-namespace: gloo-system
  generation: 1
  labels:
    app: gloo
    app.kubernetes.io/managed-by: Helm
    gloo: settings
  name: default
  namespace: gloo-system
spec:
  consoleOptions:
    apiExplorerEnabled: true
    readOnly: false
  discovery:
    fdsMode: WHITELIST
  discoveryNamespace: gloo-system
  extauth:
    extauthzServerRef:
      name: extauth
      namespace: gloo-system
    transportApiVersion: V3
    userIdHeader: x-user-id
  gateway:
    enableGatewayController: true
    isolateVirtualHostsBySslConfig: false
    readGatewaysFromAllNamespaces: false
    validation:
      allowWarnings: true
      alwaysAccept: true
      disableTransformationValidation: false
      proxyValidationServerAddr: gloo:9988
      serverEnabled: true
      validationServerGrpcMaxSizeBytes: 104857600
      warnRouteShortCircuiting: false
  gloo:
    disableKubernetesDestinations: false
    disableProxyGarbageCollection: false
    enableRestEds: false
    invalidConfigPolicy:
      invalidRouteResponseBody: K8sGateway has invalid configuration. Administrators
        should run `glooctl check` to find and fix config errors.
      invalidRouteResponseCode: 404
      replaceInvalidRoutes: false
    istioOptions:
      appendXForwardedHost: true
      enableAutoMtls: false
      enableIntegration: false
    proxyDebugBindAddr: 0.0.0.0:9966
    regexMaxProgramSize: 1024
    restXdsBindAddr: 0.0.0.0:9976
    xdsBindAddr: 0.0.0.0:9977
  graphqlOptions:
    schemaChangeValidationOptions:
      processingRules: []
      rejectBreakingChanges: false
  kubernetesArtifactSource: {}
  kubernetesConfigSource: {}
  kubernetesSecretSource: {}
  ratelimitServer:
    rateLimitBeforeAuth: false
    ratelimitServerRef:
      name: rate-limit
      namespace: gloo-system
  refreshRate: 60s
status:
  statuses: {}