Gateway API Reference¶
Introduction¶
Gateway
allows you to configure network traffic through AWS Gateway API Controller.
When a Gateway is defined with amazon-vpc-lattice
GatewayClass, the controller will watch for the gateway
and the resources under them, creating required resources under Amazon VPC Lattice.
Internally, a Gateway points to a VPC Lattice service network.
Service networks are identified by Gateway name (without namespace) - for example, a Gateway named my-gateway
will point to a VPC Lattice service network my-gateway
. If multiple Gateways share the same name, all of them
will point to the same service network.
VPC Lattice service networks must be managed separately, as it is a broader concept that can cover resources outside the Kubernetes cluster. To create and manage a service network, you can either:
- Specify
DEFAULT_SERVICE_NETWORK
configuration option on the controller. This will make the controller to create a service network with such name, and associate the cluster VPC to it for you. This is suitable for simple use cases with single service network. - Manage service networks outside the cluster, using AWS Console, CDK, CloudFormation, etc. This is recommended for more advanced use cases that cover multiple clusters and VPCs.
Gateways with amazon-vpc-lattice
GatewayClass do not create a single entrypoint to bind Listeners and Routes
under them. Instead, each Route will have its own domain name assigned. To see an example of how domain names
are assigned, please refer to our Getting Started Guide.
Supported GatewayClass¶
amazon-vpc-lattice
This is the default GatewayClass for managing traffic using Amazon VPC Lattice.
Limitations¶
- GatewayAddress status does not represent all accessible endpoints belong to a Gateway. Instead, you should check annotations of each Route.
- Only
Terminate
is supported for TLS mode. TLSRoute is currently not supported. - TLS certificate cannot be provided through
certificateRefs
field bySecret
resource. Instead, you can create an ACM certificate and put its ARN to theoptions
field.
Example Configuration¶
Here is a sample configuration that demonstrates how to set up a Gateway
:
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: my-hotel
spec:
gatewayClassName: amazon-vpc-lattice
listeners:
- name: http
protocol: HTTP
port: 80
- name: https
protocol: HTTPS
port: 443
tls:
mode: Terminate
certificateRefs:
- name: unused
options:
application-networking.k8s.aws/certificate-arn: <certificate-arn>
The created Gateway will point to a VPC Lattice service network named my-hotel
. Routes under this Gateway can have
either http
or https
listener as a parent based on their desired protocol to use.
This Gateway
documentation provides a detailed introduction, feature set, and a basic example of how to configure
and use the resource within AWS Gateway API Controller project. For in-depth details and specifications, you can refer to the
official Gateway API documentation.