13.6 : Gateway API – The Future of Kubernetes Networking

🎯 What It Is

Gateway API is a next-generation Kubernetes networking standard that replaces Ingress with more expressive, role-oriented, and extensible resources.

✅ Why?

Ingress is limited to HTTP/S and lacks standardization across controllers

Gateway API supports HTTP, TCP, UDP, TLS, and custom protocols

Designed for multi-team workflows (platform engineers vs app developers)

💡 Real-World Analogy

Like upgrading from a basic doorbell (Ingress) to a smart building access system (Gateway API):

Security team (platform) controls the main gate (Gateway)

Department managers (developers) request access rules (HTTPRoute)

Visitors get routed securely without touching the gate hardware

🧪 Example: Replace Ingress with Gateway API (HTTP Routing)

Step 1: Install Gateway API CRDs (One-Time)

kubectl get crd gateways.gateway.networking.k8s.io &>/dev/null || \\\\
  kubectl apply -f <https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/standard-install.yaml>

Step 2: Deploy a GatewayClass (Platform Team)

# gatewayclass.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
meta
  name: traefik-gc
spec:
  controllerName: traefik.io/gateway-controller

🔑 Note: Traefik v2.10+ supports Gateway API. For k3s, ensure you’re using a recent version.

Step 3: Create a Gateway (Platform Team)

# gateway.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
meta
  name: external-http
  namespace: default
spec:
  gatewayClassName: traefik-gc
  listeners:
  - name: http
    port: 80
    protocol: HTTP
    allowedRoutes:
      namespaces:
        from: All  # Or "Selector" for multi-tenant

Step 4: Create an HTTPRoute (App Team)

# httproute.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
meta
  name: web-route
  namespace: default
spec:
  parentRefs:
  - name: external-http  # ← Reference Gateway
  hostnames:
  - "web.example.com"
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: web
      port: 80

✅ Result: Same as Ingress — but cleaner separation of concerns and standardized.

✅ Summary: Gateway API vs Ingress

Feature	Ingress	Gateway API
Scope	HTTP/S only	HTTP, TCP, UDP, TLS, custom
Extensibility	Annotations (controller-specific)	First-class CRDs
Roles	One resource (developer)	`GatewayClass` (platform) + `HTTPRoute` (developer)
Standardization	Minimal spec, vendor-specific features	Kubernetes SIG-NETWORK standard
Multi-namespace	Hard	Built-in (`allowedRoutes.namespaces`)