Overview

Gateway API is the next generation of the Ingress API in upstream Kubernetes.

OpenShift Service Mesh (OSSM) and several other offering of ours like Kuadrant, Microshift and OpenShift AI all have critical dependencies on Gateway API's API resources. However, even though Gateway API is an official Kubernetes project its API resources are not available in the core API (like Ingress) and instead require the installation of Custom Resource Definitions (CRDs).

OCP will be fully in charge of managing the life-cycle of the Gateway API CRDs going forward. This will make the Gateway API a "core-like" API on OCP. If the CRDs are already present on a cluster when it upgrades to the new version where they are managed, the cluster admin is responsible for the safety of existing Gateway API implementations. The Cluster Ingress Operator (CIO)  enacts a process called "CRD Management Succession" to ensure the transfer of control occurs safely, which includes multiple pre-upgrade checks and CIO startup checks.

Acceptance Criteria

• If not present the Gateway API CRDs should be deployed at the install-time of a cluster, and management thereafter handled by the platform
• Any existing CRDs not managed by the platform should be removed, or management and control transferred to the platform
• Only the platform can manage or make any changes to the Gateway API CRDs, others will be blocked
• Documentation about these APIs, and the process to upgrade to a version where they are being managed needs to be provided

Cross-Team Coordination

The organization as a whole needs to be made aware of this as new projects will continue to pop up with Gateway API support over the years. This includes (but is not limited to)

• OSSM Team (Istio)
• Connectivity Link Team (Kuadrant)
• MicroShift Team
• OpenShift AI Team (KServe)

Importantly our cluster infrastructure work with Cluster API (CAPI) is working through similar dilemmas for CAPI CRDs, and so we need to make sure to work directly with them as they've already broken a lot of ground here. Here are the relevant docs with the work they've done so far:

• lifecycling-cluster-api-crds-within-openshift - HackMD
• OCPCLOUD-2114 Investigate lifecycle of Cluster API APIs within OpenShift