Epic Goal

Support Gateway API for on-premise platforms.

Why is this important?

Without this epic, we cannot support Gateway API for on-premise platforms: BareMetal, VSphere, oVirt, KubeVirt, EquinixMetal, Nutanix, and None.

When Istio creates a proxy deployment for a gateway, Istio also creates a service with type: LoadBalancer. If nothing actually provisions a load balancer for that service, then Istio never reports the gateway as accepted, and clients outside the cluster have no endpoint through which they can connect to the proxy. In other words, Istio requires that the platform support service load-balancers.

It might be possible to address this issue using Metal LB, but a basic installation or CI cluster doesn't come with Metal LB installed.

Alternatively, we might be able to detect the platform and tell Istio to use a NodePort service for on-premise platforms. However, we need to do some R&D to find out whether that would suffice to cause Istio to accept the gateway and then document or automate whatever additional configuration is required.

This epic tracks the R&D to investigate these or other solutions as well as the implementation and testing for on-premise support.

Planning Done Checklist

The following items must be completed on the Epic prior to moving the Epic from Planning to ToDo status:

• Priority is set by engineering
• Epic must be Linked to a Parent Feature
• Target version must be set
• Assignee must be set
• Enhancement Proposal is Implementable
• No outstanding questions about major work breakdown
• Are all Stakeholders known? Have they all been notified about this item?
• Does this epic affect SD? Have they been notified? (View plan definition for current suggested assignee)
  1. Please use the “Discussion Needed: Service Delivery Architecture Overview” checkbox to facilitate the conversation with SD Architects. The SD architecture team monitors this checkbox which should then spur the conversation between SD and epic stakeholders. Once the conversation has occurred, uncheck the “Discussion Needed: Service Delivery Architecture Overview” checkbox and record the outcome of the discussion in the epic description here.
  2. The guidance here is that unless it is very clear that your epic doesn’t have any managed services impact, default to use the Discussion Needed checkbox to facilitate that conversation.

Additional information on each of the above items can be found here: Networking Definition of Planned

Acceptance Criteria

• Support for on-premise platforms must be gated behind a new feature gate and adhere to the standard feature gate promotion lifecycle.
• Any configuration that must be done manually (for example, configuring Metal LB or an external load-balancer) must be documented.
• Any specific requirements (for example, allowing BGP traffic for Metal LB) must be documented.
• CI - MUST be running successfully with tests automated
• Release Technical Enablement - Provide necessary release enablement
  details and documents.
• ...

Dependencies (internal and external)

1. Access to infrastructure for on-premise platform types.

Previous Work (Optional)

1. …

Open questions

1. Are we able to test Nutanix, or work with our partner to validate it?
2. Do we need support for EquinixMetal, KubeVirt, and oVirt?

Done Checklist

• CI - CI is running, tests are automated and merged.
• Release Enablement <link to Feature Enablement Presentation>
• DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
• DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
• DEV - Downstream build attached to advisory: <link to errata>
• QE - Test plans in Polarion: <link or reference to Polarion>
• QE - Automated tests merged: <link or reference to automated tests>
• DOC - Downstream documentation merged: <link to meaningful PR>