Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-416

Gateway API using Istio for Cluster Ingress (Dev Preview)


    • False
    • False
    • OCPSTRAT-16OpenShift - Kubernetes and Core Platform
    • 8% To Do, 0% In Progress, 92% Done
    • 0
    • Program Call

      Feature Goal: Unify the management of cluster ingress with a common, open, expressive, and extensible API.

      Why is this Important? Gateway API is the evolution of upstream Kubernetes Ingress APIs. The upstream project is part of Kubernetes, working under SIG-NETWORK. OpenShift is contributing to the development, building a leadership position, and preparing OpenShift to support Gateway API, with Istio as our supported implementation.

      The plug-able nature of the implementation of Gateway API enables support for additional and optional 3rd-party Ingress technologies.

      Functional Requirements

      • Add support for Istio as a Gateway API implementation.
        • NE-1105 Management by an operator (possibly cluster-ingress-operator, OSSM operator, or a new operator)
        • Feature parity with OpenShift Router, where appropriate.
          • NE-1096    Provide a solution to support re-encrypt in Gateway API
          • NE-1097    Provide a solution to support passthrough in Gateway API
          • NE-1098    Research and select OSSM Istio image that provides enough features
        • Performance parity evaluation of Envoy and HAProxy.
        • NE-1102    Add oc command line support for Gateway API objects
        • NE-1103    Evaluate idling support for Gateway API
      • Avoid conflict with partner solutions (such as F5). 
        • Provide a solution that partners could integrate with (reduce dependencies on Istio by assuming plugins)
      • Avoid conflict with integrations (such as GKE) for hybrid cloud use cases.
      • NE-1106 Advanced routing capabilities currently unavailable in OCP.
        • More powerful path-based routing.
        • Header-based routing
        • Traffic mirroring
        • Traffic splitting (single and multi cluster)
        • Other features, based on time constraints
          • NE-1000 Understand Gateway API listener collapsing and how Istio Gateway implements
          • NE-1016 Investigate and document External DNS integration with Gateway API
          • Non-HTTP types of traffic (arbitrary TCP/UDP).
      • Add Gateway API support with OSSM service mesh.
        • Avoid conflict between Istio for ingress use-cases and Istio for mesh use-cases.
        • NE-1074 and NE-1095 Enable a unified control plane for ingress and mesh. 
        • NE-1035 Determine what OSSM release (based on what Istio release)...
      • Add Gateway API support for serverless.

      Non-Functional Requirements:

      • NE-1034 Installation
      • NE-1110 Documentation
      • Release technical enablement
      • OCP CI integration
      • Continued upstream development to mature Gateway API and Istio support for the same.

      Open Questions:

      • Integration with HAProxy?
      • Gateway is more than Ingress 2.0, how do we align with other platform components such as serverless and service mesh to ensure we're providing a complete solution?

      Documentation Considerations:

      • Explain the resource model
      • Explain roles and how they align to Gateway API resources
      • Explain the extension points and provide extension point examples.
      • Xref upstream docs.

            mcurry@redhat.com Marc Curry
            mmasters1@redhat.com Miciah Masters
            Candace Holman, Chris Fields, Grant Spence, Miciah Masters
            Hongan Li Hongan Li
            Ashley Hardin Ashley Hardin
            Ben Bennett Ben Bennett
            Chris Fields Chris Fields
            0 Vote for this issue
            17 Start watching this issue