How to Setup k8s Gateway API with Istio

Istio Gateway API
Istio Gateway API

Introduction

Gateway API is an official Kubernetes project dedicated to Layer 4 and Layer 7 routing within Kubernetes environments. Istio's support for the Gateway API is now generally available with the release of version 1.22. You will learn how to configure and install the Kubernetes Gateway API with Istio by following this guide.

Prerequisites

  • A Kubernetes cluster v1.27+.
  • Helm v3.

Step-by-step Guide

  1. Create the gateway namespace and install the Gateway API CRDs:

    kubectl create ns gateway
    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/standard-install.yaml    
    
  2. Create the istio-system and configure the Helm repository:

    kubectl create ns istio-system
    helm repo add istio https://istio-release.storage.googleapis.com/charts
    
  3. Install the Istio base chart, which is required before the Istio control plane can be deployed. It contains the cluster-wide Custom Resource Definitions (CRDs):

    helm install istio-base istio/base -n istio-system --set defaultRevision=default
    
  4. Install the Istio discovery chart to start the istiod service:

    helm install istiod istio/istiod -n istio-system --wait
    
  5. Verify that the istiod service has been installed correctly:

    kubectl get pods -n istio-system
    NAME                     READY   STATUS    RESTARTS   AGE
    istiod-d56968787-mf8tv   1/1     Running   0          2m49s
    
  6. Verify that the Istio's gateway class is also deployed:

    kubectl get gatewayclass -n gateway
    NAME    CONTROLLER                    ACCEPTED   AGE
    istio   istio.io/gateway-controller   True       6m10s
    

Deploy the Istio's book sample application

  1. Create the book namespace and enable Istio:

    kubectl create ns book
    kubectl label namespace book istio-injection=enabled
    
  2. Apply the sample book application

    kubectl -n book apply -f https://raw.githubusercontent.com/istio/istio/release-1.22/samples/bookinfo/platform/kube/bookinfo.yaml
    
  3. Deploy the Kubernetes Gateway for the application:

    kubectl -n book apply -f https://raw.githubusercontent.com/istio/istio/release-1.22/samples/bookinfo/gateway-api/bookinfo-gateway.yaml
    
  4. Verify that the gateway is programmed:

    kubectl get gateway -n book
    NAME               CLASS   ADDRESS                                         PROGRAMMED   AGE
    bookinfo-gateway   istio   bookinfo-gateway-istio.book.svc.cluster.local   True         43s
    
  5. If the gateway is not programmed, usually not using cloud load balancer, try to use the NodePort instead:

    kubectl -n book annotate gateway bookinfo-gateway networking.istio.io/service-type=NodePort
    

Accessing the sample application

  1. Get the gateway service HTTP port, in my case it is 31663:

    kubectl -n book get service bookinfo-gateway-istio
    NAME                     TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)                        AGE
    bookinfo-gateway-istio   NodePort   10.152.183.161   <none>        15021:31876/TCP,80:31663/TCP   45m
    
  2. Make requests to the application via the node's IP, my case is 192.168.48.150:

    curl -I http://192.168.48.150:31663/productpage
    HTTP/1.1 200 OK
    server: istio-envoy
    date: Tue, 23 Jul 2024 20:15:59 GMT
    content-type: text/html; charset=utf-8
    content-length: 5293
    vary: Cookie
    x-envoy-upstream-service-time: 32
    

If you have Kiali, you can see the Traffic Graph for the book application: Kiali Traffic Graph

Conclusion

Kubernetes Gateway is an advanced traffic routing API for Kubernetes that addresses numerous issues that Ingress is unable to resolve. Use it to set up various traffic management capabilities including load balancing, TLS passthrough, request header-based traffic routing, and more consistent, portable integration with external services.

Comments