Harry Tang

How to Setup k8s Gateway API with Istio

Istio Gateway API
Istio Gateway API

Introduction

Gateway API is an official Kubernetes project dedicated to Layer 4 and Layer 7 routing within Kubernetes environments. Istio's support for the Gateway API is now generally available with the release of version 1.22. You will learn how to configure and install the Kubernetes Gateway API with Istio by following this guide.

Prerequisites

  • A Kubernetes cluster v1.27+.
  • Helm v3.

Step-by-step Guide

  1. Create the gateway namespace and install the Gateway API CRDs:

    bash
    kubectl create ns gateway
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/standard-install.yaml

  2. Create the istio-system and configure the Helm repository:

    bash
    kubectl create ns istio-system
helm repo add istio https://istio-release.storage.googleapis.com/charts

  3. Install the Istio base chart, which is required before the Istio control plane can be deployed. It contains the cluster-wide Custom Resource Definitions (CRDs):

    bash
    helm install istio-base istio/base -n istio-system --set defaultRevision=default

  4. Install the Istio discovery chart to start the istiod service:

    bash
    helm install istiod istio/istiod -n istio-system --wait

  5. Verify that the istiod service has been installed correctly:

    bash
    kubectl get pods -n istio-system
NAME                     READY   STATUS    RESTARTS   AGE
istiod-d56968787-mf8tv   1/1     Running   0          2m49s

  6. Verify that the Istio's gateway class is also deployed:

    bash
    kubectl get gatewayclass -n gateway
NAME    CONTROLLER                    ACCEPTED   AGE
istio   istio.io/gateway-controller   True       6m10s

Deploy the Istio's book sample application

  1. Create the book namespace and enable Istio:

    bash
    kubectl create ns book
kubectl label namespace book istio-injection=enabled

  2. Apply the sample book application

    bash
    kubectl -n book apply -f https://raw.githubusercontent.com/istio/istio/release-1.22/samples/bookinfo/platform/kube/bookinfo.yaml

  3. Deploy the Kubernetes Gateway for the application:

    bash
    kubectl -n book apply -f https://raw.githubusercontent.com/istio/istio/release-1.22/samples/bookinfo/gateway-api/bookinfo-gateway.yaml

  4. Verify that the gateway is programmed:

    bash
    kubectl get gateway -n book
NAME               CLASS   ADDRESS                                         PROGRAMMED   AGE
bookinfo-gateway   istio   bookinfo-gateway-istio.book.svc.cluster.local   True         43s

  5. If the gateway is not programmed, usually not using cloud load balancer, try to use the NodePort instead:

    bash
    kubectl -n book annotate gateway bookinfo-gateway networking.istio.io/service-type=NodePort

Accessing the sample application

  1. Get the gateway service HTTP port, in my case it is 31663:

    bash
    kubectl -n book get service bookinfo-gateway-istio
NAME                     TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)                        AGE
bookinfo-gateway-istio   NodePort   10.152.183.161   <none>        15021:31876/TCP,80:31663/TCP   45m

  2. Make requests to the application via the node's IP, my case is 192.168.48.150:

    bash
    curl -I http://192.168.48.150:31663/productpage
HTTP/1.1 200 OK
server: istio-envoy
date: Tue, 23 Jul 2024 20:15:59 GMT
content-type: text/html; charset=utf-8
content-length: 5293
vary: Cookie
x-envoy-upstream-service-time: 32

If you have Kiali, you can see the Traffic Graph for the book application: Kiali Traffic Graph

Conclusion

Kubernetes Gateway is an advanced traffic routing API for Kubernetes that addresses numerous issues that Ingress is unable to resolve. Use it to set up various traffic management capabilities including load balancing, TLS passthrough, request header-based traffic routing, and more consistent, portable integration with external services.

If you found this useful, you can buy me a coffee! Thanks for the support!