{"id":48797,"date":"2025-03-19T06:51:48","date_gmt":"2025-03-19T06:51:48","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=48797"},"modified":"2026-02-21T07:26:56","modified_gmt":"2026-02-21T07:26:56","slug":"kubernetes-tutorials-kubernetes-gateway-api-complete-guide","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/kubernetes-tutorials-kubernetes-gateway-api-complete-guide\/","title":{"rendered":"Kubernetes Tutorials: Kubernetes Gateway API Complete Guide"},"content":{"rendered":"\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Yes, the <strong>Kubernetes Gateway API<\/strong> is intended to be an evolution and successor to the traditional <strong>Ingress API<\/strong> in Kubernetes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">First lets understand the differnce between ingress vs egress traffic<\/h2>\n<\/blockquote>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong>Ingress = something from outside coming in<\/strong><\/p>\n\n\n\n<p><strong>Egress = something from inside going out<\/strong><\/p>\n<\/blockquote>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"334\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-18-1024x334.png\" alt=\"\" class=\"wp-image-48799\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-18-1024x334.png 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-18-300x98.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-18-768x250.png 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-18-1536x500.png 1536w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-18-2048x667.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"531\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-19-1024x531.png\" alt=\"\" class=\"wp-image-48800\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-19-1024x531.png 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-19-300x155.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-19-768x398.png 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-19-1536x796.png 1536w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-19-2048x1062.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"553\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-20-1024x553.png\" alt=\"\" class=\"wp-image-48801\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-20-1024x553.png 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-20-300x162.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-20-768x415.png 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-20-1536x830.png 1536w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-20-2048x1107.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"532\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-21-1024x532.png\" alt=\"\" class=\"wp-image-48802\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-21-1024x532.png 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-21-300x156.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-21-768x399.png 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-21-1536x799.png 1536w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-21-2048x1065.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Now, Lets understand what are the ingress options we have in Kubernetes<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Kubernetes NodePort Service<\/li>\n\n\n\n<li>Kubernetes LoadBalancer Service<\/li>\n\n\n\n<li>Kubernetes Ingress Resource (Legacy)<\/li>\n\n\n\n<li>Kubernetes Gateway API (Modern)<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-1 is-cropped wp-block-gallery-1 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48805\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.30.47%E2%80%AFPM-1024x405.png\" alt=\"\" class=\"wp-image-48805\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48806\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.32.11%E2%80%AFPM-1024x408.png\" alt=\"\" class=\"wp-image-48806\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48807\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.32.44%E2%80%AFPM-1024x406.png\" alt=\"\" class=\"wp-image-48807\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48809\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.33.08%E2%80%AFPM-1024x392.png\" alt=\"\" class=\"wp-image-48809\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48808\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.33.37%E2%80%AFPM-1024x395.png\" alt=\"\" class=\"wp-image-48808\"><\/figure>\n<\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"579\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-22-1024x579.png\" alt=\"\" class=\"wp-image-48810\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-22-1024x579.png 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-22-300x169.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-22-768x434.png 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-22-1536x868.png 1536w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/image-22-2048x1157.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"908\" height=\"720\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/1714847359031.gif\" alt=\"\" class=\"wp-image-48811\"><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Now,  Lets understand How Kubernetes Ingress resources works?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\udde9 Components of Kubernetes Ingress<\/h3>\n\n\n\n<p>There are primarily <strong>three main components<\/strong> that make up a functional Kubernetes Ingress setup:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Ingress Resource<\/strong> (Kubernetes Object)<\/li>\n\n\n\n<li><strong>Ingress Controller<\/strong><\/li>\n\n\n\n<li><strong>Load Balancer (Optional, based on infrastructure)<\/strong><\/li>\n<\/ol>\n\n\n\n<p>Let&#8217;s understand each clearly:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd39 1. <strong>Ingress Resource<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>It&#8217;s a Kubernetes <strong>API object<\/strong> (<code>Ingress<\/code>) defined in YAML.<\/li>\n\n\n\n<li>Defines how external HTTP\/HTTPS traffic is routed to Kubernetes services based on rules like <strong>host<\/strong> and <strong>path<\/strong>.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd39 2. <strong>Ingress Controller<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Ingress Controller<\/strong> is a specialized controller pod running inside Kubernetes.<\/li>\n\n\n\n<li>Continuously monitors Kubernetes Ingress objects and updates its internal configuration based on these definitions.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Examples of popular Ingress Controllers:<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>NGINX Ingress Controller<\/strong> <em>(most common)<\/em><\/li>\n\n\n\n<li><strong>Traefik<\/strong><\/li>\n\n\n\n<li><strong>AWS Load Balancer Controller (ALB)<\/strong><\/li>\n\n\n\n<li><strong>HAProxy Ingress<\/strong><\/li>\n\n\n\n<li><strong>Contour (Envoy-based)<\/strong>, etc.<\/li>\n\n\n\n<li><strong>Ingress Controllers<\/strong> do:\n<ul class=\"wp-block-list\">\n<li>Watch Kubernetes API for changes in Ingress resources.<\/li>\n\n\n\n<li>Dynamically update configurations (e.g., NGINX config, Traefik config, Envoy proxy settings).<\/li>\n\n\n\n<li>Perform L7 routing (based on hosts\/paths), SSL termination, and load balancing.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd39 3. <strong>Load Balancer (Optional Component)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>External load balancer<\/strong> (like AWS ELB, ALB, GCP LB, Azure LB, or MetalLB) provides a single entry point (external IP) to your Ingress Controller pods.<\/li>\n\n\n\n<li>If you&#8217;re on a cloud-managed Kubernetes service (e.g., EKS), this load balancer is typically automatically created by setting the ingress controller\u2019s service type to <code>LoadBalancer<\/code>.<\/li>\n\n\n\n<li>It distributes incoming external traffic across multiple Ingress Controller pods, ensuring <strong>high availability<\/strong> and <strong>scalability<\/strong>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd39 4. <strong>Ingress Controller Pod (Deployed as Deployment or DaemonSet)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>This component runs inside Kubernetes as pods (part of Deployment or DaemonSet).<\/li>\n\n\n\n<li>Continuously updates load-balancing rules as per changes in Ingress resources.<\/li>\n\n\n\n<li>Manages configurations for the underlying proxy (NGINX, Traefik, Envoy, HAProxy, etc.)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd39 <strong>How the Components Work Together:<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>External Traffic<br>      |<br>Load Balancer (e.g., AWS ELB\/ALB, NGINX)<br>      |<br>Ingress Controller Pods (e.g., NGINX or Traefik)<br>      |<br>Ingress Resource YAML rules (Routing Rules)<br>      |<br>Kubernetes Service<br>      |<br>Application Pods<br><\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>External traffic hits a Load Balancer.<\/li>\n\n\n\n<li>The load balancer forwards traffic to your <strong>Ingress Controller pods<\/strong>.<\/li>\n\n\n\n<li>The Ingress Controller checks the Ingress Resource rules from Kubernetes API.<\/li>\n\n\n\n<li>It routes requests to the correct Kubernetes <strong>Services<\/strong> and ultimately to <strong>Pods<\/strong>.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-1 is-cropped wp-block-gallery-2 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"838\" height=\"1024\" data-id=\"48814\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/ingress-1-838x1024.png\" alt=\"\" class=\"wp-image-48814\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/ingress-1-838x1024.png 838w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/ingress-1-245x300.png 245w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/ingress-1-768x939.png 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/ingress-1.png 1027w\" sizes=\"auto, (max-width: 838px) 100vw, 838px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"731\" data-id=\"48815\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/ingress-2.gif\" alt=\"\" class=\"wp-image-48815\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"536\" data-id=\"48816\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/ingress-3-1024x536.png\" alt=\"\" class=\"wp-image-48816\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/ingress-3-1024x536.png 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/ingress-3-300x157.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/ingress-3-768x402.png 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/ingress-3-1536x804.png 1536w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/ingress-3.png 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"836\" data-id=\"48813\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/ingress-5-1024x836.png\" alt=\"\" class=\"wp-image-48813\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/ingress-5-1024x836.png 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/ingress-5-300x245.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/ingress-5-768x627.png 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/ingress-5-1536x1254.png 1536w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/ingress-5.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48817\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-4.35.12%E2%80%AFPM-1024x540.png\" alt=\"\" class=\"wp-image-48817\"><\/figure>\n<\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Now, Lets understand Kubernetes Gateway API <\/h2>\n\n\n\n<p>Here&#8217;s a clear, precise, and practical overview of:<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">\ud83c\udf00 <strong>What is Kubernetes Gateway API?<\/strong><\/h2>\n\n\n\n<p>The <strong>Kubernetes Gateway API<\/strong> is a modern, standardized set of Kubernetes resources designed to route and manage network traffic into, out of, and within Kubernetes clusters.<\/p>\n\n\n\n<p><strong>It\u2019s a successor and evolution to the traditional Kubernetes Ingress Resource<\/strong>, created to solve limitations of the legacy Ingress and support advanced use cases in a standardized, extensible, and portable manner.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">\ud83c\udfaf <strong>Why was Gateway API Created?<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Traditional Ingress had limitations:\n<ul class=\"wp-block-list\">\n<li><strong>HTTP\/HTTPS only<\/strong>, limited multi-protocol support.<\/li>\n\n\n\n<li>Complexity with vendor-specific annotations.<\/li>\n\n\n\n<li>Lack of advanced routing and traffic management features.<\/li>\n\n\n\n<li>Poor support for multi-team and multi-tenant scenarios.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>The Gateway API addresses these gaps by introducing a <strong>cleaner<\/strong>, <strong>standardized<\/strong>, and more <strong>flexible<\/strong> set of APIs.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udccc <strong>Key Components of Gateway API<\/strong><\/h2>\n\n\n\n<p>Gateway API introduces several new Kubernetes objects:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>GatewayClass<\/strong><\/li>\n\n\n\n<li><strong>Gateway<\/strong><\/li>\n\n\n\n<li><strong>HTTPRoute, TCPRoute, UDPRoute<\/strong> <em>(and other route types)<\/em><\/li>\n\n\n\n<li><strong>ReferenceGrant<\/strong> <em>(security-related resource)<\/em><\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\">\n\n\n\n<h3 class=\"wp-block-heading\">1. \ud83d\udea9 <strong>GatewayClass<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Defines a type of load balancer or gateway, managed by a specific controller.<\/li>\n\n\n\n<li>Similar conceptually to StorageClass for persistent storage.<\/li>\n<\/ul>\n\n\n<pre class=\"wp-block-code\"><span><code class=\"hljs\">apiVersion: gateway.networking.k8s.io\/v1\nkind: GatewayClass\nmetadata:\n  name: aws-alb\nspec:\n  controller: ingress.k8s.aws\/alb\n<\/code><\/span><\/pre>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\">\n\n\n\n<h3 class=\"wp-block-heading\">2. \ud83d\udeaa <strong>Gateway<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Represents the actual load balancer instance or network gateway itself.<\/li>\n\n\n\n<li>Defines listeners (protocols, ports), certificates, and overall traffic entry points.<\/li>\n<\/ul>\n\n\n<pre class=\"wp-block-code\"><span><code class=\"hljs\">apiVersion: gateway.networking.k8s.io\/v1\nkind: Gateway\nmetadata:\n  name: main-gateway\nspec:\n  gatewayClassName: aws-alb\n  listeners:\n  - protocol: HTTPS\n    port: 443\n    name: https\n    tls:\n      mode: Terminate\n      certificateRefs:\n      - name: example-com-cert\n<\/code><\/span><\/pre>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\">\n\n\n\n<h3 class=\"wp-block-heading\">3. \ud83d\udd17 <strong>HTTPRoute (TCPRoute, UDPRoute, etc.)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Defines detailed routing rules based on hostnames, paths, headers, etc.<\/li>\n\n\n\n<li>Routes attach to Gateways.<\/li>\n<\/ul>\n\n\n\n<p><strong>Example HTTPRoute<\/strong>:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-3\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">apiVersion: gateway.networking.k8s.io\/v1\n<span class=\"hljs-attr\">kind<\/span>: HTTPRoute\n<span class=\"hljs-attr\">metadata<\/span>:\n  name: my-app-route\n<span class=\"hljs-attr\">spec<\/span>:\n  parentRefs:\n  - name: main-gateway\n  <span class=\"hljs-attr\">rules<\/span>:\n  - matches:\n    - path:\n        type: PathPrefix\n        <span class=\"hljs-attr\">value<\/span>: <span class=\"hljs-string\">\"\/api\"<\/span>\n    <span class=\"hljs-attr\">backendRefs<\/span>:\n    - name: api-service\n      <span class=\"hljs-attr\">port<\/span>: <span class=\"hljs-number\">80<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-3\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\">\n\n\n\n<h3 class=\"wp-block-heading\">4. \ud83d\udd12 <strong>ReferenceGrant<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Manages security by explicitly allowing namespaces to reference resources across namespace boundaries.<\/li>\n\n\n\n<li>Prevents unauthorized cross-namespace configurations.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udcd0 <strong>High-Level Architecture of Gateway API<\/strong><\/h2>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-4\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">External Traffic\n      |\n Gateway (Load Balancer\/<span class=\"hljs-built_in\">Proxy<\/span>)\n      |\n HTTPRoute\/TCPRoute Rules\n      |\n Kubernetes Service\n      |\n Application Pods\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-4\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Gateway<\/strong>: Entry point for network traffic, defined through a GatewayClass.<\/li>\n\n\n\n<li><strong>Route Resources<\/strong>: Define how traffic flows to internal services.<\/li>\n\n\n\n<li><strong>GatewayClass<\/strong>: Connects Gateways to Controllers (Istio, AWS ALB, Contour, etc.).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udee0\ufe0f <strong>Key Benefits of Kubernetes Gateway API<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u2705 <strong>Standardized &amp; Vendor-Neutral<\/strong>\n<ul class=\"wp-block-list\">\n<li>Works consistently across multiple Kubernetes providers (AWS, GKE, Azure).<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>\u2705 <strong>Advanced Traffic Management<\/strong>\n<ul class=\"wp-block-list\">\n<li>Multi-protocol support (HTTP, HTTPS, TCP, UDP).<\/li>\n\n\n\n<li>Rich routing capabilities: header-based, weighted, and path-based routing.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>\u2705 <strong>Role-based Access Control (RBAC)<\/strong>\n<ul class=\"wp-block-list\">\n<li>Separate Gateway and Route resources allowing multiple teams to securely manage traffic.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>\u2705 <strong>Multi-tenant Friendly<\/strong>\n<ul class=\"wp-block-list\">\n<li>Clear separation between infrastructure operators (Gateways) and application developers (Routes).<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>\u2705 <strong>Extensible &amp; Portable<\/strong>\n<ul class=\"wp-block-list\">\n<li>Clear APIs enable easy extension and interoperability across environments.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\ude80 <strong>Controllers Supporting Gateway API:<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>AWS Gateway API Controller (ALB integration)<\/strong><\/li>\n\n\n\n<li><strong>Istio Gateway<\/strong><\/li>\n\n\n\n<li><strong>Traefik Gateway API Controller<\/strong><\/li>\n\n\n\n<li><strong>Contour (Envoy-based)<\/strong><\/li>\n\n\n\n<li><strong>Ambassador Edge Stack<\/strong><\/li>\n\n\n\n<li><strong>GKE Gateway Controller<\/strong> <em>(Google Kubernetes Engine)<\/em><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udd04 <strong>Ingress vs. Gateway API (Summary)<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Feature<\/th><th>Ingress Resource (Legacy)<\/th><th>Gateway API (Modern)<\/th><\/tr><\/thead><tbody><tr><td>Routing<\/td><td>HTTP\/HTTPS only<\/td><td>HTTP, HTTPS, TCP, UDP, gRPC, etc.<\/td><\/tr><tr><td>Multi-protocol Support<\/td><td>Limited<\/td><td>Extensive<\/td><\/tr><tr><td>Advanced Routing Rules<\/td><td>Limited (annotations required)<\/td><td>Rich, explicit API<\/td><\/tr><tr><td>Role Separation &amp; Security<\/td><td>Limited<\/td><td>Explicit (Gateway &amp; Routes)<\/td><\/tr><tr><td>Vendor neutrality<\/td><td>Poor (annotations)<\/td><td>Strong (standardized APIs)<\/td><\/tr><tr><td>Extensibility<\/td><td>Limited<\/td><td>High (designed to be extensible)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">\u2705 <strong>When Should You Use Gateway API?<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You&#8217;re running modern, production-level Kubernetes environments.<\/li>\n\n\n\n<li>You require advanced routing, security, observability, and multi-protocol support.<\/li>\n\n\n\n<li>You want clear role separation (RBAC) between infrastructure teams and developers.<\/li>\n\n\n\n<li>You&#8217;re looking for a standardized approach compatible with multiple Kubernetes providers.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">\ud83c\udfaf <strong>Quick Practical Example (Complete)<\/strong>:<\/h2>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-5\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-comment\"># GatewayClass<\/span>\napiVersion: gateway.networking.k8s.io\/v1\nkind: GatewayClass\nmetadata:\n  name: external-lb\nspec:\n  controller: example.io\/gateway-controller\n\n---\n<span class=\"hljs-comment\"># Gateway<\/span>\napiVersion: gateway.networking.k8s.io\/v1\nkind: Gateway\nmetadata:\n  name: my-gateway\nspec:\n  gatewayClassName: external-lb\n  listeners:\n  - protocol: HTTPS\n    port: <span class=\"hljs-number\">443<\/span>\n    name: https\n    tls:\n      mode: Terminate\n      certificateRefs:\n      - name: example-cert\n\n---\n<span class=\"hljs-comment\"># HTTPRoute<\/span>\napiVersion: gateway.networking.k8s.io\/v1\nkind: HTTPRoute\nmetadata:\n  name: frontend-route\nspec:\n  parentRefs:\n  - name: my-gateway\n  hostnames:\n  - <span class=\"hljs-string\">\"example.com\"<\/span>\n  rules:\n  - matches:\n    - path:\n        type: PathPrefix\n        value: <span class=\"hljs-string\">\"\/\"<\/span>\n    backendRefs:\n    - name: frontend-service\n      port: <span class=\"hljs-number\">80<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-5\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>This simple example clearly demonstrates how Gateway API is structured and how components interact.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udcdd <strong>Summary (One-line):<\/strong><\/h2>\n\n\n\n<p><strong>Gateway API<\/strong> is the modern Kubernetes standard for flexible, secure, and advanced multi-protocol traffic routing and management in Kubernetes.<\/p>\n\n\n\n<p>That&#8217;s the Kubernetes Gateway API explained practically, clearly, and comprehensively!<\/p>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-6 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48820\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.49.34%E2%80%AFPM-1024x558.png\" alt=\"\" class=\"wp-image-48820\"><\/figure>\n<\/figure>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-1 is-cropped wp-block-gallery-7 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48826\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.33.37%E2%80%AFPM-1-1024x395.png\" alt=\"\" class=\"wp-image-48826\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48821\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.36.54%E2%80%AFPM-1024x446.png\" alt=\"\" class=\"wp-image-48821\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48822\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.37.09%E2%80%AFPM-900x1024.png\" alt=\"\" class=\"wp-image-48822\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48824\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.40.55%E2%80%AFPM-1024x327.png\" alt=\"\" class=\"wp-image-48824\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48825\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.41.34%E2%80%AFPM-1024x456.png\" alt=\"\" class=\"wp-image-48825\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48823\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.41.46%E2%80%AFPM-1024x414.png\" alt=\"\" class=\"wp-image-48823\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48827\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.42.03%E2%80%AFPM-872x1024.png\" alt=\"\" class=\"wp-image-48827\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48828\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.42.50%E2%80%AFPM-1024x255.png\" alt=\"\" class=\"wp-image-48828\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48829\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.43.05%E2%80%AFPM-1024x403.png\" alt=\"\" class=\"wp-image-48829\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48830\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.43.30%E2%80%AFPM-919x1024.png\" alt=\"\" class=\"wp-image-48830\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48831\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.44.19%E2%80%AFPM-1024x317.png\" alt=\"\" class=\"wp-image-48831\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48832\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.44.50%E2%80%AFPM-1024x462.png\" alt=\"\" class=\"wp-image-48832\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48833\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.45.40%E2%80%AFPM-852x1024.png\" alt=\"\" class=\"wp-image-48833\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48834\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.46.23%E2%80%AFPM-1024x346.png\" alt=\"\" class=\"wp-image-48834\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48835\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.46.47%E2%80%AFPM-1024x944.png\" alt=\"\" class=\"wp-image-48835\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48836\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.47.58%E2%80%AFPM-1024x397.png\" alt=\"\" class=\"wp-image-48836\"><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"48837\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2025\/03\/Screenshot-2025-03-19-at-3.48.40%E2%80%AFPM-848x1024.png\" alt=\"\" class=\"wp-image-48837\"><\/figure>\n<\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Yes, the Kubernetes Gateway API is intended to be an evolution and successor to the traditional Ingress API in Kubernetes. First lets understand the differnce between ingress vs egress traffic Ingress = something from outside coming in Egress = something from inside going out Now, Lets understand what are the ingress options we have in&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-48797","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/48797","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=48797"}],"version-history":[{"count":6,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/48797\/revisions"}],"predecessor-version":[{"id":58926,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/48797\/revisions\/58926"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=48797"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=48797"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=48797"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}