Repository for the next iteration of composite service (e.g. Ingress) and load balancing APIs.
APACHE-2.0 License
Bot releases are hidden (Show)
Published by robscott over 2 years ago
API version: v1alpha2
This release includes improvements to our webhook, including:
Published by robscott almost 3 years ago
API version: v1alpha2
This release contains minor bug fixes for v1alpha2.
Bug Fixes
Published by robscott about 3 years ago
API version: v1alpha2
This release contains significant breaking changes as we strive for a concise API. We anticipate that this API will be very similar to a future v1beta1 release.
The following changes have been made since v0.3.0:
The Gateway API APIGroup has moved from networking.x-k8s.io
to gateway.networking.k8s.io
. This means that, as far as the apiserver is concerned, this version is wholly distinct from v1alpha1, and automatic conversion is not possible. As part of this process, Gateway API is now subject to Kubernetes API review, the same as changes made to core API resources. More details in #780 and #716.
Gateway-Route binding changes (GEP-724): In v1alpha1, Gateways chose which Routes were attached using a combination of object and namespace selectors, with the option of also specifying object names. This resulted in a very complex config, that's easy to misinterpret. As part of v1alpha2, we're changing to:
We believe this is quite a bit easier to understand, and still gives good flexibility for most use cases. GEP added in #725. Implemented in #754. Further documentation was added in #762.
Safer cross-namespace references (GEP-709): This concerns (currently), references from Routes to Backends, and Gateways to Secrets. The new behavior is:
The intent here is that the owner of the referent namespace must explicitly accept incoming references, otherwise we can run into all sorts of bad things from breaking the namespace security model. Implemented in #741.
Attaching Policy to objects (GEP-713): This has been added so that we have an extensible mechanism for adding a cascading set of policy to Gateway API objects.
What policy? Well, it's kind of up to the implementations, but the best example to begin with is timeout policy.
Timeout policy for HTTP connections is highly dependent on how the underlying implementation handles policy - it's very difficult to extract commonalities.
This is intended to allow things like:
This one is a bit complex, but will allow implementations to solve some things that currently require tools like admission control. Implemented in #736.
As part of GEP-713, BackendPolicy
has been removed, as its functionality is now better handled using that mechanism. #732.
Removal of certificate references from HTTPRoutes (GEP-746): In v1alpha1, HTTPRoute objects have a stanza that allows referencing a TLS keypair, intended to allow people to have a more self-service model, where an app owner can provision a TLS keypair inside their own namespace, attach it to a HTTPRoute they control, and then have that used to secure their app. When implementing this, however, there are a large number of edge cases that are complex, hard to handle, and poorly defined - about checking SNI, hostname, and overrides, that made even writing a spec on how to implement this very difficult, let alone actually implementing it.
In removing certificate references from HTTPRoute, we're using the ReferencePolicy from GEP-709 to allow Gateways to securely create a cross-namespace reference to TLS keypairs in app namespaces. We're hopeful that this will hit most of the self-service use case, and even if not, provide a basis to build from to meet it eventually. GEP added in #749. Implemented in #768.
GEP-851, was a follow up on this change that allowed multiple Certificate Refs per Gateway Listener. This was implemented in #852.
The RouteForwardTo
(YAML: routeForwardTo
) struct/stanza has been reworked into the BackendRef
(YAML: backendRef
) struct/stanza, GEP-718. As part of this change, the ServiceName
(YAML: serviceName
) field has been removed, and Service references must instead now use the BackendRef
/backendRef
struct/stanza.
Extension points within match blocks from all Routes have been removed #829. Implements GEP-820. These extension points have been removed because they are currently not used, are poorly understood, and we don't have good use cases for them. We may consider re-adding them in the future.
Controller is now a required field in Gateway references from Route status. #671.
Header Matching, Query Param Matching, and HTTPRequestHeaderFilter now use named subobjects instead of maps. #657 and #681
#796 API Review suggestions:
NoSuchGatewayClass
has been removed after it was deprecated in v1alpha1*
is no longer a valid hostname. Instead, leaving hostname unspecified is interpreted as *
.The scope
field has been removed from all object references. #882
"Controller" has been renamed to "ControllerName" #839
"Admitted" condition has been renamed to "Accepted" and now defaults to an "Unknown" state instead of "False". #839
HTTPRequestRedirectFilter's Protocol field has been renamed to Scheme. #863
ImplementationSpecific match types in HTTPRoute's path, query, and header matches have been removed. #850
The "Prefix" path match type has been renamed "PathPrefix". #898
HTTP Method matching is now added into HTTPRoute, with Extended support: #733.
GatewayClass now has a 'Description' field that is printed as a column in kubectl get
output. You can now end up with output that looks like this:
$> kubectl get gatewayclass
NAME CONTROLLER DESCRIPTION
internal gateway-controller-internal For non-internet-facing Gateways.
external gateway-controller-external For internet-facing Gateways.
MirrorFilter.BackendRef
a required field when the mirror filter is used #837.Published by robscott about 3 years ago
API version: v1alpha2
The group expects that this release candidate has no changes before we release v1alpha2 final, but are cutting here to allow implementations a chance to check before we go to the final release.
In general, most of the changes below have been made to reduce the complexity of the API for v1alpha2, on the assumption that we can add functionality in later in the API's lifecycle, but cannot remove it.
The following changes have been made since v1alpha2-rc1:
CertificateRef
field with CertificateRefs
in GatewayTLSConfig
. #852. This implements GEP-851, Allow Multiple Certificate Refs per Gateway Listener.MirrorFilter.BackendRef
a required field when the mirror filter is used #837.scope
field has been removed from all object references.Published by youngnick about 3 years ago
API version: v1alpha2
The working group expects that this release candidate is quite close to the final v1alpha2 API. However, breaking API changes are still possible.
This release candidate is suitable for implementors, but the working group does not recommend shipping products based on a release candidate API due to the possibility of incompatible changes prior to the final release.
The Gateway API APIGroup has moved from networking.x-k8s.io
to gateway.networking.k8s.io
. This means that, as far as the apiserver is concerned, this version is wholly distinct from v1alpha1, and automatic conversion is not possible. As part of this process, Gateway API is now subject to Kubernetes API review, the same as changes made to core API resources. More details in #780 and #716.
Gateway-Route binding changes: GEP-724. Currently, Gateways choose which Routes are attached using a combination of object and namespace selectors, with the option of also specifying object names. This has made a very complex config, that's easy to misinterpret. As part of v1alpha2, we're changing to:
We believe this is quite a bit easier to understand, and still gives good flexibility for most use cases.
GEP added in #725.
Implemented in #754.
Further documentation was added in #762.
Safer cross-namespace references: (GEP-709): This concerns (currently), references from Routes to Backends, and Gateways to Secrets. The new behavior is:
The intent here is that the owner of the referent namespace must explicitly accept incoming references, otherwise we can run into all sorts of bad things from breaking the namespace security model.
Implemented in #741.
Attaching Policy to objects: GEP-713: This has been addedso that we have an extensible mechanism for adding a cascading set of policy to Gateway API objects.
What policy? Well, it's kind of up to the implementations, but the best example to begin with is timeout policy.
Timeout policy for HTTP connections is highly dependent on how the underlying implementation handles policy - it's very difficult to extract commonalities.
This is intended to allow things like:
This one is a bit complex, but will allow implementations to solve some things that currently require tools like admission control.
Implemented in #736.
As part of GEP-713, BackendPolicy
has been removed, as its functionality is now better handled using that mechanism. #732.
Removal of certificate references from HTTPRoutes: GEP-746: In v1alpha1, HTTPRoute objects have a stanza that allows referencing a TLS keypair, intended to allow people to have a more self-service model, where an app owner can provision a TLS keypair inside their own namespace, attach it to a HTTPRoute they control, and then have that used to secure their app. When implementing this, however, there are a large number of edge cases that are complex, hard to handle, and poorly defined - about checking SNI, hostname, and overrides, that made even writing a spec on how to implement this very difficult, let alone actually implementing it.
In removing certificate references from HTTPRoute, we're using the ReferencePolicy from GEP-709 to allow Gateways to securely create a cross-namespace reference to TLS keypairs in app namespaces. We're hopeful that this will hit most of the self-service use case, and even if not, provide a basis to build from to meet it eventually.
The RouteForwardTo
(YAML: routeForwardTo
) struct/stanza has been reworked into the BackendRef
(YAML: backendRef
) struct/stanza,
GEP-718. As part of this change, the ServiceName
(YAML: serviceName
) field has been removed, and Service references must instead now use the BackendRef
/backendRef
struct/stanza.
HTTP Method matching is now added into HTTPRoute, with Extended support: #733.
GatewayClass now has a 'Description' field that is printed as a column in kubectl get
output. You can now end up with output that looks like this:
$> kubectl get gatewayclass
NAME CONTROLLER DESCRIPTION
internal gateway-controller-internal For non-internet-facing Gateways.
external gateway-controller-external For internet-facing Gateways.
#671: Controller is now a required field in Gateway references from Route status. Fixes #669.
#657: and #681 Header Matching, Query Param Matching, and HTTPRequestHeaderFilter now use named subobjects instead of maps.
#796 API Review suggestions:
NoSuchGatewayClass
has been removed after it was deprecated in v1alpha1*
is no longer a valid hostname. Instead, leaving hostname unspecified is interpreted as *
.Published by robscott over 3 years ago
NoSuchGatewayClass
status reason has been deprecated. (#635).spec.rules.matches.path
now has a default prefix
match on the /
path. (#584)kubectl get
output. (#592)Published by hbagdi over 3 years ago
This release brings in minor enhancements, a few bug fixes and tons of documentation updates.
API Version: v1alpha1
Service APIs has been renamed to Gateway API.
#536.
Admitted:false
InvalidParameters:Unknown
.GatewayClass.spec.parametersRef
now has an optional namespace
field tospec.listeners[].tls.mode
now defaults to Terminate
.hostname
in a listener matches all request.set
property has been introduced for HTTPRequestHeader
Filter. Headersset
are overriden instead of added.forwardTo
has been increased from 4
to 16
for allThere are minor improvements to docs all around.
New guides, clarifications and various typos have been fixed.
Published by robscott almost 4 years ago
This is the v1alpha1 release of Service APIs. We may still make tiny incremental updates to this API. Any breaking changes will be reserved for a potential v1alpha2 release.
gc
short name.Admitted
, with InvalidParameters
as a sample reason for it to be false.gtw
short name.DroppedRoutes
condition has been renamed to DegradedRoutes
.ListenerStatus
now includes Protocol
and Hostname
to uniquely link the status to each listener.bp
short name.networking.x-k8s.io/app-protocol
annotation can be used to specify AppProtocol on Services when the AppProtocol field is unavailable.Published by robscott almost 4 years ago
This is our second v1alpha1 release candidate. The working group expects that this release candidate is quite close to the final v1alpha API and does not plan to make major API changes. However, minor (possibly breaking) API changes such as renaming fields are still possible.
This release candidate is suitable for implementors, but the working group does not recommend shipping products based on a release candidate API due to the possibility of incompatible changes prior to the final release.
gateway-exists-finalizer.networking.x-k8s.io
allowedGatewayNamespaces
has been removed from GatewayClass in favor oflisteners.routes
have been renamed:
routes.routeSelector
-> routes.selector
routes.routeNamespaces
-> routes.namespaces
clientCertificateRef
has been removed from BackendPolicy.routes.namespaces
now defaults to {from: "Same"}
.hostname
now closely matches Route hostname matching with wildcardUnsupportedAddress
condition has been added to Listeners to indicateModifyRequestHeader
-> RequestHeaderModifier
MirrorRequest
-> RequestMirror
Custom
-> ExtensionRef
Published by robscott about 4 years ago
This is our initial v1alpha1 release candidate. The working group expects that this release candidate is quite close to the final v1alpha
API and does not plan to make major API changes. However, minor (possibly breaking) API changes such as renaming fields are still possible.
This release candidate is suitable for implementors, but the working group does not recommend shipping products based on a release candidate API due to the possibility of incompatible changes prior to the final release.
Our progress towards a final v1alpha1 release is being tracked in https://github.com/kubernetes-sigs/service-apis/milestone/1.